App Review TPSC - Windows Defender vs Avast: Do you need Free Antivirus?

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Local Host said:
That's another problem I always had as well, a huge rate of false positives from Microsoft Defender (something that doesn't happen with Kaspersky), I got tired of sending samples to Microsoft.
Click to expand...
I think that this could be a problem one year ago, but now Defender's false positive rate is very low.
In my case, the issue is probably related to using Autoit which creates the .tmp binaries in the user Temp folder.
I think that such blocks are welcome from the security viewpoint.
 
  • Like
Reactions: Moonhorse and blackice
kC77

kC77

Level 5
Verified
Well-known
Aug 16, 2021
232
Andy Ful said:
No. During the compilation, the .tmp files are created and this is blocked in the user Temp folder. Defender does not like when Autoit creates .tmp binaries.
Click to expand...
Ah, understood... althought I would of thought this is the idea of a "process exclusion".
if autoit was added as a process exclusion, then in theory anything that process does should be ignored? (but im guessing not in your case, and that defender is just being fussy!)
 
  • Like
Reactions: Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
kC77 said:
Ah, understood... althought I would of thought this is the idea of a "process exclusion".
if autoit was added as a process exclusion, then in theory anything that process does should be ignored? (but im guessing not in your case, and that defender is just being fussy!)
Click to expand...
Defender's exclusion allows running the excluded file. I think that one cannot safely exclude in Defender the files/processes that do not yet exist and never were executed.
Microsoft could probably whitelist the creation of files by the AutoIt compiler, but this could be easily abused by malc0ders.

Post edited.
There is a limited way to exclude files/processes that do not yet exist and never were executed (see my next post).
 
Last edited:
  • Like
Reactions: Moonhorse and kC77
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
The Defender's exclusions for processes and file types allow some wildcards. So in theory I could exclude the temporary files made during the compilation by using a pattern with wildcards. Yet, this could decrease the Defender protection. Some AVs can use the option to trust unknown files created by the trusted installers, but I am not aware of a similar feature in Microsoft Defender.
It is interesting that my blocked files are automatically checked not only by local signatures but also by the cloud backend. I am not sure why, but this increases the Defender protection.
 
Last edited:
  • Like
Reactions: Andrew999, Moonhorse, kC77 and 1 other person
You must log in or register to reply here.

Similar threads

NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
391
Video Reviews - Security and Privacy
bazang
bazang
NB InfoTech
App Review On whom will you bet on? | Comodo Internet Security 2025 vs Avast Free Antivirus vs Malware | 2024
Replies
2
Views
355
Video Reviews - Security and Privacy
tofargone
tofargone
NB InfoTech
    • Like
App Review PC Matic Home Review | PC Matic Home Security Antivirus vs Ransomware | 2024
Replies
4
Views
739
Video Reviews - Security and Privacy
Dave Russo
Dave Russo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top