- Apr 13, 2013
- 3,144
- Content source
- https://www.youtube.com/watch?v=VO0Ngq0z05M&t=195s
Done on an updated Win 11 system with StartAllBack desktop.
Microsoft Defender- Hard to Explain
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Thanks for the time and effort you put in your tests. I hoped the test result would be a better one 
- May 29, 2021
- 383
Thanks again for your testing. Now you have removed all desire to use WD. I had my hunches so your result didn't surprise me but great sister.
- Apr 19, 2017
- 237
Ophelia would be very mad when she finds out that all her pictures were encrypted.
Last edited:
- Apr 5, 2021
- 565
Thanks for testing!
just as before with your earlier testing, Defender pops up an alert: "Unauthorized changes blocked" but Magniber once again blows right through it like a hot knife through butter and encrypts the files anyway
just as before with your earlier testing, Defender pops up an alert: "Unauthorized changes blocked" but Magniber once again blows right through it like a hot knife through butter and encrypts the files anyway
Malleable
Level 1
- Mar 2, 2021
- 45
Seeing as I look for your posts habitually, just to recap, hardened WD, CFW with your settings, and AppCheck would be more than adequate with CFW and AppCheck shouldering most of the work, correct? And, of course, an appropriate dose of internet caution.
And thank you for all that you do.
And thank you for all that you do.
- Apr 1, 2017
- 1,760
Thank you for the clarification, There is no post infection protection in WD. just marketing BS.
You can test yourself as i did for myself:
infect the PC then start using WD. startup entries created by malware and infected processes will remain there as long as god know. no advanced cleanup and disinfection + no memory scanner + no reg cleanup.
Wonder how MS gonna protect enterprise!
You can test yourself as i did for myself:
infect the PC then start using WD. startup entries created by malware and infected processes will remain there as long as god know. no advanced cleanup and disinfection + no memory scanner + no reg cleanup.
Wonder how MS gonna protect enterprise!
Well then that removed all my stops from using WD instead of FSecure. Up until now I was using WD with configure defender to the max but it was suffering performance issues. And I am still too young to be suffering performance issues. So out with the old and in with the new. I have a toss up between ESET or FSecure. I guess I will try them both
- Mar 16, 2019
- 3,633
It can remove startup entries and registry entries, but it has to be associated with the malware. For example: if malware.exe is added into startup and this malware.exe is known to MD then it will delete this malware as well as the startup entries, scheduled tasks and some other registry entries related to this file.
Anyway, MD is not really a cleanup tool. For that, you'll have to look at Kaspersky, Norton Power eraser, Malwarebytes, etc. But MD has a better removal engine than some other products, for example F-Secure.
- Dec 23, 2014
- 8,119
Yes, the Magniber MSI samples show that the Defender's detection of some MSI files is weird. We already talk about it on another thread (Magniber thread). For some reason (known only to Microsoft), several Magniber MSI samples are not locked (can be run) even when they are locally detected by Microsoft. Furthermore, these samples are not automatically remediated.
The only way is to perform the manual scan of each sample, follow the Defender alert, and choose the action (file is quarantined). This procedure is not optimal.
https://malwaretips.com/threads/microsoft-defender-vs-magniber.114690/post-998676
The Magniber MSI samples show, that for now, Microsoft does not recognize Magniber MSI files as dangerous.
From my tests it follows, that Defender can automatically detect and remediate archives (ZIP, RAR, 7-ZIP) downloaded from the Internet (BAFS is used for that), even when they are password protected. Several Magniber samples from Malware Bazaar are also detected in this way. My guess is that many Magniber MSI samples were delivered in the wild via archives, so they were properly detected and remediated by BAFS shortly after the first attacks. On the contrary, the uncompressed samples (MSI files) are not detected via BAFS at all, so Defender will fail in tests similar to those made by @cruelsister.
The only way is to perform the manual scan of each sample, follow the Defender alert, and choose the action (file is quarantined). This procedure is not optimal.
https://malwaretips.com/threads/microsoft-defender-vs-magniber.114690/post-998676
The Magniber MSI samples show, that for now, Microsoft does not recognize Magniber MSI files as dangerous.
From my tests it follows, that Defender can automatically detect and remediate archives (ZIP, RAR, 7-ZIP) downloaded from the Internet (BAFS is used for that), even when they are password protected. Several Magniber samples from Malware Bazaar are also detected in this way. My guess is that many Magniber MSI samples were delivered in the wild via archives, so they were properly detected and remediated by BAFS shortly after the first attacks. On the contrary, the uncompressed samples (MSI files) are not detected via BAFS at all, so Defender will fail in tests similar to those made by @cruelsister.
Last edited:
@cruelsister
Thank you so much for the test. But, what would be your advice for a good security setup?
Thank you so much for the test. But, what would be your advice for a good security setup?
- Oct 6, 2021
- 155
It's just a test made by the youtuber, let's not generalize and believe blindly, this goes the same with av-test and av-comparatives, all with a grain of salt
- Dec 23, 2014
- 8,119
The tests made by @cruelsister are very interesting. They can show some not-well-known weaknesses in the tested AVs and security products. But, such tests have nothing to do with the protection in the wild, which can depend on many other important factors skipped in the tests.
