App Review Microsoft Defender Antivirus with Andy Ful WHHLight

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Running H_C and Xcitium or CF together will take some whitelisting to allow Xcitium / Containment to work. CF runs fine with the likes of Cyberlock/VoodooShield but it's a different kettle of fish with system hardening. I'm sure it might be possible, just not a combination I've toyed with.
 
  • Like
Reactions: vtqhtr413, ZeroDay, [correlate] and 3 others
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
oldschool said:
I don't get it. Total overkill.o_O
Click to expand...
I was actually trying to make that point. While theoretically possible, there wouldn't be much point having both and cause more issue than it's worth. Pick a default deny setup and go with the one.

I chose to go with CL/VS this year hence I don't use H_C. True I have been trying out CF in combination with it but more because I favour CF over WFC but I've been there with full CIS and everything on paranoid level. It wasn't worth it and as @cruelsister has so fantastically demonstrated several times, CF with her setup is 100 times simpler and just as bulletproof.

Anyways, this setup tested by @Shadowra shows how amazing built-in protection is, particularlly when using @Andy Ful 's tools can be just as effective as CF or CL.
 
  • Like
  • Applause
Reactions: wat0114, vtqhtr413, oldschool and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Xcitium + H_C can be an overkill for many users. Of course, an advanced user can probably tweak both applications to get some advantage.
The @cruelsister settings are very efficient but also very restrictive, and not applicable in many business environments.
I think that it is possible to tweak Xcitium without H_C, but I am not sure how much work would be required.

Edit.
I am not sure if we should talk too much about other AVs. The thread is about Microsoft Defender. :)
 
Last edited:
  • Like
  • +Reputation
Reactions: vtqhtr413, Digmor Crusher, oldschool and 7 others
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
finally got around to creating a new win10_VM with only WHHL + MS Defender. Very nice, install was easy and VM is running very light & fast.
my only comment or wishlist... I'd like to see some sort of systray icon telling me WWHL is installed and operational, perhaps with a right-click showing all features optimized, etc, something lke that, but perhaps that is not feasible?? or even contra indicated... :unsure: The desktop does have WHH_Tools folder... perhaps that is enough? or should it then be easy to add systray running icon :unsure: (DARFC)
now I'll read the docs and see what I done wrong... :D
 
  • Like
Reactions: vtqhtr413, Andy Ful, Gandalf_The_Grey and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
simmerskool said:
my only comment or wishlist... I'd like to see some sort of systray icon telling me WWHL is installed and operational, perhaps with a right-click showing all features optimized, etc, something lke that, but perhaps that is not feasible??
Click to expand...
WHHLight is a configurator and not a real-time application. When you close it, all WHHLight processes are closed, too.
The systray icon is a feature of real-time applications.
The idea of configurators is widely implemented in Windows. Most Windows settings are modified by using Windows built-in configurations (display settings, privacy settings, personalization settings, time & language settings, etc.).

simmerskool said:
The desktop does have WHH_Tools folder... perhaps that is enough?
Click to expand...

Yes, to see the current state of protection, you must run WHHLight.
More precisely, there is no WHH_Tools folder on the Desktop (it is not a folder). If you delete it, the WHHLight folder is not deleted.
WHH_Tools is a shortcut to the WHH_Tools folder. The shortcut file is on the Desktop, and the target folder is in %ProgramData%.

1707131285233.png
 
Last edited:
  • Like
  • Thanks
  • +Reputation
Reactions: Jonny Quest, roger_m, vtqhtr413 and 3 others
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
@Andy Ful, yeah I know that which is why I "hedged" my comment somewhat, although I don't know what can and cannot be done with systray. So appreciate your detailed explanation. I asked because I have been known to open a VM and could not remember if H_C or SWH had been run. I do take and keep notes, but __it happens. :D eg, forgetting and installing something not exactly compatible on top of it. :oops: Will not let that happen with WHHL. Enjoying it.
 
