Solved This seems to be a huge security flaw in Edge and MS Defender.

annaegorov

Level 10
Thread author
Well-known
Forum Veteran
Feb 6, 2018
478
1,393
866
USA
If you go to this site and click on phishing, follow the prompt on that page.


You should not be able to see the page, it should be blocked.

BUT Edge does not block it, neither does defender, Bitdefender does... Why is this allowed?
 
Edge and MS Defender do not block the AMTSO phishing test because the test is not considered to be a legitimate threat. I don't believe they block the EICAR malicious web page test either, for the same reason. Bitdefender AV's and the Malwarebytes Browser Guard extension will block all of the AMTSO tests though. I don't know if Avast or AVG blocks them.

C.H.
 
1783983562471.png
1783983621101.png

Not blocked with either Edge nor Brave, with MD
 
Edge and MS Defender do not block the AMTSO phishing test because the test is not considered to be a legitimate threat. I don't believe they block the EICAR malicious web page test either, for the same reason. Bitdefender AV's and the Malwarebytes Browser Guard extension will block all of the AMTSO tests though. I don't know if Avast or AVG blocks them.

C.H.
Was blocked only by McAfee web adivsor and Symantec browser protection extensions.
 
Was blocked only by McAfee web adivsor and Symantec browser protection extensions.
Microsoft Defender lacks web protection and avoids engaging targets at long range to prevent disrupting air traffic; instead, it waits for the enemy to land before neutralizing the threat. 🤣
 
thanks guys, just couldn't figure out why some did and some didn't
This is because Microsoft Defender lacks web protection features to actively block phishing attacks, whereas Bitdefender includes such capabilities. Consequently, it is recommended to use a browser security extension like Bitdefender Traffic Light or Malwarebytes Browser Guard if you rely on Microsoft Defender as your primary antivirus software.
 
This is because Microsoft Defender lacks web protection features to actively block phishing attacks, whereas Bitdefender includes such capabilities. Consequently, it is recommended to use a browser security extension like Bitdefender Traffic Light or Malwarebytes Browser Guard if you rely on Microsoft Defender as your primary antivirus software.
well I tried those extensions and it still didn't block it. Not sure why.
 
Not blocked with either Edge nor Brave, with MD

Yes, my mistake, I tested the EICAR downloads. The reason for not blocking this page probably follows from this information:
"This page does NOT contain any malicious content nor does it try to phish details, but by an industry wide agreement this page is detected as a page to be blocked so that people can verify if their anti-malware product’s detection capability is configured correctly."

As it was already mentioned, MD in default settings does not include web protection, so it cannot block this phishing test.
However, it is possible to enable MD Network Protection. But it also does not block the EICAR phishing test.
It seems that instead of using EICAR, MD and Edge recommend their own testing websites:
For MD Network Protection: Network Protection - Microsoft Defender Testground
For Edge: UrlRep - Microsoft Defender Testground
 
Last edited:
There is no reason to block this page. Furthermore, all tests from this page are blocked by Edge or MD.
OK Now I don't have your knowledge, so I am not argueing with you.

BUT Ai said, and I paraphrase, from memory, which is very risky, that everyone has an agreement, that these pages will be flaged, and not allowed, thus they can be used for testing.

I am not sure who Ai means, when saying "everyone" I just assumed it meant ANYONE in the security community, including vendors like McAfee, Kaspersky, MWBAMW, Microsoft ECT.
 
OK Now I don't have your knowledge, so I am not argueing with you.

BUT Ai said, and I paraphrase, from memory, which is very risky, that everyone has an agreement, that these pages will be flaged, and not allowed, thus they can be used for testing.

I am not sure who Ai means, when saying "everyone" I just assumed it meant ANYONE in the security community, including vendors like McAfee, Kaspersky, MWBAMW, Microsoft ECT.
You can view those vendors in the members tab in AMTSO website.


Ironically, MS is a member
 
Last edited:
Microsoft Edge is clearly inconsistent in blocking all EICAR tests from the OP except for the phishing test.
Anyway, the postulate from the OP ( "This seems to be a huge security flaw in Edge and MS Defender") is untrue, especially when Microsoft has its own testground website:
 
Microsoft Edge is clearly inconsistent in blocking all EICAR tests from the OP except for the phishing test.
Anyway, the postulate from the OP ( "This seems to be a huge security flaw in Edge and MS Defender") is untrue, especially when Microsoft has its own testground website:
To a normal user, seeing that their security product failed the test will make them panic especially with AMTSO displayed msg.

But tbh I don't know how on earth a normal user would know about AMTSO tests in the 1sr place hahahhaha
 

You may also like...