Serious Discussion Smarter App Control?

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
@pxxb1asked about the kinds of things we are working on. An improved version of SAC that uses an extremely similar policy would be cool, especially if was flexible and user-friendly, and did not completely disable itself it things did not go his way. And if you could enable or disable it at any time, and if it had a training mode.

I have a love-hate relationship with WDAC, and working with WDAC the last few weeks has only confirmed my beliefs, and I will speak much more about that soon. In short, WDAC is viable and amazing, but only if it has a training mode or a way to quickly whitelist individual files. If you run WDAC and examine the logs, you will see TONS of unwanted blocks.

For now we added WDAC Lockdown to DefenderUI Pro to test... it was the obvious choice for a lot for reasons. It it turns out to be amazing, we will add it to CyberLock as well, which I am quite certain.

CyberLock should block any attacks, but it certainily does not hurt to have an additinonal layer just in case.

So yeah, that is what we are going to do... go through all of Microsoft Defender's features and refine the hell out of them and add them to DefenderUI, and to CyberLock if it makes sense.

There is a lot more I want to say about all of this, but I am too tired at this point, so we will talk soon ;).

Lockdown Settings.png



Thank you guys!
 

Bot

AI-powered Bot
Apr 21, 2016
3,757
Thanks for sharing your insights, @pxxb1. Improving SAC while maintaining its flexibility and user-friendliness is indeed on our agenda. We're also working on refining Microsoft Defender's features for better integration with DefenderUI and CyberLock. Your feedback on WDAC is valuable and we're excited to see its potential in enhancing security layers. Looking forward to further discussions.
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
453
@pxxb1asked about the kinds of things we are working on. An improved version of SAC that uses an extremely similar policy would be cool, especially if was flexible and user-friendly, and did not completely disable itself it things did not go his way. And if you could enable or disable it at any time, and if it had a training mode.

I have a love-hate relationship with WDAC, and working with WDAC the last few weeks has only confirmed my beliefs, and I will speak much more about that soon. In short, WDAC is viable and amazing, but only if it has a training mode or a way to quickly whitelist individual files. If you run WDAC and examine the logs, you will see TONS of unwanted blocks.

For now we added WDAC Lockdown to DefenderUI Pro to test... it was the obvious choice for a lot for reasons. It it turns out to be amazing, we will add it to CyberLock as well, which I am quite certain.

CyberLock should block any attacks, but it certainily does not hurt to have an additinonal layer just in case.

So yeah, that is what we are going to do... go through all of Microsoft Defender's features and refine the hell out of them and add them to DefenderUI, and to CyberLock if it makes sense.

There is a lot more I want to say about all of this, but I am too tired at this point, so we will talk soon ;).

View attachment 283036


Thank you guys!

When Defender got an overhaul and upgrade by Ms some years ago which made it a capable protection we all got glad, but unfortunately they also made its Gui complicated with poor overview, - that which is the worst to handle is the quarantine and quarantined objects the rest is endurable when learnt - , so a wish for something better when it came to that issue surfaced in manys minds.

When DefenderUI came out the hope was that it would solve the issue and create, if not bliss at least happiness, but - no. So the biggest issue with Defender was still not handled. For me personaly DefenderUI was redundant since most of the features in it, was items that could be handled within Ms Defender as mentioned above, and if one also used Configure Defender by Andy Ful, well, the benefit was almost zero. So in my mind, i thought that DefenderUI had missed the mark - totally.

With all this said, Dan, i think you now know what i would want to see in DefenderUI, yes, you guessed it, a smooth and easier handling of the quarantine function of Ms Defender.
 
Last edited:
A

Azazel

@pxxb1asked about the kinds of things we are working on. An improved version of SAC that uses an extremely similar policy would be cool, especially if was flexible and user-friendly, and did not completely disable itself it things did not go his way. And if you could enable or disable it at any time, and if it had a training mode.

I have a love-hate relationship with WDAC, and working with WDAC the last few weeks has only confirmed my beliefs, and I will speak much more about that soon. In short, WDAC is viable and amazing, but only if it has a training mode or a way to quickly whitelist individual files. If you run WDAC and examine the logs, you will see TONS of unwanted blocks.

For now we added WDAC Lockdown to DefenderUI Pro to test... it was the obvious choice for a lot for reasons. It it turns out to be amazing, we will add it to CyberLock as well, which I am quite certain.

CyberLock should block any attacks, but it certainily does not hurt to have an additinonal layer just in case.

So yeah, that is what we are going to do... go through all of Microsoft Defender's features and refine the hell out of them and add them to DefenderUI, and to CyberLock if it makes sense.

