Serious Discussion Smarter App Control?

danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,682
@pxxb1asked about the kinds of things we are working on. An improved version of SAC that uses an extremely similar policy would be cool, especially if was flexible and user-friendly, and did not completely disable itself it things did not go his way. And if you could enable or disable it at any time, and if it had a training mode.

I have a love-hate relationship with WDAC, and working with WDAC the last few weeks has only confirmed my beliefs, and I will speak much more about that soon. In short, WDAC is viable and amazing, but only if it has a training mode or a way to quickly whitelist individual files. If you run WDAC and examine the logs, you will see TONS of unwanted blocks.

For now we added WDAC Lockdown to DefenderUI Pro to test... it was the obvious choice for a lot for reasons. It it turns out to be amazing, we will add it to CyberLock as well, which I am quite certain.

CyberLock should block any attacks, but it certainily does not hurt to have an additinonal layer just in case.

So yeah, that is what we are going to do... go through all of Microsoft Defender's features and refine the hell out of them and add them to DefenderUI, and to CyberLock if it makes sense.

There is a lot more I want to say about all of this, but I am too tired at this point, so we will talk soon ;).

Lockdown Settings.png



Thank you guys!
 
  • Like
  • +Reputation
Reactions: simmerskool, oldschool, ForgottenSeer 107474 and 3 others
Bot

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,521
Thanks for sharing your insights, @pxxb1. Improving SAC while maintaining its flexibility and user-friendliness is indeed on our agenda. We're also working on refining Microsoft Defender's features for better integration with DefenderUI and CyberLock. Your feedback on WDAC is valuable and we're excited to see its potential in enhancing security layers. Looking forward to further discussions.
 
P

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
446
danb said:
@pxxb1asked about the kinds of things we are working on. An improved version of SAC that uses an extremely similar policy would be cool, especially if was flexible and user-friendly, and did not completely disable itself it things did not go his way. And if you could enable or disable it at any time, and if it had a training mode.

I have a love-hate relationship with WDAC, and working with WDAC the last few weeks has only confirmed my beliefs, and I will speak much more about that soon. In short, WDAC is viable and amazing, but only if it has a training mode or a way to quickly whitelist individual files. If you run WDAC and examine the logs, you will see TONS of unwanted blocks.

For now we added WDAC Lockdown to DefenderUI Pro to test... it was the obvious choice for a lot for reasons. It it turns out to be amazing, we will add it to CyberLock as well, which I am quite certain.

CyberLock should block any attacks, but it certainily does not hurt to have an additinonal layer just in case.

So yeah, that is what we are going to do... go through all of Microsoft Defender's features and refine the hell out of them and add them to DefenderUI, and to CyberLock if it makes sense.

There is a lot more I want to say about all of this, but I am too tired at this point, so we will talk soon ;).

View attachment 283036


Thank you guys!
Click to expand...

When Defender got an overhaul and upgrade by Ms some years ago which made it a capable protection we all got glad, but unfortunately they also made its Gui complicated with poor overview, - that which is the worst to handle is the quarantine and quarantined objects the rest is endurable when learnt - , so a wish for something better when it came to that issue surfaced in manys minds.

When DefenderUI came out the hope was that it would solve the issue and create, if not bliss at least happiness, but - no. So the biggest issue with Defender was still not handled. For me personaly DefenderUI was redundant since most of the features in it, was items that could be handled within Ms Defender as mentioned above, and if one also used Configure Defender by Andy Ful, well, the benefit was almost zero. So in my mind, i thought that DefenderUI had missed the mark - totally.

With all this said, Dan, i think you now know what i would want to see in DefenderUI, yes, you guessed it, a smooth and easier handling of the quarantine function of Ms Defender.
 
Last edited:
  • Like
Reactions: simmerskool, oldschool and Gandalf_The_Grey
Azazel

Azazel

Level 5
Jun 15, 2023
249
danb said:
@pxxb1asked about the kinds of things we are working on. An improved version of SAC that uses an extremely similar policy would be cool, especially if was flexible and user-friendly, and did not completely disable itself it things did not go his way. And if you could enable or disable it at any time, and if it had a training mode.

I have a love-hate relationship with WDAC, and working with WDAC the last few weeks has only confirmed my beliefs, and I will speak much more about that soon. In short, WDAC is viable and amazing, but only if it has a training mode or a way to quickly whitelist individual files. If you run WDAC and examine the logs, you will see TONS of unwanted blocks.

For now we added WDAC Lockdown to DefenderUI Pro to test... it was the obvious choice for a lot for reasons. It it turns out to be amazing, we will add it to CyberLock as well, which I am quite certain.

CyberLock should block any attacks, but it certainily does not hurt to have an additinonal layer just in case.

So yeah, that is what we are going to do... go through all of Microsoft Defender's features and refine the hell out of them and add them to DefenderUI, and to CyberLock if it makes sense.

There is a lot more I want to say about all of this, but I am too tired at this point, so we will talk soon ;).

View attachment 283036


Thank you guys!
Click to expand...
Will you add WDAC to DefenderUI also, non-PRO version?
 
