Question Is Defender borked?

Please provide comments and solutions that are helpful to the author of this topic.

ScandinavianFish

Level 7
Thread author
Verified
Dec 12, 2021
317
I don't think I need to explain what's wrong if you just look at the attached picture. The first thing that came to my mind is some form of corruption. (And yes, I intentionally downloaded Process Hacker, I knew it was gonna block the driver as ive seen it happen before, but just not, well, this). I generally reinstall the OS when something breaks, I just got curious as to what the reason could be since ive never seen anything like this before
1c1160dc243ab25cfbd358969e2a955c.png

Edit: I am wondering about the corrupted text after "Rule:".
 
Last edited:

ScandinavianFish

Level 7
Thread author
Verified
Dec 12, 2021
317
Have you hardened Defender, using Group Policy for example, or are you using the default settings?
That "administrator" thing is usually a consequence of making changes to Defender's settings in Group Policy. I started using DefenderUI.
I do use DefenderUI, its why I expected it to block that driver, as ive seen that ASR rule block it before.
 
  • Like
Reactions: oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,144
View attachment 274636
This, the text is corrupted, I mentioned it in the title before an admin removed the the text, I guess I expected too much that people would've notice it in the picture.
I saw exactly what you meant and thought at first sight you spoke a different language and wondered what ASR rule that was. :LOL:
 
F

ForgottenSeer 76546

Corruption is definitely a possibility, and it's always a good idea to be cautious when downloading third-party software. Reinstalling the OS is a smart move if you're not sure what's causing the issue. That being said, if you're feeling adventurous, you could try running some diagnostic tools to see if you can pinpoint the root cause.
Why does this text looks like it was generated by an AI? Same with all their posts 🤔
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,755
The name of this rule, apart from having strange non-unicode UTF8 characters (which is probably why it is borked, you will need to enable support for these characters in Region/Language settings) is also grammatically incorrect. It lacks capitalisation and punctuation. The correct way to write it is:
Block Abuse of In-the-wild-exploited, Vulnerable, Signed Drivers.

The group policy is a mess overall, some rules follow heading-style capitalisation, others don’t.

Microsoft official website seems to have it this way:
Block abuse of exploited vulnerable signed drivers

It is different than what’s on the picture. My question is why?
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top