- Dec 23, 2014
- 8,543
Yes. You really do not like Defender. There is no support for your claims either on Malware Hub or in the AV testing Labs. Furthermore, the tests on MH are very old and do not include AMSI-based post-execution detections. You can see how invasive they can be in this thread:In Home AVs, you better off relying on Behaviour Blockers like System Watcher.
I don't even need to go far to see both Kaspersky and WD in action on the Malware Hub, which confirms how poor WD is against scripts even with your configuration, in comparison to Kaspersky.
https://malwaretips.com/threads/how...ven-vbs-script-as-containing-a-threat.107234/
Both Kaspersky (on default settings) and Defender have good anti-script protection compared to other AVs. But, on default settings, this protection is still insufficient. Kaspersky has the advantage that it can be configured to block scripts unknown in KSN - this setup is even stronger as compared to Defender with ASR rules.
The article is about scripts (and some other methods) running inside the web browser. It has also nothing to do with AMSI. Defender on default settings does not cover this attack vector at all. It can be prevented (in a great deal) by the web browser's built-in features (like SmartScreen) and Adblockers. Furthermore, it was agreed in that thread (and was mentioned in the article) that such attacks must also exploit the web browser (or system) to infect the system without user interaction.We even had a recent example here, Q&A - Drive-by downloads: Can you get malware just from visiting a website?
Your personal experience is irrelevant. There are known professional tests that do not support your experience at all. A few months ago I bypassed AVG anti-script protection with dozens of scripts and I do not insist that it has poor protection. On the contrary, after obfuscating the scripts AVG blocked them all.Kaspersky blocked the custom script I wrote for testing that, while WD didn't even flinch as I expected, so much for that superior script protection you rely so much on.
It seems that you do not know that AMSI does not detect anything.AMSI is pretty basic and it won't detect a good chunk of scripts, there's a good reason AMSI is complemented by Windows Defender ATP monitoring in the Enterprise, in the case of Kaspersky they have Adaptive Anomaly Control.
I would like to stop our discussion here, because my experience and understanding of Defender protection is very different from yours. It also clear that we both can hardly agree on something without hundreds of posts and making all readers asleep.
Be safe.
Last edited: