Serious Discussion Microsoft Defender can be disabled

[ForgottenSeer 103564]

Although a very wise post (especially on not relying on the AV), it isn't very satisfying. The typical advice "you shouldn't have clicked on that" and "you'll never run in to that malware" should never be considered the Bedrock of computer security.

Forums such as this as well as the goal of all AM companies should be keeping safe those that WILL click on that thing or WILL run in to that malware type. In short all should strive to protect those who are either unable or unaware of how to protect themselves. Sadly there s so much drivel being pushed out on the Net by those that should know better leading the typical user to rely on things that are inadequate while dismissing things that are of great value.

I brought up the subject from lack of here, its always lock your stuff down, which for users that need to learn the basics is kind of ironic as they do not understand even why they are doing something let alone what to do if it causes other issues. The whole of the topic should be discussed for others to learn. Its why companies now that have whole IT departments and spend tons of money on systems and security still have breaches, from their weakest link "the average user", wouldn't it be intelligent to hold classes and teach them instead of just relying on the IT department and clean up afterwards. The act of teaching while having the IT department would greatly reduce the risk as opposed to the standard now deployed. Not relying on something completely is not the same as ignoring that aspect. I did not nor ever would i state one will never chance upon malware, but by learning and being observant one can dramatically reduce the chances. Would it matter if one was using defender or some 3rd party AV if they just blindly click on everything with not a care in the world. The above advice while not in full detail was meant to point in the right direction, to look at the full picture and not just tunnel vision security products. If one does not take the time to learn habits, and software they use then they will inevitably run into issues.

 

[TairikuOkami]

Although a very wise post (especially on not relying on the AV), it isn't very satisfying. The typical advice "you shouldn't have clicked on that" and "you'll never run in to that malware" should never be considered the Bedrock of computer security.

To be fair, I am a complete noob as far as security goes, I am not a hacker nor a programmer, but I have not used AV since XP (long term) and I was never infected. AV companies just stress out, that people get infected within seconds, if they go on the internet without AV or a firewall, that is a nonsense on 10/11. I just follow basics rules, like do not run a random exe, block vulnerable ports, etc. I believe I am fairly protected against automatic malware, but as far as hackers go, there is no protection. Even NSA or FBI fail at that. If someone is targeted, it is just a matter of time.

 

[Andy Ful]

disabled or removed​

I have removed / defender with this program GitHub - ionuttbara/windows-defender-remover: A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11. use at your own risk. ​

If one must disable Defender temporarily without breaking anything, then the best option is DefenderControl (Sordum.org). It is detected by Microsoft as malware (because the attackers can use it too), so one must make an exclusion (and remove the exclusion after enabling Defender).

The Defender Remover is an advanced tool. I do not know much about it and I do not know how reliable it is.
It can disable Defender only with the "Y" option (old method which can break Windows Updates/UWP in some versions of Windows - it removes files and unregisters classes).
I would not use it because there is no safe way to restore the Defender after this tweak.

Other options (marked by the author as safe) do not really disable Microsoft Defender, because all Defender's services will still run. Anyway, the Microsoft Defender probably will not work normally because the tool can successfully add several registry entries and rename some important folders (except one marked in red):

"C:\ProgramData\Microsoft\Windows Defender" -----> "C:\ProgramData\Microsoft\Windows Defender Ma"
"C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection" -----> "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection Ma"
"C:\Program Files\Windows Defender" -----> "C:\Program Files\Windows Defender Ma"
"C:\Program Files\Windows Defender Advanced Threat Protection" -----> "C:\Program Files\Windows Defender Advanced Threat Protection Ma"
"C:\Program Files (x86)\Windows Defender" -----> "C:\Program Files (x86)\Windows Defender Ma"

The tool uses PowerRun (Sordum.org) program to get TristedInstaller privileges.

 

[Shadowra]

To prove that Microsoft Defender is more than sufficient, I ran a small test.
I downloaded a bloated, infected crack that can be found on YouTube channels pirated to spread their malware.

The link appears to be hosted on Mediafire with a password.
When extracted, the file shows its original weight...

Microsoft Defender rang directly (detected only by Kaspersky & ESET on VT during my scan)

Spoiler: MS Defender - Detection Malware

So YES, Microsoft Defender is more than enough.

 

[oldschool]

To prove that Microsoft Defender is more than sufficient, I ran a small test.

Curious if you used default settings?

 

[Shadowra]

Curious if you used default settings?

Yep

 

[tidyloop]

Thanks to everyone for the responses, lots of interesting information.

