Using Defender as your first line of defense

Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Umbra said:
...
What VS will add? nothing much, so basically wasting resources and offering surface attacks.
Click to expand...
That is right. Using both H_C and VS can hardly be recommended, for many reasons.
Anyway, many users will choose VS (over SRP/H_C) because it seems more user-friendly. Windows built-in SRP blocks some processes silently, so the user who is not trained/accustomed to security Logs can have a problem to see if something was blocked and what concretely was blocked.
It is much easier with H_C because it uses NirSoft FullEventLogView (with custom config) to see the blocked entries, but it is still easier with VS because the info about the blocked process can be seen in the VS alert.
On the other side, some users will prefer SRP, if they do not like too much prompting about things they already know.
 
  • Like
Reactions: ErzCrz, Cats-4_Owners-2, Protomartyr and 4 others
RoboMan

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,483
Umbra said:
It is a simple real-time scanner with some cloud capabilities, what did you expect?
Take all the 3rd party vendors AVs, remove every components except the real-time scanner, i bet maybe only ESET or Kaspersky would do well.
WD was made to offer basic, decent, free protection to ALL Windows' users without any hassle or setup to do.
Click to expand...
This. Just imagine Defender offering Application Control or SRP capabilities directly from the antivirus GUI. That would lead to thousands of novices breaking their systems or worse, Defender breaking everything in an attemp to protect retar** users.
 
  • Like
  • HaHa
Reactions: Moonhorse, Protomartyr, Venustus and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Robbie said:
This. Just imagine Defender offering Application Control or SRP capabilities directly from the antivirus GUI. That would lead to thousands of novices breaking their systems or worse, Defender breaking everything in an attemp to protect retar** users.
Click to expand...
That is true for SRP/AppLocker/ApplicationControl in their current form. But, Microsoft could easily introduce something similar to H_C profiles, which can safely apply/remove the complex security settings via one mouse click.
 
  • Like
  • Wow
Reactions: Cats-4_Owners-2, Protomartyr, Venustus and 6 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
Andy Ful said:
That is true for SRP/AppLocker/ApplicationControl in their current form. But, Microsoft could easily introduce something similar to H_C profiles, which can safely apply/remove the complex security settings via one mouse click.
Click to expand...
What a beautiful world that would be. I would appreciate it, but I don’t expect it to happen.
 
  • Like
Reactions: Cats-4_Owners-2, Moonhorse, Protomartyr and 3 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
plat1098 said:
The irony .:rolleyes:

As-is with no install or set-up, Defender is the easiest to use.

For maximum effectiveness and efficiency, Defender is the most complicated and obscure. By far.
Click to expand...
The other funny thing. For most users, with decent online hygiene, default is probably all they need, maybe increased time for cloud lookup. It’s the happy clickers who need the advanced settings, and they’re the most likely to be on default.
 
  • Like
Reactions: Cats-4_Owners-2, Protomartyr, Venustus and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
blackice said:
The other funny thing. For most users, with decent online hygiene, default is probably all they need, maybe increased time for cloud lookup. It’s the happy clickers who need the advanced settings, and they’re the most likely to be on default.
Click to expand...
Most average users even do not know that they are happy clickers.:)
 
  • HaHa
  • Like
Reactions: Cats-4_Owners-2, Protomartyr, Venustus and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Mjolnir said:
At default settings can Defender protect against this - New Phoenix Keylogger tries to stop over 80 security products to avoid detection | ZDNet
Click to expand...
Yes in some cases, and No in some cases. This will be true for most AVs. The AV has a chance to stop it when executed from disk, like in malware tests. But not necessarily, if it will be loaded into memory by another malware/exploit on the already infected system, which probably will be the case in the wild. Many Phoenix samples do not try to obtain persistence and can detect a virtual machine environment. So, Phoenix will be hard to detect by the AV.
The better chances have security solutions based on NIDS, that can monitor network traffic.
Such malware cannot magically appear on your computer. It has to be delivered, usually via phishing + exploits. The best method to avoid it, will be updating Windows and installed software.

"Delivery Method

By default, Illusion supplies the Phoenix keylogger to their buyers as a stub. The buyer must use their own methods to deliver the stub to the target machine. The majority of Phoenix infections we observe originate from phishing attempts that leverage a weaponized rich text file (RTF) or Microsoft Office document. These deliveries do not use the more popular malicious macro technique, but instead use known exploits. Most commonly, they exploit the Equation Editor vulnerability".

www.cybereason.com

Phoenix: The Tale of the Resurrected Keylogger

Nocturnus is tracking a new keylogger called Phoenix, packed with a myriad of information-stealing features extending far beyond logging keystrokes.
www.cybereason.com www.cybereason.com
 
  • Like
  • +Reputation
Reactions: Venustus, SeriousHoax, Cats-4_Owners-2 and 7 others
South Park

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
In my experience, a content blocker like uBO or Nano blocker is even more important than an antivirus. I've had a few warnings and blocked pages from content blockers when seemingly trustworthy sites tried to redirect me to suspicious places. That said, I feel confident using Defender and the built-in Exploit Guard in Windows 10 (plus a NVT product on the side).

In the 15 years that I've used Windows Defender, its forerunner MSE, and Avast free on various computers, I've never had an infection as determined by a second-opinion scanner. The only time I got infected was while using Norton in 2003, and I once picked up an inert Java RE virus when using the now-defunct CA antivirus.
 
  • Like
Reactions: plat, Gandalf_The_Grey, Venustus and 3 others

Similar threads

vtqhtr413
    • Like
    • +Reputation
Hot Take First Look: All Apps section of Windows 11 Start Menu
Replies
2
Views
703
Windows 11
Trident
Trident
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
1,175
Windows Malware Removal Help & Support
Can't Decide
C
A
Beginning to enable a set of new features for Windows Insiders in the Dev Channel on Build 26120.961
Replies
0
Views
259
Windows 11
Amanda Langowski
A

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top