lokamoka820
Level 24
- Mar 1, 2024
- 1,321
I'm not sure about this exact scenario, but I think it will be treated as any other connected device, just like a USB for example.
Microsoft Defender Antivirus and firewall = 100 % clean?
- Thread starter Oblivion99
- Start date
- Oct 3, 2022
- 645
I think at some point human intelligence is needed. Automated steps that AV's follow cannot be programmed to handle Every situation. So if circumstances warrant a doubt, then trust your doubt and delete the file. I understand you are trying to refine your thinking to pickup When you need to delete the suspicious file. Expert systems tried to capture every situation as a IF THEN rule. Theoretically it sounds possible but it does not capture human intelligence. Logical thinking only works when everything is on the table for evaluation. But we get insights sometimes from unrelated memories. Scientific breakthroughs sometimes don't come from logical thinking. Current AI has abandoned that IF THEN approach. But algorithms still uses the IF THEN approach and AV's mostly still works that way.
Last edited:
As an extension of my initial post / thread start:
New laptop with Windows 11 pre-installed
The laptop was only online for a couple of minutes during initial Windows setup and when downloading software from Microsoft Store
Only downloaded software from the Microsoft Store
Never visited any websites
Before it went offline:
Windows updated
Microsoft Defender Antivirus and Real-time protection on
Microsoft Defender firewall on
After it went offline / no internet connection:
Completed Full offline scan with Microsoft Defender (no internet connection) = clean scan result
1.
Would you still trust, that the laptop / system is clean?
2.
Also clean from fileless malware?
Thank you
New laptop with Windows 11 pre-installed
The laptop was only online for a couple of minutes during initial Windows setup and when downloading software from Microsoft Store
Only downloaded software from the Microsoft Store
Never visited any websites
Before it went offline:
Windows updated
Microsoft Defender Antivirus and Real-time protection on
Microsoft Defender firewall on
After it went offline / no internet connection:
Completed Full offline scan with Microsoft Defender (no internet connection) = clean scan result
1.
Would you still trust, that the laptop / system is clean?
2.
Also clean from fileless malware?
Thank you
- Aug 22, 2013
- 892
It depends. If you were connected to a secure router for accessing internet ( with secure I mean properly patched, updated and with a firewall configured to prevent un authorized access and with a properly configured dns server) and if you have a laptop from a reputable manufacturer then I would trust the laptop. You can verify it with multiple scanning tools and also by examining the dns logs. To get dns logs you can use the free service of nextdns doh (install systemwide using windows built-in doh service or use yogadns app, enable logging (under settings) function by creating a free account with nextdns.io and use the function "Block bypass methods" under parental control- this will prevent and log any third-party hard coded doh server queries from a malicious app even if from nextdns itself, only your personally configured private dns address alone will work ). If possible use a router with Doh function so that every log from booting itself is collected.
Last edited:
- Oct 3, 2022
- 645
Why did you list fileless malware as a separate question? It is just a kind of malware, that uses LoLBins ( native windows utils ) and scripting. It was new a few years ago. AV's should be able to detect them. I don't how good exactly Defender is in this regard, maybe someone else could answer that.
Generally speaking, if I were to rely only on Defender, then I would harden the machine. WHH is a good tool I use when I am too lazy or pressed for time. It takes me 4 hrs to securely harden Windows manually: disabling services and network protocols, Windows Security Baseline, additional group policies, firewall rules, anti-exploit guard, SRP, WDAC, event viewer detection views, and I forgot what else. I have it written down as a procedure. Generally speaking, every native defense that Windows has that has a user configurable component I will put it to use. It is posted here: Setup Idea - Harden Windows 11 Home for Security It is the free version that I publish as "open source" demo, I was selling the Windows Pro version. It was also intended as a free tool to help those that were hacked (malware writers are still hackers, they just spray and spread widely) . I grew tired of it and decided to tackle Linux security. @Andy Ful does more than I do, he programs easy to use free security tools, like WHH Serious Discussion - WHHLight - simplified application control for Windows Home and Pro.)
Generally speaking, if I were to rely only on Defender, then I would harden the machine. WHH is a good tool I use when I am too lazy or pressed for time. It takes me 4 hrs to securely harden Windows manually: disabling services and network protocols, Windows Security Baseline, additional group policies, firewall rules, anti-exploit guard, SRP, WDAC, event viewer detection views, and I forgot what else. I have it written down as a procedure. Generally speaking, every native defense that Windows has that has a user configurable component I will put it to use. It is posted here: Setup Idea - Harden Windows 11 Home for Security It is the free version that I publish as "open source" demo, I was selling the Windows Pro version. It was also intended as a free tool to help those that were hacked (malware writers are still hackers, they just spray and spread widely) . I grew tired of it and decided to tackle Linux security. @Andy Ful does more than I do, he programs easy to use free security tools, like WHH Serious Discussion - WHHLight - simplified application control for Windows Home and Pro.)
Last edited:
Yes, most definitely and I really don't know why you'd think otherwise.
Similar threads
