- Mar 1, 2024
- 1,468
I'm not sure about this exact scenario, but I think it will be treated as any other connected device, just like a USB for example.
Microsoft Defender Antivirus and firewall = 100 % clean?
- Thread starter Oblivion99
- Start date
- Status
- Oct 3, 2022
- 747
I think at some point human intelligence is needed. Automated steps that AV's follow cannot be programmed to handle Every situation. So if circumstances warrant a doubt, then trust your doubt and delete the file. I understand you are trying to refine your thinking to pickup When you need to delete the suspicious file. Expert systems tried to capture every situation as a IF THEN rule. Theoretically it sounds possible but it does not capture human intelligence. Logical thinking only works when everything is on the table for evaluation. But we get insights sometimes from unrelated memories. Scientific breakthroughs sometimes don't come from logical thinking. Current AI has abandoned that IF THEN approach. But algorithms still uses the IF THEN approach and AV's mostly still works that way.
Last edited:
As an extension of my initial post / thread start:
New laptop with Windows 11 pre-installed
The laptop was only online for a couple of minutes during initial Windows setup and when downloading software from Microsoft Store
Only downloaded software from the Microsoft Store
Never visited any websites
Before it went offline:
Windows updated
Microsoft Defender Antivirus and Real-time protection on
Microsoft Defender firewall on
After it went offline / no internet connection:
Completed Full offline scan with Microsoft Defender (no internet connection) = clean scan result
1.
Would you still trust, that the laptop / system is clean?
2.
Also clean from fileless malware?
Thank you
New laptop with Windows 11 pre-installed
The laptop was only online for a couple of minutes during initial Windows setup and when downloading software from Microsoft Store
Only downloaded software from the Microsoft Store
Never visited any websites
Before it went offline:
Windows updated
Microsoft Defender Antivirus and Real-time protection on
Microsoft Defender firewall on
After it went offline / no internet connection:
Completed Full offline scan with Microsoft Defender (no internet connection) = clean scan result
1.
Would you still trust, that the laptop / system is clean?
2.
Also clean from fileless malware?
Thank you
- Aug 22, 2013
- 900
It depends. If you were connected to a secure router for accessing internet ( with secure I mean properly patched, updated and with a firewall configured to prevent un authorized access and with a properly configured dns server) and if you have a laptop from a reputable manufacturer then I would trust the laptop. You can verify it with multiple scanning tools and also by examining the dns logs. To get dns logs you can use the free service of nextdns doh (install systemwide using windows built-in doh service or use yogadns app, enable logging (under settings) function by creating a free account with nextdns.io and use the function "Block bypass methods" under parental control- this will prevent and log any third-party hard coded doh server queries from a malicious app even if from nextdns itself, only your personally configured private dns address alone will work ). If possible use a router with Doh function so that every log from booting itself is collected.
Last edited:
- Oct 3, 2022
- 747
Why did you list fileless malware as a separate question? It is just a kind of malware, that uses LoLBins ( native windows utils ) and scripting. It was new a few years ago. AV's should be able to detect them. I don't how good exactly Defender is in this regard, maybe someone else could answer that.
Generally speaking, if I were to rely only on Defender, then I would harden the machine. WHH is a good tool I use when I am too lazy or pressed for time. It takes me 4 hrs to securely harden Windows manually: disabling services and network protocols, Windows Security Baseline, additional group policies, firewall rules, anti-exploit guard, SRP, WDAC, event viewer detection views, and I forgot what else. I have it written down as a procedure. Generally speaking, every native defense that Windows has that has a user configurable component I will put it to use. It is posted here: Setup Idea - Harden Windows 11 Home for Security It is the free version that I publish as "open source" demo, I was selling the Windows Pro version. It was also intended as a free tool to help those that were hacked (malware writers are still hackers, they just spray and spread widely) . I grew tired of it and decided to tackle Linux security. @Andy Ful does more than I do, he programs easy to use free security tools, like WHH Serious Discussion - WHHLight - simplified application control for Windows Home and Pro.)
Generally speaking, if I were to rely only on Defender, then I would harden the machine. WHH is a good tool I use when I am too lazy or pressed for time. It takes me 4 hrs to securely harden Windows manually: disabling services and network protocols, Windows Security Baseline, additional group policies, firewall rules, anti-exploit guard, SRP, WDAC, event viewer detection views, and I forgot what else. I have it written down as a procedure. Generally speaking, every native defense that Windows has that has a user configurable component I will put it to use. It is posted here: Setup Idea - Harden Windows 11 Home for Security It is the free version that I publish as "open source" demo, I was selling the Windows Pro version. It was also intended as a free tool to help those that were hacked (malware writers are still hackers, they just spray and spread widely) . I grew tired of it and decided to tackle Linux security. @Andy Ful does more than I do, he programs easy to use free security tools, like WHH Serious Discussion - WHHLight - simplified application control for Windows Home and Pro.)
