Windows Defender Antivirus cloud protection service: Advanced real-time defense against...

Discussion in 'Microsoft' started by MalwareTips Bot, Jul 18, 2017.

  1. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,305
    5,770
    Far East
    #21 HarborFront, Jul 26, 2017
    Last edited: Jul 26, 2017
    Can't find them. Thanks

    Using Win 10 Pro
     
  2. ZeroDay

    ZeroDay Level 22

    Aug 17, 2013
    1,118
    3,188
    Birmingham UK
    Windows 10
    Kaspersky
    Are you using the insider preview?
     
  3. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,305
    5,770
    Far East
    No. The home Win 10 Pro 64-bit
     
  4. ZeroDay

    ZeroDay Level 22

    Aug 17, 2013
    1,118
    3,188
    Birmingham UK
    Windows 10
    Kaspersky
    These are new features in the insider preview
     
    HarborFront likes this.
  5. Azure Phoenix

    Azure Phoenix Level 19

    Oct 23, 2014
    923
    2,470
    Puerto Rico
    New features revealed for Exploit Guard
    Use Windows Defender Exploit Guard to protect your corporate network

    1. Exploit Protection can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps

    2. Attack Surface Reduction rules can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware.
    Rules can be found here: Use Attack Surface Reduction rules to prevent malware infection
    - Block executable content from email client and webmail
    - Block Office applications from creating child processes
    - Block Office applications from creating executable content
    - Block Office applications from injecting into other processes
    - Impede JavaScript and VBScript to launch executables
    - Block execution of potentially obfuscated scripts
    - Block Win32 imports from Macro code in Office

    3. Network Protection extends the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity on your organization's devices
    More details here: Use Network Protection to prevent connections to suspicious domains
    It expands the scope of Windows Defender SmartScreen to block all outboud HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).

    4. Controlled Folder Access helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware
    More details here: Prevent ransomware and other threats from encrypting and changing important files
    All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.


    (I want to thank Martin_C over at Wilderssecurity for sharing this info here: Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs)
     
  6. boredog

    boredog Level 8

    Jul 5, 2016
    397
    831
    Retired
    usa
    Windows 10
    Malwarebytes
    The latest insider build is 17046
     
    GonzitoVir likes this.
  7. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    440
    1,428
    Nurse
    On a journey
    Windows 10
    Emsisoft
    plat1098 and GonzitoVir like this.
  8. Danielx64

    Danielx64 Level 8

    Mar 24, 2017
    396
    1,692
    Australia
    Windows 10
    ESET
    Would it because it only affect Microsoft browsers?
     
    ZeroDay, plat1098 and DeepWeb like this.
  9. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    440
    1,428
    Nurse
    On a journey
    Windows 10
    Emsisoft
    No. It is supposed to run independent of the browser. I think I figured out why Network Protection is not kicking in. I am using a 3rd party firewall. It probably disabled itself.
     
    ZeroDay and plat1098 like this.
  10. Danielx64

    Danielx64 Level 8

    Mar 24, 2017
    396
    1,692
    Australia
    Windows 10
    ESET
    Yeah because I tested on my end and it also didn't work as well. But I also used OO Shutup10 as well that may made a different
     
    ZeroDay, plat1098 and DeepWeb like this.
  11. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    440
    1,428
    Nurse
    On a journey
    Windows 10
    Emsisoft
    I really want to see a system where it is working. The folks over at Wilderssecurity are also struggling to enable it. I'm in the same boat as you are. I don't know what I might have disabled that is breaking this but my hypothesis is that Network Protection requires Windows Firewall to be the only firewall.

