Microsoft removes Windows Defender download feature after security concerns

Status
Not open for further replies.
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,875
Microsoft has removed the ability to download files using Windows Defender after it was demonstrated how it could be used by attackers to download malware onto a computer.

Last week, we reported that Microsoft quietly added the ability to download files using Windows Defender for an unknown reason.

When this was discovered, there was concern from the cybersecurity community that Microsoft would allow Defender to be abused by attackers as a LOLBIN.
Click to expand...
Microsoft removes download feature
With yesterday's release of the Windows Defender Antimalware Client version 4.18.2009.2-0, BleepingComptuer discovered that Microsoft once again quietly changed the MpCmdRun.exe features.

This time, Microsoft removed the ability to download files via the MpCmdRun.exe command-line utility.

Users who attempt to download a file using MpCmdRun.exe will be shown an error stating "CmdTool: Invalid command line argument." The -DownloadFile command line option has already been removed from the help screen.

Threat actors will use every tool they can to their advantage, especially ones that may be automatically allowed, such as Window binaries.

Using LOLBINs in attacks is not theoretical, as they have been used in the past by the TA505 APT group, ransomware attacks, and other malware attacks.

Removing this option from Windows Defender is a good thing as it makes no sense giving threat actors additional tools to compromise our systems.
Click to expand...
Read the full article by Bleeping Computer here:
www.bleepingcomputer.com

Microsoft removes Windows Defender ability after security concerns

Microsoft has removed the ability to download files using Windows Defender after it was demonstrated how it could be used by attackers to download malware onto a computer.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • Thanks
Reactions: shmu26, SeriousHoax, Protomartyr and 15 others
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • Hundred Points
    • +Reputation
New Update An even better Microsoft Account bypass for Windows 11 has already been discovered
Replies
23
Views
1,710
Windows 11
lokamoka820
lokamoka820
K
    • Like
    • +Reputation
Security News Microsoft Confirms Critical Windows Defender Security Vulnerability
Replies
3
Views
949
Security News
TairikuOkami
TairikuOkami
Gandalf_The_Grey
    • Like
Security News Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Replies
0
Views
790
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top