- May 9, 2017
- 145
Puzzling to those of us who take those things very seriously because the common ordinary average Windows PC user wouldn't know what hit them until they discovered the after effects in plain view, and that after assuming a Defender ALERT had adequately managed to detect and BLOCKED???Thanks for testing!
just as before with your earlier testing, Defender pops up an alert: "Unauthorized changes blocked" but Magniber once again blows right through it like a hot knife through butter and encrypts the files anyway
- Apr 5, 2021
- 565
You're right Easter, because during the entirety of the test there was only the one "comforting to only those who put their faith in Defender" warning that unauthorized changes were blocked by Defender, when in fact it was not. I honestly can't think of any way to rationalize this missed detection by Defender especially when VT Microsoft detected it as a trojan. And as stated in CS' notepad text, the assumption that Defender would have secured against this threat after a full couple of months, but MS still drops the ball.
- Aug 16, 2021
- 230
anyone who manages to get infected, trying to get a free game keygen or game mod or hacked copy of office or they click an email with "win $500" actually they deserve it.. im way past caring, im glad! yep im glad you got infected and all your precious memories destroyed, hopefully its a wake up and smell the coffee moment.
if you have zero idea what you are doing online, then be prepared to have your info leaked and data leaked/cryptod......DONT rely solely on any software product to protect you!
this is where kaspersky & bitdefender shine, not that I i like them, they come well configured and will do better than most against user stupidity.
Although again DONT just think because you have "security software" you are "safe and protected"
You should be backing up anything important 3-2-1 local... offsite... immutable....
Different/secure passwords for every service you interact with to protect against a single breach.
this stuff doesn't just "happen" to your computer/network..... unless a state 0-day ....its always user initiated... either their OS or browser is out of date, or they run a router well past its EOL date. or they were tricked into clicking a link... then they accepted a prompt to run whatever that was... its ALWAYS user stupidity
yes defender is not perfect, certainly not for newbies or click happy / install happy people, and a comment earlier i read about "how do they they protect the enterprise"......... well in the enterprise... again more layered protection, and many more restrictions are in place.. gateway security/software restrictions/SOC/no user is an admin/share security/DRaas/etc.... its a null point.
with that said... defender, well as part of a layered approach hardware/software/common sense... defender is #perfection I wouldn't trade it for anything... ive yet to actually after 25+years outside of my labs see an alert or get "tricked" into anything........... it costs nothing, is baked into the OS.. sooooooo configurable mmmm,. not reliant on 3rd party/updates/mitigations/issues
maybe its time for a "driving license" kind of thing is required to "be online" there is so many products and services reliant, and so many people that have zero idea about basic security.
ymmv but if you have any idea, you dont even need an AV..........i dont, but im quite glad to have defender there doing nothing, if it gets to your AV its too late. Your other layers should of known well before, your spider senses and common sense should be tingling, just stop being so stupid clicking random links and unknown files
by all means do this in a sandbox or a specific vlan'd VM as i do.. i love testing malware and defnderuiPRO by @danb coupled with defender is the ONLY solution that can consistently pass my tests of 1000+ .exe executed 100%
eset i got ransomed..... bitdefender missed a few... sophos i lost the MBR and ability to boot.. you get the point? dont rely on any company/software, rely on yourself.... YOU are the best AV or security solution there is
if you have zero idea what you are doing online, then be prepared to have your info leaked and data leaked/cryptod......DONT rely solely on any software product to protect you!
this is where kaspersky & bitdefender shine, not that I i like them, they come well configured and will do better than most against user stupidity.
Although again DONT just think because you have "security software" you are "safe and protected"
You should be backing up anything important 3-2-1 local... offsite... immutable....
Different/secure passwords for every service you interact with to protect against a single breach.
this stuff doesn't just "happen" to your computer/network..... unless a state 0-day ....its always user initiated... either their OS or browser is out of date, or they run a router well past its EOL date. or they were tricked into clicking a link... then they accepted a prompt to run whatever that was... its ALWAYS user stupidity
yes defender is not perfect, certainly not for newbies or click happy / install happy people, and a comment earlier i read about "how do they they protect the enterprise"......... well in the enterprise... again more layered protection, and many more restrictions are in place.. gateway security/software restrictions/SOC/no user is an admin/share security/DRaas/etc.... its a null point.
with that said... defender, well as part of a layered approach hardware/software/common sense... defender is #perfection I wouldn't trade it for anything... ive yet to actually after 25+years outside of my labs see an alert or get "tricked" into anything........... it costs nothing, is baked into the OS.. sooooooo configurable mmmm,. not reliant on 3rd party/updates/mitigations/issues
maybe its time for a "driving license" kind of thing is required to "be online" there is so many products and services reliant, and so many people that have zero idea about basic security.
ymmv but if you have any idea, you dont even need an AV..........i dont, but im quite glad to have defender there doing nothing, if it gets to your AV its too late. Your other layers should of known well before, your spider senses and common sense should be tingling, just stop being so stupid clicking random links and unknown files
by all means do this in a sandbox or a specific vlan'd VM as i do.. i love testing malware and defnderuiPRO by @danb coupled with defender is the ONLY solution that can consistently pass my tests of 1000+ .exe executed 100%
eset i got ransomed..... bitdefender missed a few... sophos i lost the MBR and ability to boot.. you get the point? dont rely on any company/software, rely on yourself.... YOU are the best AV or security solution there is
Last edited:
- Oct 22, 2018
- 435
WSVX and Hard Configurator is my solution for the past several months. I ran CFW for years, then Comodo's apparent lack of interest in free product updates or upgrades kind of soured me. I'm sure CFW is still rock solid, but it's time for me to move on. WiseVector and Hard Configurator so far doing a stellar job of protecting.
- Aug 16, 2021
- 230
you should see my keepass!
(actually i hope you cant!!!)
no everything is random, ive no idea what they are
Similar threads
