Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Windows Defender disabled by malware
Message
<blockquote data-quote="Andy Ful" data-source="post: 938323" data-attributes="member: 32260"><p>You should not say this. It is clear that your knowledge about the current Defender's anti-script protection requires the update. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p>Anyway, it is true that any popular Home AV on default settings has only mediocre anti-script protection.</p><p></p><p>Microsoft knows better if it is useless or not on the basis of successful attacks in the wild. It can be probably sufficient for now, but far from being a comprehensive solution - still, the attack surface is too big. Some other AVs (like Kaspersky) have stronger anti-tampering (the AV services cannot be disabled even with TrustedInstaller privileges).</p><p></p><p>You are right that the method of the attack from the OP is clearly a kind of vulnerability. It could be used in the wild as a primary infection vector (sometimes even successfully). Fortunately, <strong>it has also many drawbacks as</strong><span style="color: rgb(184, 49, 47)"><strong> the primary infection vector </strong></span><strong>so it is very unpopular despite the fact that it is known for many years</strong>.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p>Do you know any example of such an attack in the wild? I know only the examples where this method was used by the malware as one of many post-infection actions (not primary infection vector).</p><p>Furthermore, this method can be easily detected by behavior-based modules. If it is not for now (I do not know) then this would strongly suggest that it is not used in the wild as a primary infection vector (or used very rarely).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 938323, member: 32260"] You should not say this. It is clear that your knowledge about the current Defender's anti-script protection requires the update. :) Anyway, it is true that any popular Home AV on default settings has only mediocre anti-script protection. Microsoft knows better if it is useless or not on the basis of successful attacks in the wild. It can be probably sufficient for now, but far from being a comprehensive solution - still, the attack surface is too big. Some other AVs (like Kaspersky) have stronger anti-tampering (the AV services cannot be disabled even with TrustedInstaller privileges). You are right that the method of the attack from the OP is clearly a kind of vulnerability. It could be used in the wild as a primary infection vector (sometimes even successfully). Fortunately, [B]it has also many drawbacks as[/B][COLOR=rgb(184, 49, 47)][B] the primary infection vector [/B][/COLOR][B]so it is very unpopular despite the fact that it is known for many years[/B].(y) Do you know any example of such an attack in the wild? I know only the examples where this method was used by the malware as one of many post-infection actions (not primary infection vector). Furthermore, this method can be easily detected by behavior-based modules. If it is not for now (I do not know) then this would strongly suggest that it is not used in the wild as a primary infection vector (or used very rarely). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
