Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Windows Defender disabled by malware
Message
<blockquote data-quote="Andy Ful" data-source="post: 938537" data-attributes="member: 32260"><p>Yes. You really do not like Defender. There is no support for your claims either on Malware Hub or in the AV testing Labs. Furthermore, the tests on MH are very old and do not include AMSI-based post-execution detections. You can see how invasive they can be in this thread:</p><p>[URL unfurl="false"]https://malwaretips.com/threads/how-to-prevent-efficiently-defender-from-considering-a-given-vbs-script-as-containing-a-threat.107234/[/URL]</p><p>Both Kaspersky (on default settings) and Defender have good anti-script protection compared to other AVs. But, on default settings, this protection is still insufficient. Kaspersky has the advantage that it can be configured to block scripts unknown in KSN - this setup is even stronger as compared to Defender with ASR rules.</p><p></p><p>The article is about scripts (and some other methods) running inside the web browser. It has also nothing to do with AMSI. Defender on default settings does not cover this attack vector at all. It can be prevented (in a great deal) by the web browser's built-in features (like SmartScreen) and Adblockers. Furthermore, it was agreed in that thread (and was mentioned in the article) that such attacks must also exploit the web browser (or system) to infect the system without user interaction.</p><p></p><p>Your personal experience is irrelevant. There are known professional tests that do not support your experience at all. A few months ago I bypassed AVG anti-script protection with dozens of scripts and I do not insist that it has poor protection. On the contrary, after obfuscating the scripts AVG blocked them all.</p><p></p><p>It seems that you do not know that AMSI does not detect anything. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite132" alt=":unsure:" title="Unsure :unsure:" loading="lazy" data-shortname=":unsure:" /></p><p></p><p>I would like to stop our discussion here, because my experience and understanding of Defender protection is very different from yours. It also clear that we both can hardly agree on something without hundreds of posts and making all readers asleep.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>Be safe.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 938537, member: 32260"] Yes. You really do not like Defender. There is no support for your claims either on Malware Hub or in the AV testing Labs. Furthermore, the tests on MH are very old and do not include AMSI-based post-execution detections. You can see how invasive they can be in this thread: [URL unfurl="false"]https://malwaretips.com/threads/how-to-prevent-efficiently-defender-from-considering-a-given-vbs-script-as-containing-a-threat.107234/[/URL] Both Kaspersky (on default settings) and Defender have good anti-script protection compared to other AVs. But, on default settings, this protection is still insufficient. Kaspersky has the advantage that it can be configured to block scripts unknown in KSN - this setup is even stronger as compared to Defender with ASR rules. The article is about scripts (and some other methods) running inside the web browser. It has also nothing to do with AMSI. Defender on default settings does not cover this attack vector at all. It can be prevented (in a great deal) by the web browser's built-in features (like SmartScreen) and Adblockers. Furthermore, it was agreed in that thread (and was mentioned in the article) that such attacks must also exploit the web browser (or system) to infect the system without user interaction. Your personal experience is irrelevant. There are known professional tests that do not support your experience at all. A few months ago I bypassed AVG anti-script protection with dozens of scripts and I do not insist that it has poor protection. On the contrary, after obfuscating the scripts AVG blocked them all. It seems that you do not know that AMSI does not detect anything. :unsure: I would like to stop our discussion here, because my experience and understanding of Defender protection is very different from yours. It also clear that we both can hardly agree on something without hundreds of posts and making all readers asleep.:) Be safe.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
