- Dec 23, 2014
- 8,510
Using ConfigureDefender is simpler and safer than using a toaster.
Run, click HIGH, click REFRESH, click Close.
Why are we even messing with anything other than WD these days?
- Thread starter ncage
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Run, click HIGH, click REFRESH, click Close.
wd was too heavy for my old i3 computer, it slowed it down to a crawl. on my atom computer, it was virtually unusable. some other solutions are simply lighter (and actually score better in the labs). don't get me wrong, i like wd, i'm just saying, there are good reasons some people don't use it.
- Mar 29, 2018
- 7,609
I'm curious how long ago you tried it, and what OS version were you on?
- Aug 4, 2016
- 1,465
How do you know how my partner has her desktop? I thought she was meeting someone in secret. If you are meeting her help me out & sort her desktop out when you meet her, it's too much for me, though I try endlessly
- Dec 23, 2014
- 8,510
Evjl's Rain ,
I repeated my old test with WD BAFS samples.
It also shows that already cached files are not checked against the cloud AI until the cache is not cleared.
I repeated my old test with WD BAFS samples.
- Apply WD default settings.
- Turn on Shadow Defender to prevent local AI learning.
- Use Edge browser and WD Demo page to generate fresh samples detected as malicious by WD BAFS.
- Recover the samples from quarantine, copy to the c:\zzz folder and commit the folder in Shadow Defender. It is not easy, because many samples will be deleted by WD (not quarantined).
- Reboot the computer and open c:\zzz folder (nothing happen, samples are ignored by signatures, local AI, and cloud-delivered protection).
- Turn off the Internet connection, and use RunBySmartSreen to add MOTW to each sample (do not run samples).
- Turn on the Internet connection and open c:\zzz folder (nothing happen, samples are already cached).
- Reboot the computer and open c:\zzz folder. WOW, the samples are now checked on access by cloud-delivered protection and removed as malware.
It also shows that already cached files are not checked against the cloud AI until the cache is not cleared.
Last edited:
- Dec 23, 2014
- 8,510
I am glad that such a kind and wise person as you have got some fun while reading posts here.
You can PM your preferences about posting, and I will try to post something especially for you.
Edit.
Did you notice that your post was off topic? (oops, my post, too.)
Last edited:
- Dec 23, 2014
- 8,510
Evjl's Rain thanks for a very interesting malware test:
The important factor can be the fact that the test with malware execution, which infected the system, was performed before the BAFS test.
As usual with WD, there can be two or more interpretations of the results:
Anyway, the test shows how quickly WD AI can recognize the never-seen malware.
The important factor can be the fact that the test with malware execution, which infected the system, was performed before the BAFS test.
As usual with WD, there can be two or more interpretations of the results:
- BAFS has a better detection (on access, file with MOTW) than WD detection on execution (when the file does not have MOTW).
- Both have the same detection, but the result can be better for the second. Why?
The user has already executed the malware which infected the computer and the WD telemetry alarmed the cloud. AI in the cloud finished the analysis and recognized the malware before starting the BAFS test, but was not fast enough to stop the infection in the previous test.
Anyway, the test shows how quickly WD AI can recognize the never-seen malware.
Last edited:
the problem is I saw microsoft detection on VT hours before the test => they already recognized this malware
in this test, I found out WD's latest signatures are slightly outdated compare to VT. This is interesting (clicked check for update 3 times)
also MS engine on VT has different detection name from WD cloud
I wish to test a sample completely unseen by MS to see how WD reacts to it
do you know anything about behavior monitoring in default settings? I've never seen it working perhaps only works in high settings
=> I will try to test WD in high settings, offline mode to check out behavioral monitoring, unless it depends on the cloud
- Dec 23, 2014
- 8,510
WD uses local behavior monitoring which is probably connected with local machine learning module. The same is true in the extended form, for AI in the cloud.
When the AV uses AI, then the traditional meaning of heuristics, Behavior Blocker, etc. is not precise because the machine learning uses them all as a basis for calculating how malicious is the sample.
according to what I read from MS and MS' supporters, Behavior monitoring is like a telemetry tool for the cloud
so WD may not have a true local BB (like avast)
Lots of good points on either end. You'll always get mixed reactions, especially when it comes to WD.
IMHO WD has improved significantly both on the protection side and the performance side. I have had zero issues with WD, no FP issues and on both my systems I don't even notice it. Everyone will have different experiences and the same can be said for any product. TBH I've had more issues/annoyances with 3rd party AVs compared to WD. Furthermore, 3rd parties are getting more and more in the news for causing issues/conflicts compared to WD.
Tools like Configure defender make it super easy to tweak it if you so choose. If one wants to there are other programs such as syshardener, hard configurator, VS, OSA, etc... to further lock down the system and cover any gaps that WD doesn't cover.
Does that mean WD is perfect, no, it definitely has room for improvement, but it's far better now compared to when it first came out. For the record, every product has room to improve.
I also agree with @Andy Ful, some 3rd parties may do a slightly better job than WD for those who like to download cracks and stuff, but as we all know, this habit will still get them into trouble, as every product will miss things. It's why I'm not a fan of using a product as a substitute to educating users. One should never assume that if they use x product that they will never get infected, it will never be true unfortunately.
At the end if the day, choose which ever product works best for you, there are many great choices out there, but like it or not WD has improved enough that it is more than capable of replacing 3rd parties IMO.
