Windows Defender Antivirus cloud protection service: Advanced real-time defense against...

Status
Not open for further replies.

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
New features revealed for Exploit Guard
Use Windows Defender Exploit Guard to protect your corporate network

1. Exploit Protection can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps

2. Attack Surface Reduction rules can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware.
Rules can be found here: Use Attack Surface Reduction rules to prevent malware infection
- Block executable content from email client and webmail
- Block Office applications from creating child processes
- Block Office applications from creating executable content
- Block Office applications from injecting into other processes
- Impede JavaScript and VBScript to launch executables
- Block execution of potentially obfuscated scripts
- Block Win32 imports from Macro code in Office

3. Network Protection extends the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity on your organization's devices
More details here: Use Network Protection to prevent connections to suspicious domains
It expands the scope of Windows Defender SmartScreen to block all outboud HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).

4. Controlled Folder Access helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware
More details here: Prevent ransomware and other threats from encrypting and changing important files
All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.


(I want to thank Martin_C over at Wilderssecurity for sharing this info here: Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs)
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396

Danielx64

Level 10
Verified
Well-known
Mar 24, 2017
481
No. It is supposed to run independent of the browser. I think I figured out why Network Protection is not kicking in. I am using a 3rd party firewall. It probably disabled itself.
Yeah because I tested on my end and it also didn't work as well. But I also used OO Shutup10 as well that may made a different
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Yeah because I tested on my end and it also didn't work as well. But I also used OO Shutup10 as well that may made a different
I really want to see a system where it is working. The folks over at Wilderssecurity are also struggling to enable it. I'm in the same boat as you are. I don't know what I might have disabled that is breaking this but my hypothesis is that Network Protection requires Windows Firewall to be the only firewall.

It doesn't help that the documentation leaves a lot to be desired. You would think Microsoft would enable this out of the box. :ROFLMAO:
 

boredog

Level 9
Verified
Jul 5, 2016
416
I really want to see a system where it is working. The folks over at Wilderssecurity are also struggling to enable it. I'm in the same boat as you are. I don't know what I might have disabled that is breaking this but my hypothesis is that Network Protection requires Windows Firewall to be the only firewall.

It doesn't help that the documentation leaves a lot to be desired. You would think Microsoft would enable this out of the box. :ROFLMAO:

And so are your options greyed out so you can not change them? I use TinyWall and all my setting are still working. Set up and use Windows Defender SmartScreen on individual devices (Windows 10)
 
  • Like
Reactions: ZeroDay

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
And so are your options greyed out so you can not change them? I use TinyWall and all my setting are still working. Set up and use Windows Defender SmartScreen on individual devices (Windows 10)
Not the same thing. The regular Smartscreen is already functioning. There is a new Windows Defender Network Protection which works system-wide instead of just the Microsoft browsers. It's basically a web filter that uses Smartscreen.
Use Network protection to help prevent connections to bad sites
KvVtSWe.png


But it only seems to be working on a few computers so something is clearly funny here. My guess is
1) I changed some privacy settings that won't allow it anymore
and/or
2) It is tied to Windows Defender Firewall and disables itself the moment you install a 3rd party firewall.

I wish I had another machine to test my hypothesis.
 
Last edited:
  • Like
Reactions: ZeroDay

boredog

Level 9
Verified
Jul 5, 2016
416
Not the same thing. The regular Smartscreen is already functioning. There is a new Windows Defender Network Protection which works system-wide instead of just the Microsoft browsers. It's basically a web filter that uses Smartscreen.
Use Network protection to help prevent connections to bad sites
KvVtSWe.png


But it only seems to be working on a few computers so something is clearly funny here. My guess is
1) I changed some privacy settings that won't allow it anymore
and/or
2) It is tied to Windows Defender Firewall and disables itself the moment you install a 3rd party firewall.

I wish I had another machine to test my hypothesis.

Ok I must be misunderstanding. I only know of the two different smart screens for Defender. One is enabled right in either IE or Edge and the other is enabled in DEfender advanced settings at the bottom. I have included screen shorts for both locations. And I checked, disabling in one place doen't disable in the other.
ScreenHunter_85 Dec. 11 09.57.jpg
ScreenHunter_86 Dec. 11 09.58.jpg
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I love how Windows Defender is completely unable to recover from a corrupted definition update or database. Actually irritated that Microsoft's entire defense falls because of their shoddy update servers, god help you if you are using Microsoft update. I've tried everything to repair and reset WD with no success. The only way to repair it is to reinstall Windows 10. This is why we can't have nice things.
 
P

plat1098

Well, here's a little more on Windows Defender "network protection." I was able to load two test websites using a third party browser (Chrome), however, these were blocked via Smart Screen using Microsoft Edge. So I'm still not clear about how "system-wide" this really is. Maybe there will be a "fix" down the road, like seemingly dozens of other things.

Turn Network protection on

Conduct a demo to see how Network protection works

Credits.

Insofar as Windows Defender failures, you just know when something more "wrong" with your OS so I've repair-installed Windows, actually more than once in Fall CU. I
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
@plat1098 Thank you. As far as I am concerned I just want Windows Defender to be disabled as much as possible. The idea behind it is great but Microsoft continues to drop the ball on just making it work. Like someone else already said, people will prefer 3rd party AVs over WD as long as it's actually more complicated to deal with Windows Defender than it is to deal with a 3rd party AV.

I ran the Microsoft tool to test ASR and Network Protection using F-Secure AV and Comodo FW. First of all, Comodo sandboxed it right away (thanks cruelsister). So I had to disable Auto-containment. All attempts were blocked by either Comodo or F-Secure. Very happy. If you want Network Protection, just use Comodo Firewall using Cruelsister's settings. At least you know it will work consistently. Microsoft's Windows Defender remains a blackbox that leaves many questions unanswered.
 
Last edited:

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Not the same thing. The regular Smartscreen is already functioning. There is a new Windows Defender Network Protection which works system-wide instead of just the Microsoft browsers. It's basically a web filter that uses Smartscreen.
Use Network protection to help prevent connections to bad sites
KvVtSWe.png


But it only seems to be working on a few computers so something is clearly funny here. My guess is
1) I changed some privacy settings that won't allow it anymore
and/or
2) It is tied to Windows Defender Firewall and disables itself the moment you install a 3rd party firewall.

I wish I had another machine to test my hypothesis.
Would software like Windows firewall control work with the network protection seeing as they're only snap in's?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top