Last edited:
Yes, most definitely and I really don't know why you'd think otherwise.
The laptop is from a reputable manufacturer.
I accessed the internet through my not-jailbroken Iphone internet sharing.
What do you think of that?
I assume I can see the DNS-logs in Windows aswell?
What should I look for?
- Aug 22, 2013
- 900
1. It's safe enough i suppose.
2. Look for blocked dns queries first, check whether it's originated from a known application, like microsoft edge browser. Check the reason for blocking. Then look for any uncommon dns queries. Verify it with virus total.
- Dec 7, 2021
- 673
If you believe a setup as you mentioned is infected maybe therapy is indicated? Though its interesting why you ask??
lockeddown
Level 1
- Jan 9, 2025
- 20
@Sorrento
Insulting is not very nice .
I know my way around viruses anti virus and firewall
And i did the same thing a few years ago
Downloaded win10 from microsoft updated it and i didn't even download any other thing.
after windows defender finished scanned .
It showed a malicious script inside edge browser profile folder .
I escalated it to Microsoft forum and they did not know what to tell me even at bleeping computers.
*There was a malware back in XP days that could infect you pc the moment you connect it to the internet.
The malware scanned ip's and exploit the XP system.
Insulting is not very nice .
I know my way around viruses anti virus and firewall
And i did the same thing a few years ago
Downloaded win10 from microsoft updated it and i didn't even download any other thing.
after windows defender finished scanned .
It showed a malicious script inside edge browser profile folder .
I escalated it to Microsoft forum and they did not know what to tell me even at bleeping computers.
*There was a malware back in XP days that could infect you pc the moment you connect it to the internet.
The malware scanned ip's and exploit the XP system.
- Dec 7, 2021
- 673
It wasn't an insult - As one member on here often says 'be safe not paranoid' I too have used PC's since Windows version 3, & yes with XP you would get infected quickly - However times have changed & unless there is something that the OP failed to mention which I eluded to, there IMHO no reason to suspect an infection - In my experience a system within the parameters mentioned with Defender running is very unlikely to be infected.
lockeddown
Level 1
- Jan 9, 2025
- 20
I can say for sure that if he is living in a country or working for an interesting company
Or maybe he is doing some interesting stuff he can be in the range of being targeted
Maybe MITM some one in on his wifi or the overall network .
Go figure there is an endless possibility that he can be infected
My advice do not do illegal stuff , back up your files to an offline HDD and even if you got infected
There is no way to black mail you .
You can then do a clean install and start over .
Or maybe he is doing some interesting stuff he can be in the range of being targeted
Maybe MITM some one in on his wifi or the overall network .
Go figure there is an endless possibility that he can be infected
My advice do not do illegal stuff , back up your files to an offline HDD and even if you got infected
There is no way to black mail you .
You can then do a clean install and start over .
If a hacker got access to my system, I assume the hacker could delete or manipulate the DNS-server logs in Windows logs
- Oct 3, 2022
- 747
Never over estimate what a hacker would do. They are only human, and humans make mistakes.
- Aug 22, 2013
- 900
I was not referring to windows dns server logs but the logs of nextdns doh. Like this....
You seem like a person with great knowledge regarding the topic
Time bomb / timed malware (that executes after a given time / or at given time)
That does one of the following:
Deletes all the data
Overwrites all the data
Encrypt all the data
1.
Could this kind of malware get into my system, just by having internet connection?
Or would it require I did something active, like visiting a shady website og clicking a malicious link?
2.
Do you believe, that Microsoft Defender Antivirus would take care of it / prevent it from infecting my system?
Thank you
You can't get infected just by being connected to the internet. There's a very small chance of getting infected by visiting an infected website, but it happens so rarely it's nothing to be too concerned about. The vast majority of infections occur when someone manually opens and infected file. If you are always careful about what files you open, then it's unlikely you'll get infected, no matter what antivirus you use. You need to understand that no antivirus, will provide 100% protection, it's just not possible. But that's not as scary as it sounds, because if you take just a little bit of care, it is usually very hard to get infected.
Use Microsoft Defender or one of the big name third party antiviruses, be very careful about what email attachments you open, stay away form cracks and random downloads and stop worrying. As that is enough to be very safe online.
Use Microsoft Defender or one of the big name third party antiviruses, be very careful about what email attachments you open, stay away form cracks and random downloads and stop worrying. As that is enough to be very safe online.
- Status
Similar threads
