App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)

[ErzCrz]

Thank you for the test. What settings in DefenderUI do you recommend for optimal PC protection? Is there anything else that needs to be switched on for reliable protection?

DefenderUI standard and ConfigureDefender are quite similar, DefenderUI is a program that runs and adds additional protection with DefenderGuard [rotecting defender services which is similar to Microsoft Defender's own Tamper protection.

DefenderUI Pro is a paid product and althoug it's similar to DefenderUI it includes some CyberLock/VoodooShield protections. You can use @Andy Ful 's Windows Hardening tools like Windows Hybrid Hardening or Hard_Configurator along with ConfigureDefender and FirewallHardening and achieve similar protection as the paid DefenderUIPro or CyberLock.

 

[badboy]

DefenderUI standard and ConfigureDefender are quite similar, DefenderUI is a program that runs and adds additional protection with DefenderGuard [rotecting defender services which is similar to Microsoft Defender's own Tamper protection.

DefenderUI Pro is a paid product and althoug it's similar to DefenderUI it includes some CyberLock/VoodooShield protections. You can use @Andy Ful 's Windows Hardening tools like Windows Hybrid Hardening or Hard_Configurator along with ConfigureDefender and FirewallHardening and achieve similar protection as the paid DefenderUIPro or CyberLock.

Thank you for the explanation. Do I understand correctly that to achieve all the benefits of DefenderUI Pro, I can install the free Hybrid Hardening or Hard_Configurator along with ConfigureDefender and FirewallHardening and get the same protection? However, it's not entirely clear: do I need to install all of these free implementations from Andy or is one of them enough to have an analogue of DefenderUI Pro? And it would be nice if someone could explain how to configure all of Andy's plugins to achieve the level of protection of the paid DefenderUI Pro.

I just don't quite understand the point of DefenderUI Pro, which you have to pay for, because you can install a paid combo from a well-known vendor. Is the only advantage that you will have an optimised antivirus from Microsoft with improved protection, unlike third-party products?

 

[ErzCrz]

Thank you for the explanation. Do I understand correctly that to achieve all the benefits of DefenderUI Pro, I can install the free Hybrid Hardening or Hard_Configurator along with ConfigureDefender and FirewallHardening and get the same protection? However, it's not entirely clear: do I need to install all of these free implementations from Andy or is one of them enough to have an analogue of DefenderUI Pro? And it would be nice if someone could explain how to configure all of Andy's plugins to achieve the level of protection of the paid DefenderUI Pro.

I just don't quite understand the point of DefenderUI Pro, which you have to pay for, because you can install a paid combo from a well-known vendor. Is the only advantage that you will have an optimised antivirus from Microsoft with improved protection, unlike third-party products?

Half way down this page, you'll see the screenshots of the Pro version which includes system Lockdown.

Andy's WHHL or H_C lock down your system using built-in windows hardens your system without the need for 3rd party software.
Hard_Configurator (description) is more for advanced users and stricter default policies whereas WHHL (description) is simpler and includes options for WDAC (Application Control). There's some videos about WHHL on Andy's Youtube page.

ConfigureDefender does the same thing as DefenderUI but without the need to have an additional program running (DefenderUI uses abou 30MB ram).

I mentioned WindowsFirewallHardening because CyberLock recently implemented a SmartFirewall feature which does the same thing, adding Windows Firewall Block rules for commonly exploited LOLBins (e.g. Notepad, Calculator, Eventviewer etc. Things that aren't meant to access the internet).

In Hard_Configurator, you can access CD and FWH within its UI but you can download them separately all from his Github.

I used H_C full time for a year or so without any issue, there's nothing extra running in the background, you just open the UI when you need to check logs or make changes and close it again. I decided to go with CyberLock at the start of last year and ended up getting a lifetime license late last year bur I'd be running H_C if I didn't I hope that explains it but @Andy Ful is the expert

 

[Digmor Crusher]

Thank you for the explanation. Do I understand correctly that to achieve all the benefits of DefenderUI Pro, I can install the free Hybrid Hardening or Hard_Configurator along with ConfigureDefender and FirewallHardening and get the same protection? However, it's not entirely clear: do I need to install all of these free implementations from Andy or is one of them enough to have an analogue of DefenderUI Pro? And it would be nice if someone could explain how to configure all of Andy's plugins to achieve the level of protection of the paid DefenderUI Pro.