There is a lot more I want to say about all of this, but I am too tired at this point, so we will talk soon ;).

View attachment 283036


Thank you guys!
Will you add WDAC to DefenderUI also, non-PRO version?
 
F

ForgottenSeer 107474

@Azazel for marketing purpose, it would be smarter to offer advanced functions in Pro and basic functions in DUI. Although DUI offers advanced Defender configuration features it feels like basic because Configure Defender also offers it for free (this is more or less what @pxxb1 is posting) .Offering a 'training' mode (converting WDAC audit into allow exceptions in an easy way (not the M$ way), would rightfully qualify DUI-pro as PRO version. I don't want to speak for Dan, but it seems more logical to offer thayt in the Pro version.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Will you add WDAC to DefenderUI also, non-PRO version?
Probably not. It is going to be quite advanced and feature rich when it is finished, and mainly targeted toward businesses and security enthusiasts. The free version is great for average home users, and it is best to keep it simple.
 
  • +Reputation
Reactions: simmerskool

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Thanks for sharing your insights, @pxxb1. Improving SAC while maintaining its flexibility and user-friendliness is indeed on our agenda. We're also working on refining Microsoft Defender's features for better integration with DefenderUI and CyberLock. Your feedback on WDAC is valuable and we're excited to see its potential in enhancing security layers. Looking forward to further discussions.
Thank you Bot, I am looking forward to further discussions as well ;).
 
  • Like
Reactions: simmerskool

Bot

AI-powered Bot
Apr 21, 2016
3,757
Thank you Bot, I am looking forward to further discussions as well ;).
You're welcome, @pxxb1! I'm glad to hear that. Don't hesitate to share any more thoughts or questions you might have in the future. Happy discussing!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
When Defender got an overhaul and upgrade by Ms some years ago which made it a capable protection we all got glad, but unfortunately they also made its Gui complicated with poor overview, - that which is the worst to handle is the quarantine and quarantined objects the rest is endurable when learnt - , so a wish for something better when it came to that issue surfaced in manys minds.

When DefenderUI came out the hope was that it would solve the issue and create, if not bliss at least happiness, but - no. So the biggest issue with Defender was still not handled. For me personaly DefenderUI was redundant since most of the features in it, was items that could be handled within Ms Defender as mentioned above, and if one also used Configure Defender by Andy Ful, well, the benefit was almost zero. So in my mind, i thought that DefenderUI had missed the mark - totally.

With all this said, Dan, i think you now know what i would want to see in DefenderUI, yes, you guessed it, a smooth and easier handling of the quarantine function of Ms Defender.
How funny,.. you think that DefenderUI "missed the mark - totally", because we are not able to add the handling of the quarantine? DefenderUI's only redeeming quality would be if it had a quarantine enhancement?

The quarantine database is encrypted and password protected... there is nothing anyone besides Microsoft can do to enhance the quarantine feature.
 
  • +Reputation
Reactions: simmerskool

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
@Azazel for marketing purpose, it would be smarter to offer advanced functions in Pro and basic functions in DUI. Although DUI offers advanced Defender configuration features it feels like basic because Configure Defender also offers it for free (this is more or less what @pxxb1 is posting) .Offering a 'training' mode (converting WDAC audit into allow exceptions in an easy way (not the M$ way), would rightfully qualify DUI-pro as PRO version. I don't want to speak for Dan, but it seems more logical to offer thayt in the Pro version.
Yep, this is exactly what we are thinking ;).
 

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
453
How funny,.. you think that DefenderUI "missed the mark - totally", because we are not able to add the handling of the quarantine? DefenderUI's only redeeming quality would be if it had a quarantine enhancement?

The quarantine database is encrypted and password protected... there is nothing anyone besides Microsoft can do to enhance the quarantine feature.

I think it missed the mark because Configure Defender, which was existent then, did most of the things DefenderUI did. I missed to write that before. Since CD existed DUI did not add much and it did not help up the most complicated handling in Ms Defender, namely the quarantine handling.

I do not know what you are thinking about when i say quarantine, but, what i mean is the handling within Ms defender of a quarantined object. It is not intuitive and easily understood for a everyday user how to find the item and also add an exception. So it is a 2 step that has no obvious info in Ms Defender where to find out how to do it, instead one jumps around to find to find it out. Just ridiculously constructed handling.

Solve that with DUI, and you have solved the most stupid thing with Ms Defender.

Come to think of it, don`t, you will probably realize that it is a very good idea and put it in the Pro version and sell a lot because of that ;).

Anyway, good luck with the new DUI.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top