I am not questioning the efficacy of MD in detecting and deleting malware; all tests show it is not far behind rivals.
The argue is can it defend itself?
Is baypassing MD that easy?!
- Thread starter Parkinsond
- Start date
I am not questioning the efficacy of MD in detecting and deleting malware; all tests show it is not far behind rivals.
The argue is can it defend itself?
Microsoft Defender is generally robust and reliable. However, like any software, it's not entirely immune to being bypassed. Regular updates and patches are crucial to maintain its defense capabilities.
All security suits are bypassable, okay.
Are they bypassable easily as the case with MD?
The ease of bypassing any security suite, including Microsoft Defender, largely depends on the skill level of the attacker and the specific tactics they use. However, Microsoft regularly updates Defender to address potential vulnerabilities.
It is not easy to see in the video that high privileges are necessary:
With high privileges, all AVs can be relatively easily bypassed (three general methods are used in the wild).
See also:
https://malwaretips.com/threads/how...c-windows-security-center.135791/post-1126217
With high privileges, all AVs can be relatively easily bypassed (three general methods are used in the wild).
See also:
https://malwaretips.com/threads/how...c-windows-security-center.135791/post-1126217
Last edited:
The tool from the video uses a different method than Defender Control (Sordum), but can be used by attackers in a similar way.
In the past, I made a POC with Defender Control to test how it can be detected by Microsoft. After sending several POCs to Microsoft, Defender finally learned to block it via the ASR rule. After a few months, Read Teams started using this method, so Microsoft improved Tamper Protection to disable such attacks:
https://malwaretips.com/threads/windows-defender-disabled-by-malware.107622/post-941017
https://malwaretips.com/threads/windows-defender-disabled-by-malware.107622/post-957935
In the past, I made a POC with Defender Control to test how it can be detected by Microsoft. After sending several POCs to Microsoft, Defender finally learned to block it via the ASR rule. After a few months, Read Teams started using this method, so Microsoft improved Tamper Protection to disable such attacks:
https://malwaretips.com/threads/windows-defender-disabled-by-malware.107622/post-941017
https://malwaretips.com/threads/windows-defender-disabled-by-malware.107622/post-957935
MS learn, but very slow and in the hard way
You can literally bypass any antivirus software with admin rights. Some might be more stubborn and won't allow you to end their process via Task Manager, but it can easily be done through Terminal and/or other software like Process Explorer. You can terminate its services as well and boom... you're unprotected.
This is why you need to read UAC prompt and never just press allow when it shows up. I know it's annoying, but it's a safety measure many people take for granted.
This is why you need to read UAC prompt and never just press allow when it shows up. I know it's annoying, but it's a safety measure many people take for granted.
I set it to "always notify" all the time.
Don't put words in my mouth that I haven't said. Obviously there is no such thing as invulnerable, but there are better products than others. Not even Microsoft itself uses Windows Defender to protect its company, which was when all of Microsoft went down due to an update to its third-party antivirus. Not even Microsoft itself trusts its own "antivirus"
You may also like...
-
Kaspersky is overestimated, while Microsoft defender is underestimated- Started by Parkinsond
- Replies: 75
-
AMSI and Defender’s script-based attacks protection- Started by RoboMan
- Replies: 5
-
-