    It doesn't help that the documentation leaves a lot to be desired. You would think Microsoft would enable this out of the box. :ROFLMAO:
     
    ZeroDay and plat1098 like this.
  12. boredog

    boredog Level 8

    Jul 5, 2016
    397
    831
    Retired
    usa
    Windows 10
    Malwarebytes
    And so are your options greyed out so you can not change them? I use TinyWall and all my setting are still working. Set up and use Windows Defender SmartScreen on individual devices (Windows 10)
     
    ZeroDay likes this.
  13. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    440
    1,428
    Nurse
    On a journey
    Windows 10
    Emsisoft
    #33 DeepWeb, Dec 10, 2017
    Last edited: Dec 10, 2017
    Not the same thing. The regular Smartscreen is already functioning. There is a new Windows Defender Network Protection which works system-wide instead of just the Microsoft browsers. It's basically a web filter that uses Smartscreen.
    Use Network protection to help prevent connections to bad sites
    [​IMG]

    But it only seems to be working on a few computers so something is clearly funny here. My guess is
    1) I changed some privacy settings that won't allow it anymore
    and/or
    2) It is tied to Windows Defender Firewall and disables itself the moment you install a 3rd party firewall.

    I wish I had another machine to test my hypothesis.
     
    ZeroDay likes this.
  14. Danielx64

    Danielx64 Level 8

    Mar 24, 2017
    396
    1,692
    Australia
    Windows 10
    ESET
    One could fireupVMware player and put a copy of windows in it and see that way :)
     
    ZeroDay likes this.
  15. boredog

    boredog Level 8

    Jul 5, 2016
    397
    831
    Retired
    usa
    Windows 10
    Malwarebytes
    Ok I must be misunderstanding. I only know of the two different smart screens for Defender. One is enabled right in either IE or Edge and the other is enabled in DEfender advanced settings at the bottom. I have included screen shorts for both locations. And I checked, disabling in one place doen't disable in the other. ScreenHunter_85 Dec. 11 09.57.jpg ScreenHunter_86 Dec. 11 09.58.jpg
     
  16. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    440
    1,428
    Nurse
    On a journey
    Windows 10
    Emsisoft
    I love how Windows Defender is completely unable to recover from a corrupted definition update or database. Actually irritated that Microsoft's entire defense falls because of their shoddy update servers, god help you if you are using Microsoft update. I've tried everything to repair and reset WD with no success. The only way to repair it is to reinstall Windows 10. This is why we can't have nice things.
     
    ZeroDay and Cats-4_Owners-2 like this.
  17. plat1098

    plat1098 Level 5

    Aug 23, 2017
    230
    1,341
    Brooklyn
    Windows 10
    Microsoft
    Well, here's a little more on Windows Defender "network protection." I was able to load two test websites using a third party browser (Chrome), however, these were blocked via Smart Screen using Microsoft Edge. So I'm still not clear about how "system-wide" this really is. Maybe there will be a "fix" down the road, like seemingly dozens of other things.

    Turn Network protection on

    Conduct a demo to see how Network protection works

    Credits.

    Insofar as Windows Defender failures, you just know when something more "wrong" with your OS so I've repair-installed Windows, actually more than once in Fall CU. I
     
    ZeroDay, harlan4096 and DeepWeb like this.
  18. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    440
    1,428
    Nurse
    On a journey
    Windows 10
    Emsisoft
    #38 DeepWeb, Dec 16, 2017
    Last edited: Dec 17, 2017
    @plat1098 Thank you. As far as I am concerned I just want Windows Defender to be disabled as much as possible. The idea behind it is great but Microsoft continues to drop the ball on just making it work. Like someone else already said, people will prefer 3rd party AVs over WD as long as it's actually more complicated to deal with Windows Defender than it is to deal with a 3rd party AV.

    I ran the Microsoft tool to test ASR and Network Protection using F-Secure AV and Comodo FW. First of all, Comodo sandboxed it right away (thanks cruelsister). So I had to disable Auto-containment. All attempts were blocked by either Comodo or F-Secure. Very happy. If you want Network Protection, just use Comodo Firewall using Cruelsister's settings. At least you know it will work consistently. Microsoft's Windows Defender remains a blackbox that leaves many questions unanswered.
     
    ZeroDay and plat1098 like this.
  19. ZeroDay

    ZeroDay Level 22

    Aug 17, 2013
    1,118
    3,188
    Birmingham UK
    Windows 10
    Kaspersky
    Would software like Windows firewall control work with the network protection seeing as they're only snap in's?
     
Loading...