I just don't quite understand the point of DefenderUI Pro, which you have to pay for, because you can install a paid combo from a well-known vendor. Is the only advantage that you will have an optimised antivirus from Microsoft with improved protection, unlike third-party products?

Either use Defender UI Pro seperately or DefenderUI with Cyberlock or Configure Defender with either Hard Configurator or WHHL. You can't use Defender UI and Configure Defender together. Are you guys seeing something I'm not, when I go to the DefenderUI page it still shows DefenderUI Pro as free?

 

[badboy]

Either use Defender UI Pro seperately or DefenderUI with Cyberlock or Configure Defender with either Hard Configurator or WHHL. You can't use Defender UI and Configure Defender together. Are you guys seeing something I'm not, when I go to the DefenderUI page it still shows DefenderUI Pro as free?

Yes indeed. For now, the Pro version is free to download and there is no information about payment. I really want to take a closer look at Configure Defender with either Hard Configurator or WHHL, because Cyberlock is a paid product and if Defender UI Pro also becomes paid, then it will be easier to buy an antivirus of some brand. However, I would consider a small one-time payment for Defender UI Pro, but not monthly.

 

[BrecMadak]

In fact, it didn't enhance protection at all. Out of the pack, 6 malwares remained, including 1 that created an exclusion in Microsoft Defender to go undetected.
Although Microsoft Defender tried to defend itself, NPE did detect the malicious file.
Using it as part of a security policy already defined by Microsoft is more than sufficient.

Thank you for the review, Shadowra. I just made a clean OS installation and sticking with MS after it won the competition. However, I wanted to check if you are still behind this opinion that DefenderUI, Pro or any other custom configuration to not enhance protection over the original for a home user. In the meanwhile, I've glanced over Andy Ful's hardening configuration projects but soon I realized they were rather made for advanced users and not suitable for home users like me. So I was telling myself should I steer clear and just stick with the good ol' MS and be content with it?
Cheers.

 

[Digmor Crusher]

Thank you for the review, Shadowra. I just made a clean OS installation and sticking with MS after it won the competition. However, I wanted to check if you are still behind this opinion that DefenderUI, Pro or any other custom configuration to not enhance protection over the original for a home user. In the meanwhile, I've glanced over Andy Ful's hardening configuration projects but soon I realized they were rather made for advanced users and not suitable for home users like me. So I was telling myself should I steer clear and just stick with the good ol' MS and be content with it?
Cheers.

Why not just use Configure Defender, its quiet easy, just open it, click on the 'High" setting and your done.

 

[Shadowra]

Thank you for the review, Shadowra. I just made a clean OS installation and sticking with MS after it won the competition. However, I wanted to check if you are still behind this opinion that DefenderUI, Pro or any other custom configuration to not enhance protection over the original for a home user. In the meanwhile, I've glanced over Andy Ful's hardening configuration projects but soon I realized they were rather made for advanced users and not suitable for home users like me. So I was telling myself should I steer clear and just stick with the good ol' MS and be content with it?
Cheers.

By default, MS Defender is more than enough, but you can use ConfigureDefender on High as @Digmor Crusher says (and it's easy to use).

Otherwise, DefenderUI is just fine (the Pro adds CyberLock/VoodooShield protection).

 

[badboy]

By default, MS Defender is more than enough, but you can use ConfigureDefender on High as @Digmor Crusher says (and it's easy to use).

Otherwise, DefenderUI is just fine (the Pro adds CyberLock/VoodooShield protection).

And which product in Andy's line adds this or an equal feature or is it an exclusive?

 

[SumTingWong]

Does DefenderUI has an option to change windows defender signature update time length?

 

[Studynxx]

Microsoft Defender Antivirus + DefenderUI Recommanded Settings = Slow system

Not hating, but I genuinely don't understand why folks won't invest a tiny amount of money into a high quality 3rd party AV. One of the biggest issues with MS Defender is that malware authors know that on the majority of systems, it's the AV of choice, so they write their malware specifically to bypass it and to deactive it. IIRC you can deactivate it via a .dll, I'm not sure if I'm remembering correctly, but this method is what legit 3rd party AV vendors use, as well, to deactivate Defender so their AV can take over. I'm not a Kaspersky shill, not paid for it etc, but I've never got malware and I've been using Kaspersky for 5 years at least. To me personally, its Application Control module is by far the best feature, I look at it as a refined version of Microsoft's App Locker, or sometimes, it even resembles Device Guard to me, albeit it's more of a set of features (DG).

 

[Digmor Crusher]

Not hating, but I genuinely don't understand why folks won't invest a tiny amount of money into a high quality 3rd party AV. One of the biggest issues with MS Defender is that malware authors know that on the majority of systems, it's the AV of choice, so they write their malware specifically to bypass it and to deactive it. IIRC you can deactivate it via a .dll, I'm not sure if I'm remembering correctly, but this method is what legit 3rd party AV vendors use, as well, to deactivate Defender so their AV can take over. I'm not a Kaspersky shill, not paid for it etc, but I've never got malware and I've been using Kaspersky for 5 years at least. To me personally, its Application Control module is by far the best feature, I look at it as a refined version of Microsoft's App Locker, or sometimes, it even resembles Device Guard to me, albeit it's more of a set of features (DG).

2 comments:
1. Haven't Andy and others recently shown that any AV can be bypassed this way?
2. Used with Configure Defender or DefenderUI its just as capable as any AV out there, and its free.

 

[ErzCrz]

Does DefenderUI has an option to change windows defender signature update time length?

Yes.

Screenshot from DefenderUI Website

 

[Studynxx]

2 comments:
1. Haven't Andy and others recently shown that any AV can be bypassed this way?
2. Used with Configure Defender or DefenderUI its just as capable as any AV out there, and its free.

@Andy Ful I'd love for you to show us how Kaspersky can be bypassed this way, as in comment #1 of @Digmor Crusher

 

[Andy Ful]

Not hating, but I genuinely don't understand why folks won't invest a tiny amount of money into a high quality 3rd party AV.

In many countries, it is not a tiny amount of money. I can encourage people to pay for AVs (including the paid version of Microsoft Defender). Of course, there is nothing wrong with using the free AV versions.

One of the biggest issues with MS Defender is that malware authors know that on the majority of systems, it's the AV of choice, so they write their malware specifically to bypass it ...

Applying standard protection can indeed give you only standard security. But you are wrong when thinking that high-quality 3rd party AV on default settings will be a game changer. The real difference follows from non-standard security like Advanced Threat Protection features, Network Protection, file reputation, sandboxing, vendor support, etc. Some of those features are available for free (via PowerShell or 3rd party tools) when using Microsoft Defender. Many people prefer using high-quality 3rd party AV because usually it is more convenient.

IIRC you can deactivate it via a .dll, I'm not sure if I'm remembering correctly, but this method is what legit 3rd party AV vendors use, as well, to deactivate Defender so their AV can take over.

The installed 3rd party AV does not do anything to disable Microsoft Defender. Windows recognizes the popular AVs and Microsoft Defender switches off some of its processes to avoid conflicts.
Some Microsoft Defender features can be tampered with by using high privileges. This can be an issue, especially with standard protection. Of course, other AVs can be tampered too (there are at least four general methods to do so).

I'm not a Kaspersky shill, not paid for it etc, but I've never got malware and I've been using Kaspersky for 5 years at least. To me personally, its Application Control module is by far the best feature ...

You are not alone.

 

[Studynxx]

In many countries, it is not a tiny amount of money. I can encourage people to pay for AVs (including the paid version of Microsoft Defender). Of course, there is nothing wrong with using the free AV versions.



Applying standard protection can indeed give you only standard security. But you are wrong when thinking that high-quality 3rd party AV on default settings will be a game changer. The real difference follows from non-standard security like Advanced Threat Protection features, Network Protection, file reputation, sandboxing, vendor support, etc. Some of those features are available for free (via PowerShell or 3rd party tools) when using Microsoft Defender. Many people prefer using high-quality 3rd party AV because usually it is more convenient.



The installed 3rd party AV does not do anything to disable Microsoft Defender. Windows recognizes the popular AVs and Microsoft Defender switches off some of its processes to avoid conflicts.
Some Microsoft Defender features can be tampered with by using high privileges. This can be an issue, especially with standard protection. Of course, other AVs can be tampered too (there are at least four general methods to do so).



You are not alone.

Eh I'm not sure about the 3rd part of your reponsse regarding the dll. I'll try to find the article, hopefully I'll be able to link it here, it was a pretty interesting read

 

[Andy Ful]

I'll try to find the article, hopefully I'll be able to link it here, it was a pretty interesting read

I am waiting ...