User Feedback Microsoft Defender 6/12/2020 Review

Software
Microsoft Defender
Installation
5.00 star(s)
Installation Feedback
Installation rating N/A
Interface (UI)
2.00 star(s)
Interface Feedback
See bellow
Usability
3.00 star(s)
Usability Feedback
See bellow
Performance and System Impact
4.00 star(s)
Performance and System Impact Feedback
See bellow
Protection
5.00 star(s)
Protection Feedback
See bellow
Real-time file system protection
5.00 star(s)
Proactive Intrusion protection
2.00 star(s)
Pros
  1. It's a free software
  2. No setup required
  3. Ransomware protection
  4. Excellent scores in independent tests
  5. Effective malware removal
Cons
  1. Clumsy or awkward interface (UI)
  2. Noticeable system impact
  3. Can be resource-hungry
  4. Scans can be rather slow
Software installed on computer
Less than 30 days
Computer specs
See configuration for details
Recommended for
  1. All types of users
Overall Rating
4.00 star(s)
Disclaimer
  1. Any views or opinions expressed are that of the member giving the information and may be subjective.
    This software may behave differently on your device.

    We encourage you to compare these opinions with others and take informed decisions on what security products to use.
    Before buying a product you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

McMcbrad

Level 23
Oct 16, 2020
1,252
Downloaded and updated Norton, see screenshots. I first noticed there is no Ransomware Protection that @fabiobr mentioned.

1608064969413.png


Ransomware Protection is supposed to be an individual tab above, but there is none.

and these are the settings + update:

1608065054479.png
1608065094134.png


Threat 1 bypassed Norton:
1608065265409.png


And threat 2 as well:

1608065367607.png

Obfuscation + code injection is the way to go around Norton.
 
Last edited:

Lenny_Fox

Level 19
Verified
Oct 1, 2019
912
Thanks (y) @McMcbrad

Microsoft Defender + Configure Defender (High) + Simple Windows Hardening is solid protection for home users.

1608070690516.png


PS. strictly spoken I only add the Ninja profile and rename the default profile to Panda (telling Edge to start the Ninja profile by default).
Funfact for GUI-design: I learned that people easier remember the difference when I used names which can be loosely associated with its function (Panda is nice allows most, Ninja is a mean lean fighting machine, killing most advertisement). Also the red shield of uBo with its (somewhat) exaggerated advertising blocks helps people to be happy with two profiles. The added value of saving passwords for websites they visit or buy from somehow seems to compensate for the occasional extra hassle of needing to copy an URL when switching from Ninja to Panda from time to time.
 
Last edited:

fabiobr

Level 12
Verified
Mar 28, 2019
554
Downloaded and updated Norton, see screenshots. I first noticed there is no Ransomware Protection that @fabiobr mentioned.

View attachment 251193

Ransomware Protection is supposed to be an individual tab above, but there is none.

and these are the settings + update:

View attachment 251194View attachment 251195

Threat 1 bypassed Norton:
View attachment 251196

And threat 2 as well:

View attachment 251197
Obfuscation + code injection is the way to go around Norton.
I don't know why some versions don't have data protector.
 

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,727
So, we can see that the top protection of Norton comes from the Insight (file reputation) feature which is triggered when the PE files (EXE, DLL, etc.) and MSI files are dropped to disk or executed from the flash drive (USB drive). From my tests it also follows that Norton uses kind of Script Control for some popular scripting techniques. Furthermore Norton can remove scripting code from MS Office documents.
Similar protection in the home environment can be applied by Edge (SmartScreen + PUA) + Windows Defender (enabled ASR rules included in ConfigureDefender MAX setup). Such setup produces similar number of false positives as in the case of Norton. Due to the ASR rule related to blocking obfuscated scripts, the WD protection is probably better against scripting attacks via PowerShell or Windows Script Host.
 

Andrew3000

Level 7
Verified
Malware Tester
Feb 8, 2016
339
Downloaded and updated Norton, see screenshots. I first noticed there is no Ransomware Protection that @fabiobr mentioned.