  • Like
  • Hundred Points
Reactions: vtqhtr413 and Andy Ful
Shadowra

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,309
LennyFox said:
Thanks, but this raises my curiosity why you prefer Defender with WHHL over Avast free with WHHL
Click to expand...

I prefer MS Defender because I find it much more reactive than Avast! in terms of virus base (I often see detections with Defender than Avast on 0days).
likeastar20 said:
Windows Defender doesn’t have a proper behavior blocker ala System Watcher right? IIRC only the Endpoint version has one? @Shadowra @Andy Ful
Click to expand...
Yep, but there are Behavior detections
 
  • Like
  • +Reputation
  • Thanks
Reactions: Jonny Quest, roger_m, Andy Ful and 5 others
L

likeastar20

Level 8
Verified
Mar 24, 2016
361
Shadowra said:
I prefer MS Defender because I find it much more reactive than Avast! in terms of virus base (I often see detections with Defender than Avast on 0days).

Yep, but there are Behavior detections
Click to expand...
What’s the difference really ? @Trident maybe you know?

learn.microsoft.com

Behavior monitoring in Microsoft Defender Antivirus

Learn about Behavior monitoring in Microsoft Defender Antivirus and Defender for Endpoint.
learn.microsoft.com

Applies to:

Monitors process behavior to detect and analyze potential threats based on the behavior of applications, services, and files. Rather than relying solely on signature-based detection (which identifies known malware patterns), behavior monitoring focuses on observing how software behaves in real-time. Here’s what it entails:

  1. Real-Time Threat Detection:
  • Continuously observe processes, file system activities, and interactions within the system.
  • Defender Antivirus can identify patterns associated with malware or other threats. For example, it looks for processes making unusual changes to existing files, modifying or creating automatic startup registry (ASEP) keys, and other alterations to the file system or structure.
  1. Dynamic Approach:
  • Unlike static, signature-based detection, behavior monitoring adapts to new and evolving threats.
  • Microsoft Defender Antivirus uses predefined patterns, and observes how software behaves during execution. For malware that doesn’t fit any predefined pattern, Microsoft Defender Antivirus uses anomaly detection.
  • If a program shows suspicious behavior (for example, attempting to modify critical system files), Microsoft Defender Antivirus can take action to prevent further harm, and revert some previous malware actions.
Behavior monitoring enhances Defender Antivirus’s ability to proactively detect emerging threats by focusing on real-time actions and behaviors rather than relying solely on known signatures.

The following features depend on behavior monitoring.

Anti-malware

  • Indicators, File hash, allow/block
Network Protection

  • Indicators, IP address/URL, allow/block
  • Web Content Filtering, allow/block
 
Last edited:
  • Like
  • Applause
  • +Reputation
Reactions: Jonny Quest, Idanox, simmerskool and 5 others
Gangelo

Gangelo

Level 6
Verified
Well-known
Jul 29, 2017
273
ZeroDay said:
Anyone know of an good software updaters. Because I'm going to switch from Kaspersky to this config I could do with a software updater because Kaspersky usually does all that for me. I'm very happy with Kaspersky. This is just a lighter config. And I Love the fact that it's all Windows based.
Click to expand...
Late reply because I just noticed your post.
The one I have been using for ages is PatchMyPC Home Updater.

patchmypc.com

Home Updater: Overview and Download | Patch My PC

Our home updater is a free, easy-to-use program that keeps over 300 apps updated on your PC. A key component of staying safe online is keeping your apps patched.
patchmypc.com patchmypc.com

They also have a paid option for automated updates and patching via WSUS and ConfigMgr if you are interested.
 
  • Like
Reactions: Jonny Quest and Shadowra

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
255
Views
17,428
Hard_Configurator Tools
Andy Ful
Andy Ful
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (High Level Configuration)
Replies
12
Views
2,402
Video Reviews - Security and Privacy
franz
franz
F
    • Like
    • Applause
Advice Request Differences Hard_Configurator vs WHHLight
Replies
6
Views
826
Hard_Configurator Tools
Tiamati
Tiamati

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top