F

ForgottenSeer 107474

@Azazel for marketing purpose, it would be smarter to offer advanced functions in Pro and basic functions in DUI. Although DUI offers advanced Defender configuration features it feels like basic because Configure Defender also offers it for free (this is more or less what @pxxb1 is posting) .Offering a 'training' mode (converting WDAC audit into allow exceptions in an easy way (not the M$ way), would rightfully qualify DUI-pro as PRO version. I don't want to speak for Dan, but it seems more logical to offer thayt in the Pro version.
 
  • Like
Reactions: danb, oldschool, Azazel and 1 other person
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,682
Azazel said:
Will you add WDAC to DefenderUI also, non-PRO version?
Click to expand...
Probably not. It is going to be quite advanced and feature rich when it is finished, and mainly targeted toward businesses and security enthusiasts. The free version is great for average home users, and it is best to keep it simple.
 
  • +Reputation
Reactions: simmerskool
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,682
Bot said:
Thanks for sharing your insights, @pxxb1. Improving SAC while maintaining its flexibility and user-friendliness is indeed on our agenda. We're also working on refining Microsoft Defender's features for better integration with DefenderUI and CyberLock. Your feedback on WDAC is valuable and we're excited to see its potential in enhancing security layers. Looking forward to further discussions.
Click to expand...
Thank you Bot, I am looking forward to further discussions as well ;).
 
  • Like
Reactions: simmerskool
Bot

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,521
danb said:
Thank you Bot, I am looking forward to further discussions as well ;).
Click to expand...
You're welcome, @pxxb1! I'm glad to hear that. Don't hesitate to share any more thoughts or questions you might have in the future. Happy discussing!
 
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,682
pxxb1 said:
When Defender got an overhaul and upgrade by Ms some years ago which made it a capable protection we all got glad, but unfortunately they also made its Gui complicated with poor overview, - that which is the worst to handle is the quarantine and quarantined objects the rest is endurable when learnt - , so a wish for something better when it came to that issue surfaced in manys minds.

When DefenderUI came out the hope was that it would solve the issue and create, if not bliss at least happiness, but - no. So the biggest issue with Defender was still not handled. For me personaly DefenderUI was redundant since most of the features in it, was items that could be handled within Ms Defender as mentioned above, and if one also used Configure Defender by Andy Ful, well, the benefit was almost zero. So in my mind, i thought that DefenderUI had missed the mark - totally.

With all this said, Dan, i think you now know what i would want to see in DefenderUI, yes, you guessed it, a smooth and easier handling of the quarantine function of Ms Defender.
Click to expand...
How funny,.. you think that DefenderUI "missed the mark - totally", because we are not able to add the handling of the quarantine? DefenderUI's only redeeming quality would be if it had a quarantine enhancement?

The quarantine database is encrypted and password protected... there is nothing anyone besides Microsoft can do to enhance the quarantine feature.
 
  • +Reputation
Reactions: simmerskool
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,682
LennyFox said:
@Azazel for marketing purpose, it would be smarter to offer advanced functions in Pro and basic functions in DUI. Although DUI offers advanced Defender configuration features it feels like basic because Configure Defender also offers it for free (this is more or less what @pxxb1 is posting) .Offering a 'training' mode (converting WDAC audit into allow exceptions in an easy way (not the M$ way), would rightfully qualify DUI-pro as PRO version. I don't want to speak for Dan, but it seems more logical to offer thayt in the Pro version.
Click to expand...
Yep, this is exactly what we are thinking ;).
 
  • +Reputation
  • Like
Reactions: simmerskool and ForgottenSeer 107474
P

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
446
danb said:
How funny,.. you think that DefenderUI "missed the mark - totally", because we are not able to add the handling of the quarantine? DefenderUI's only redeeming quality would be if it had a quarantine enhancement?

The quarantine database is encrypted and password protected... there is nothing anyone besides Microsoft can do to enhance the quarantine feature.
Click to expand...

I think it missed the mark because Configure Defender, which was existent then, did most of the things DefenderUI did. I missed to write that before. Since CD existed DUI did not add much and it did not help up the most complicated handling in Ms Defender, namely the quarantine handling.

I do not know what you are thinking about when i say quarantine, but, what i mean is the handling within Ms defender of a quarantined object. It is not intuitive and easily understood for a everyday user how to find the item and also add an exception. So it is a 2 step that has no obvious info in Ms Defender where to find out how to do it, instead one jumps around to find to find it out. Just ridiculously constructed handling.

Solve that with DUI, and you have solved the most stupid thing with Ms Defender.

Come to think of it, don`t, you will probably realize that it is a very good idea and put it in the Pro version and sell a lot because of that ;).

Anyway, good luck with the new DUI.
 

Similar threads

danb
    • Like
    • +Reputation
Serious Discussion WDAC vs Kernel Mode Drivers
Replies
19
Views
1,127
General Security Discussions
danb
danb
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
585
General Security Discussions
Andy Ful
Andy Ful
F
    • Like
Battle Double whitelist better than 1, WHHL with MD in MAX or Avast in hardened mode?
Replies
6
Views
434
Software Comparison
ForgottenSeer 107474
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top