View attachment 251193

Ransomware Protection is supposed to be an individual tab above, but there is none.

and these are the settings + update:

View attachment 251194View attachment 251195

Threat 1 bypassed Norton:
View attachment 251196

And threat 2 as well:

View attachment 251197
Obfuscation + code injection is the way to go around Norton.
Yep testing it too and Norton seems pretty bad against fileless and scripts malware
 

McMcbrad

Level 23
Oct 16, 2020
1,252
So, we can see that the top protection of Norton comes from the Insight (file reputation) feature which is triggered when the PE files (EXE, DLL, etc.) and MSI files are dropped to disk or executed from the flash drive (USB drive). From my tests it also follows that Norton uses kind of Script Control for some popular scripting techniques. Furthermore Norton can remove scripting code from MS Office documents.
Similar protection in the home environment can be applied by Edge (SmartScreen + PUA) + Windows Defender (enabled ASR rules included in ConfigureDefender MAX setup). Such setup produces similar number of false positives as in the case of Norton. Due to the ASR rule related to blocking obfuscated scripts, the WD protection is probably better against scripting attacks via PowerShell or Windows Script Host.
The document sanitisation feature can be found in ZoneAlarm browser extension as well. It removes executable content from documents, where it frankly makes very little sense. Very rarely someone might enhance an excel document with a script.

The ASR rules will do a better job.
 
Last edited:

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,727
Thanks (y) @McMcbrad

Microsoft Defender + Configure Defender (High) + Simple Windows Hardening is solid protection for home users.
...
[/SPOILER]
:)(y)
If the user pays attention to SmartScreen alerts, then this setup is probably stronger in the home environment as compared to Norton. But, the user must use Windows built-in unpacker or install the archiver application which preserves MOTW after unpacking (Bandizip, Explzh), or be cautious with archives.
In this way the user has to execute EXE and MSI files downloaded from the Internet via file reputation feature (SmartScreen) and SWH prevents scripting (and command-line) attacks much better than Norton. The flash drives (USB drives) are protected by the WD ASR rule, but files have to be executed from the flash drive and not copied to the internal disk.
 
Last edited:

McMcbrad

Level 23
Oct 16, 2020
1,252
Frankly said Defender detection is quite good by itself, when coupled with ASR. When I publish the Kaspersky review on the 20th, as a bonus content I will add something like awards. Microsoft Defender + ASR rules will be mentioned as Best Free Protection. :)
This will be the year wrap-up.
 

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,727
Frankly said Defender detection is quite good by itself, when coupled with ASR. When I publish the Kaspersky review on the 20th, as a bonus content I will add something like awards. Microsoft Defender + ASR rules will be mentioned as Best Free Protection. :)
This will be the year wrap-up.
That is my opinion too. :)
Anyway, for the semi-advanced users (like many MT members) when they mostly install digitally signed applications/games, the setup based on the limited number of ASR rules (ConfigureDefender HIGH setup) + SWH can be more convenient. This follows from the below features:
  1. SmartScreen Application Reputation is attached also to the digital certificates, which is not true for ASR rule based on prevalence and trusted list criteria. So most digitally signed installers/updaters will be allowed by SmartScreen, but some of them will be initially blocked by ASR (especially application auto-updates).
  2. After initial whitelisting, the home users can very rarely have problems with scripts and they will have a very strong anti-scripting (command-line) prevention. SWH will prevent also opening by the user the JAR, BAT, CMD, HTA, CHM, or other files related to scripts, and the already installed applications can still use these files.
Edit.
This kind of Windows built-in protection can be easily applied to the computers of family members.
 
Last edited:

MacDefender

Level 14
Verified
Oct 13, 2019
639
Downloaded and updated Norton, see screenshots. I first noticed there is no Ransomware Protection that @fabiobr mentioned.

View attachment 251193

Ransomware Protection is supposed to be an individual tab above, but there is none.

and these are the settings + update:

View attachment 251194View attachment 251195

Threat 1 bypassed Norton:
View attachment 251196

And threat 2 as well:

View attachment 251197
Obfuscation + code injection is the way to go around Norton.
It’s interesting. SONAR reputation lookups are pretty decent and the AdvML heuristic signature catches a lot of stuff at scan time but the dynamic protection is relatively poor. The data protector stopped many of my home brew POCs but it’s surprising they just got rid of that :(
I think we are at the next part of the Norton rollercoaster where it’s starting to go downhill. Someone wake me up when it gets amazing again!
 

Gandalf_The_Grey

Level 43
Verified
Trusted
Content Creator
Apr 24, 2016
3,237
Frankly said Defender detection is quite good by itself, when coupled with ASR. When I publish the Kaspersky review on the 20th, as a bonus content I will add something like awards. Microsoft Defender + ASR rules will be mentioned as Best Free Protection. :)
This will be the year wrap-up.
Do you also compare free with paid Kaspersky?
 
Top