IMHO WD has improved significantly both on the protection side and the performance side. I have had zero issues with WD, no FP issues and on both my systems I don't even notice it. Everyone will have different experiences and the same can be said for any product. TBH I've had more issues/annoyances with 3rd party AVs compared to WD. Furthermore, 3rd parties are getting more and more in the news for causing issues/conflicts compared to WD.
Tools like Configure defender make it super easy to tweak it if you so choose. If one wants to there are other programs such as syshardener, hard configurator, VS, OSA, etc... to further lock down the system and cover any gaps that WD doesn't cover.
Does that mean WD is perfect, no, it definitely has room for improvement, but it's far better now compared to when it first came out. For the record, every product has room to improve.
I also agree with @Andy Ful, some 3rd parties may do a slightly better job than WD for those who like to download cracks and stuff, but as we all know, this habit will still get them into trouble, as every product will miss things. It's why I'm not a fan of using a product as a substitute to educating users. One should never assume that if they use x product that they will never get infected, it will never be true unfortunately.
At the end if the day, choose which ever product works best for you, there are many great choices out there, but like it or not WD has improved enough that it is more than capable of replacing 3rd parties IMO.
Last edited by a moderator:
- Dec 23, 2014
- 8,510
I do not think so.
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign | Microsoft Security Blog
Update: Further analysis of this campaign points to a poisoned update for a peer-to-peer (P2P) application. For more information, read Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak. To detect and respond to Dofoil in corporate networks, read Hunting down Dofoil with Windows...
- Dec 23, 2014
- 8,510
Here is a nice summary of WD local and cloud features:
malwaretips.com
It is worth to remember that some of these features are available only in Windows E3 or E5 editions (for example Detonation-based ML, Reputation ML, Smart rules).
Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Windows Defender Antivirus is the next-generation protection component of Microsoft Defender...
malwaretips.com
It is worth to remember that some of these features are available only in Windows E3 or E5 editions (for example Detonation-based ML, Reputation ML, Smart rules).
Last edited:
That is extremely misleading, cause that is for the Windows Defender ATP, which is a Professional Suite, is far more advanced and secure than the Home Version of WD.Here is a nice summary of WD local and cloud features:
View attachment 215521
Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Windows Defender Antivirus is the next-generation protection component of Microsoft Defender...
It is worth to remember that some of these features are available only in Windows E3 or E5 editions (for example Detonation-based ML, Reputation ML, Smart rules).
The Home Version Behaviour Blocker is non-existent, Microsoft never mentioned Behaviour Blocker in the Home Version either, everytime they talk about it they addressing Windows Defender ATP (and how it detected the latest malware, etc).
All the settings you all so desperate to use and activate with custom configurators are all in the Windows Defender ATP with a proper UI and logs.
Last edited:
I may be wrong, maybe @Andy Ful can clarify, but from my understanding the home and enterprise versions are interlinked when it comes to cloud based protection, so if the home version finds something the business version is automatically protected and vice versa. I could be wrong though.
The cloud is connected, but the feature set and protection are entirely different different, he's trying to sell Windows Defender with a Windows Defender ATP article (which is far superior, and something I would recommend to companies, contrary to what I would do on Home Environments).
All this keeping in mind even the Cloud on WD in Home Environments is slow to update, the majorly of you are probably on outdated samples right now (which makes sense, considering Professional Environments that face 0-day, not Home Environments).
- Dec 23, 2014
- 8,510
Yes, the article is generally misleading, but not in the context of comparing Client ML with Cloud ML.
You are wrong. But it is probably not your fault, but Microsoft's. MS uses Windows Defender ATP in two different meanings.
- As Windows built-in features.
- As the software that can be installed on Windows Pro, E3, E5, etc. (but not on Windows Home) to manage 1.
In fact, Microsoft does not use the terminology 'Behaviour Blocker' but rather behavior monitoring.
Please read carefully the comparison table published by MS, and mentioned several times on MT forum:
especially the entry 'Runtime behavior monitoring' in the second table (Next Generation Protection).
Last edited:
- Dec 23, 2014
- 8,510
- Dec 23, 2014
- 8,510
That is true. Most MS articles do not mention that many advanced features are not available in Windows Home (as I already noted).
WD Cloud is updated on MS servers and any computer with WD and Internet connection can use it. What other clouds do you have in mind?
Last edited:
I guess the next question would be, does changing the cloud block level and cloud lookup time make a difference in terms of speed? Furthermore I think you can change the default signature update interval to 1 hour via powershell if you wanted too.
I agree with @Andy Ful, MS doesn't always explain themselves very well, hence all the confusion as to how WD really works and the technology is has. Dispite all the confusion, WD for home does share some of it's capabilities. It's just not the full feature set, but some its underlying technology is there in the home version, if I'm not mistaken.
Further on your last point. You are 100% correct about zero day malware. The chances of a home user running into a true zero day piece of malware is pretty much close to zero, no pun intended. Now if you are a business/enterprise, your chances are far higher, as the hackers leave their zero days for them, not home users.
The way I look at it, if there are people who like to download cracks and stuff and one feels like they won't change their habits you really only have 2 options IMO.
1. If they aren't relent on Windows, switch them to a Chromebook, or a linux distro.
2. If they need Windows, lock it down. No product will keep them infection free forever if they continue to practice poor habits.
Everyone blames the software for their troubles, but it's often what the person was doing that got them infected.
Even most major security breaches are the result of someone opening an email/attachment, or falling to a phishing scam, meanwhile the AV is sitting idly by not aware of anything going on.Similar threads