 

[ScandinavianFish]

A guy I saw got infected with a bitcoin miner because he used cracked software, which he acted all surprised about because he, and I quote" "Thought Windows Defender was enough". Like, thats not a reason to abandon common sense. Just because you're unlikely to crash your car, doesn't mean you shouldn't wear a seatbelt.

I swear, sometimes it feels like for every two steps fowards, we go one step back, more people are learning how to keep their device and accounts safe, but at the same time they just find new ways to goof. It's an never ending loop of mistakes that is impossible to keep up with.

Learn how to avoid malware in the first place (Don't run TotallyLegitCrackRU.exe. Keep your system and applications up to date. Don't open every shady link and email attachment you see. Keep the amount of installed software to a minimum. Use an adblocker. etc), and you will have nothing to worry about.

 

[ForgottenSeer 103564]

Although a very wise post (especially on not relying on the AV), it isn't very satisfying. The typical advice "you shouldn't have clicked on that" and "you'll never run in to that malware" should never be considered the Bedrock of computer security.

Forums such as this as well as the goal of all AM companies should be keeping safe those that WILL click on that thing or WILL run in to that malware type. In short all should strive to protect those who are either unable or unaware of how to protect themselves. Sadly there s so much drivel being pushed out on the Net by those that should know better leading the typical user to rely on things that are inadequate while dismissing things that are of great value.

Satisfying probably not, but my point is valid just the same. I agree with you helping others that can not help themselves is a must, but pointing them in the correct direction requires more than here is an advanced software you will not understand. Will CIS protect a user, in the right hands yes, could it in the wrong hands crash a system, very quickly. I have been around systems and users for a long time now, and lack of knowledge on how to and what to watch out for has been the leading cause in issues. Most of the issues i have had to help others with have been self inflicted from lack of knowing. Get a call from a friend, help, microsoft just called, i let them in my system, now my computer is messed up and my credit card is maxed out. I clicked a link now my system is acting funny. My facebook has been hacked, last thing i remember was looking at ads. Its incredibly rare that i hear someone say i was just sitting here reading the news and bam, my machine got infected from nowhere or i left came home and my computer must have been doing something on its own because now its acting funny.

You of all users should know that there are common avenues of infection than there are POC's. Scaring users constantly with POCs is counterproductive to protecting them. Advanced applications capable of dismantling windows is counterproductive to those unaware of how the operating system processes work and function. The logical step is to teach them to avoid common infection risks first no matter how boring it is for the advanced user. What i spoke of in my other post and here about just telling them to lock it down when they do not understand how it works is very spot on, case in point.

Spoiler: common user vs advanced application

New Update - Testing Windows Hybrid Hardening (new hardening application).

... You can really be proud on the end result and I hope I have not offended you in our sharp discussions 😉. I tested ISG for a few years. Without our discussion, I would probably noticed in the year 2024 that it improved in the year 2023. :) It is still not perfect, but now it is very close...

malwaretips.com

 

[Cats-4_Owners-2]

Although a very wise post (especially on not relying on the AV), it isn't very satisfying. The typical advice "you shouldn't have clicked on that" and "you'll never run in to that malware" should never be considered the Bedrock of computer security.

Forums such as this as well as the goal of all AM companies should be keeping safe those that WILL click on that thing or WILL run in to that malware type. In short all should strive to protect those who are either unable or unaware of how to protect themselves. Sadly there s so much drivel being pushed out on the Net by those that should know better leading the typical user to rely on things that are inadequate while dismissing things that are of great value.

cruelsister,
Oh how I have missed these (your) comments delivered in encouragement for many whom shall reflect further upon genuine values while caring enough to pass on their truths.

 

[ForgottenSeer 97327]

One can certainly demonstrate that one particular AV is inferior to others.

Yes but @Andy Ful point is that all tests are to small to be statistically relevant. When the set is to small, one can only say that product A is inferior to product B when tested against that specific sample set. When the sample set is to small, one can not generalize the outcome as factual and proven.

Just explaining, I am with Andy that he is theoretically right, but because his critique also applies on professional test, I realize that we have to live with to small test samples as a fact of life, that is why I enjoy viewing good test setups (like your sophisticated small sample set approach or the gangbang approach of @Shadowra).

Ideally one would like to see products doing well in professional tests AND youtube experts and enthousiasts tests. When your tests show that a product has problems with scriptors, I usually take that as true and something to worry about and I would try to find a safety net for that weakness (e.g combining SWH with Avast in hardended mode or Defender in MAX protection).