- Mar 12, 2016
- 250
The question is easy, is there any program like Windiows Firewall Control but for microsoft defender ( spring update version ). Ty
Please provide comments and solutions that are helpful to the author of this topic.
Hello @BryanBYes, here: AndyFul/ConfigureDefender
maybe bcs these files are for " intrusive " on windows component and thats why it why some AV can see it like a potential trojan ? dont know will wait for confirmation for some1 who have tried already or something ^^Hello @BryanB
I cannot access this site "AndyFul", are you sure that it is clean ?
View attachment 188809
No, I don't know for sure but both github and Andy Ful are well respected.Hello @BryanB
I cannot access this site "AndyFul", are you sure that it is clean ?
View attachment 188809
Hello @BryanB
I cannot access this site "AndyFul", are you sure that it is clean ?
View attachment 188809
No, I don't know for sure but both github and Andy Ful are well respected.
It is clean, the problem is that Norton/Symantec is a piece of garbage that relies nowdays almost entirely on cloud detection and reputation, so it isnt a surprise to see it detecting harmless files (because of low prevalence), it is a False Positive galore.
I fully agree with Firecat (a wilders security forum member) about Symantec:
AV-Comparatives: Malware Protection Test - March 2018
Comparative Malware Protection Assessment
Thanks @DeletedmessiahIt is clean and Andy Ful is a well known member. See here, thread about Configure defender: ConfigureDefender utility for Windows 10
It is clean, the problem is that Norton/Symantec is a piece of garbage that relies nowdays almost entirely on cloud detection and reputation, so it isnt a surprise to see it detecting harmless files (because of low prevalence), it is a False Positive galore.
I fully agree with Firecat (a wilders security forum member) about Symantec:
AV-Comparatives: Malware Protection Test - March 2018
Comparative Malware Protection Assessment
Thanks @BryanB
Of course you are right ! VT said that this site is clean but Norton is not used for this analysis !
View attachment 188810
View attachment 188811
Thanks @Nightwalker
Firecat comments are very uplifting for me
Now my next aim is to change my antivirus !
@dJim is right. ConfigureDefender changes the Windows Defender settings. Most of them are not available for users on Windows Home versions (except when using PowerShell or reg tweaks). ConfigureDefender executables were sent to Microsoft for making a manual analysis, so they are already whitelisted by Defender. But, other AVs (like Norton) can flag them as malicious.
I don't know if we should write off Symantec because of their cloud component. It does work, there's no denying it, but as you said it will result in some false positives. I'm not being a Symantec apologist, but to be fair to them I don't know what major AV company doesn't use the cloud? Lets take Kaspersky for example, personally I think they offer some of the best protection out there, but the moment you disable KSN, you effectively kill a major portion of their detection/protection capabilities. Same goes for Eset, Bitdefender, heck even Windows Defender (there's many more vendors). I really don't think Microsoft is making the detection improvements they are making without their cloud component. IMO I think more, if not all Anti-Malware companies are moving more and more to the cloud. They cannot keep up with all the malware that is released everyday, so evidently, they need cloud/ML components to help.
I've seen false positives myself, for example when I was trialing Emsisoft a while back their cloud network would flag the uninstaller of new versions of Firefox. Does that mean Emsisoft is garbage? No, I just submitted the false positive to them. Another recent example for me was with the Malwarebytes extension. It was blocking some pages on Symantec's site for some odd reason (when I was looking for the uninstaller removal tool), so I guess I should just remove the Malwarebytes extension cause its garbage.
Don't get me wrong, false positives are annoying as heck, but sitting here crying about it is not going to fix it. Take the time to submit it to the vendor so they can fix it. As I mentioned, it happens to everyone, some are better at it than others, but we have to realize more and more of the industry is moving/relying on the cloud, so these things may become more common place, hopefully not too much though
I wouldn't necessary change your AV just because of what has been said here. As I mentioned above, false positives happen to everyone. Symantec is a great product, and unless you have been having some issues with it I wouldn't worry too much about what has been said here or else where. It's still your decision regardless
I am not criticizing the Cloud usage, I am criticizing Symantec overrelying in it and the False Positive galory that it causes, not mentioning the fact that Symantec seems to have forgot the importance of human analysts and traditional signatures/emulation/heuristics.
It isnt the same case with Kaspersky, it has great signatures and powerful heuristics without causing massive false positives even without KSN assistance, same situation with Eset, Bitdefender and Emsisoft.
Those antivirus solutions that you mentioned are actually very good, my problem is with the cloud troop and with the solutions that over-rely on URL detection (Trend Micro, Panda, Symantec) because if you change the infection vector you are screwed.
That's fair
It's very evident that Symantec's solution is very reputation based and very sledge hammer like. I'm no expert in how these cloud solutions work, but I think it really depends on what algorithms they use. Some of the vendors I mentioned may have much more refined algorithms (for those that know better, please feel free to correct me ), hence why they have less false positives. I guess the next question which is better? I mean in Symantec's case, it does work, but results in more false positives. Also, if something were to get past the URL detection (in Symantec's case), isn't this where SONAR would kick in? It's very evident that these companies have really taken the approach to block everything and anything that is not well known/used on the internet. To be fair, this is where quite a lot of malware infections come from (I know malware infections can come from many other places as well), so I can see their point of view.
Whether you agree with the approach or not, I think if you've run into a false positive and you KNOW its a false positive, just submit it so the vendor can correct it. For me anyways, even when I do get hit by a false positive (which is not very often, thank God), especially if its not a widely used program, I does give me pause to double check, which I don't think is necessarily a bad thing
Don't get me wrong, I've been been hit by false positives as you know, so I know it can be very annoying
I totally agree with you, but in Symantec's case there is a aggravating factor, it auto deletes by default and in some cases it doesnt do a quarantine backup, it is a nightmare for some kind of users.
SONAR is good, it is the best thing in their product, but the rest is totally unacceptable for me (it doesnt even have full databases by default !).
I would rather use a Anti-Executable than Norton ...
More info (old threads but the issue remains):
Norton deleted my bandmaster game installer!
Norton is loosing loyal customers, because automatic deleting of threats! :( | Norton Community
Norton Launches 2012 Products
Thanks @Andy Ful @Raiden and @Nightwalker for your comments.
An user had yet reported 20 days before that this detection is a false positive but Symantec have not corrected it.
I think that 3 weeks are a too long delay.
View attachment 188855
Hi @BryanB and @Andy FulYes, here: AndyFul/ConfigureDefender
It's ConfigureDefender_1.0.0.1.zip.