It is possible to test WHHLight default settings with Microsoft Defender on default settings with disabled real-time protection + FirewallHardening + DocumentsAntiExploit (MS Office and Acrobat Reader open documents by default).
Other Defender's settings (like Cloud Delivered Protection) must be enabled.
WHHLight in default settings requires additional protection against weaponized documents (such as DocumentsAntiExploit). Default settings highly restrict scripting attacks, but allow CmdLines with LOLBins (useful for system management). So, FirewallHardening is also required to restrict LOLBins.
