- Sep 5, 2017
- 1,168
- Content source
- https://youtu.be/N4Vex7l8jv4
Windows Defender Hardening test vs Malware
- Thread starter DDE_Server
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 4, 2018
- 2,261
- May 10, 2019
- 1,854
Yes, block at first sight and thousands of FPs.
dark_wielder
Level 2
- Mar 7, 2020
- 67
Even if the result is 101%, for some reason I can not trust to Windows Defender. Sign of paranoidness 
.
.
- Sep 5, 2017
- 1,168
i donot know why but i have the same opinionEven if the result is 101%, for some reason I can not trust to Windows Defender. Sign of paranoidness
- Jul 27, 2015
- 5,459
- Dec 23, 2014
- 8,119
The results of this video are hard to interpret.
The optimistic interpretation:
All samples were detected, blocked or mitigated. There were some leftovers in the registry that tried to run nonexistent (quarantined) malware with Windows start.
The pessimistic interpretation:
Four samples infected the system and successfully got the persistence, although some malicious actions were partially blocked.
Unfortunately, this hardening was incomplete. In fact, only two options were improved over the default settings. The ASR rules and Network Protection were not activated and some settings were the default ones (did not require to be set by GPO).
The test setup was very different from the real-world scenario. The author tested (as usual) the scenario related to Enterprises - the samples were run from the local network. In this scenario, WD "Block At First Sight" feature does not work even if it was set by GPO in the video (unnecessarily, because it is activated by default).
Such videos can be valuable only as a demonstration of AV features. The test results cannot show if the protection is very strong, good or rather average.
So, we can thank the author for trying, even if there are some things that should be improved. By the way, it is hard to test WD because of its post-infection protection.
The optimistic interpretation:
All samples were detected, blocked or mitigated. There were some leftovers in the registry that tried to run nonexistent (quarantined) malware with Windows start.
The pessimistic interpretation:
Four samples infected the system and successfully got the persistence, although some malicious actions were partially blocked.
Unfortunately, this hardening was incomplete. In fact, only two options were improved over the default settings. The ASR rules and Network Protection were not activated and some settings were the default ones (did not require to be set by GPO).
The test setup was very different from the real-world scenario. The author tested (as usual) the scenario related to Enterprises - the samples were run from the local network. In this scenario, WD "Block At First Sight" feature does not work even if it was set by GPO in the video (unnecessarily, because it is activated by default).
Such videos can be valuable only as a demonstration of AV features. The test results cannot show if the protection is very strong, good or rather average.
So, we can thank the author for trying, even if there are some things that should be improved. By the way, it is hard to test WD because of its post-infection protection.
Last edited:
It depends on the file. For very new files with very low prevalence, WD has a harder time when it comes to FPs. For well known and medium to high prevalence files, WD has no issues. The latter is the category most people will experience, so in the vast majority of cases WD will do fine with FPs. Interestingly enough WD fid really well with FPs in the latest AV comparatives test. Usually it struggles due to detecting the very low to low prevalence files.
Thankfully it wasn't 861 pieces of malware, would have been utter doom if it was.
- Mar 29, 2018
- 7,100
... if he still doesn't understand how WD works or how to test it! Thank you, Leo. And remember "Stay informed. Stay secure!"
- Dec 23, 2014
- 8,119
I can support the author a little - many authors do not understand how WD works and this is not only their fault (greetings to Microsoft).... if he still doesn't understand how WD works or how to test it! Thank you, Leo. And remember "Stay informed. Stay secure!"
I miss the part why he disable cloud scanning in defender settings (managed by administrator)
- Apr 15, 2020
- 227
Windows Defender is the default most widely used, so it's the first antivirus that hackers try to bypass when creating new threats.Even if the result is 101%, for some reason I can not trust to Windows Defender. Sign of paranoidness
The option to Join Microsoft MAPS (2:35 in the video) is what enables the cloud-delivered protection component of Windows Defender.
Source: Enable cloud-delivered protection - Under the section labeled 'Use Group Policy to enable cloud-delivered protection'
I know but he doesn't say why it was first disabled by him and he doesn't go back after the changes so nobody see the actually status.
Also his "funny" other video sequences are not very serious.
- Apr 1, 2019
- 2,763
This is one reason why people are uncertain/uncomfortable about using Defender, despite it being pretty capable. You don’t always know what’s going on if you don’t know where to look, or have a Home version. And they don’t do a good job disseminating the information (just like a lot of other windows features).I can support the author a little - many authors do not understand how WD works and this is not only their fault (greetings to Microsoft).
Sure, OpenSource fix everything...like 20 years old security holes in Linux
Or lack or important security stuff in Linux until today.
Ah and don't forget the highly fragmentation with poorly help for other distri cause they're all enemy's (their distri is best, other su**s).
OpenSource is good and important but not the ultimate solution to everything until community learn how to work together
Wmic is deprecated. Powershell is the new way.
I wrote about Linux because it's most argument in OpenSource and in fact it is insecure. Also already written the kernel miss important security stuff windows had.
You should read posts from Daniel Micay why that's the case.
Also a big problem in OpenSource is lack of maintenance and high costs which mostly end in project dead
Edit: my post was related to russeledgar
I only miss quote his long post.
I wrote about Linux because it's most argument in OpenSource and in fact it is insecure. Also already written the kernel miss important security stuff windows had.
You should read posts from Daniel Micay why that's the case.
Also a big problem in OpenSource is lack of maintenance and high costs which mostly end in project dead
Edit: my post was related to russeledgar
I only miss quote his long post.
Last edited by a moderator:
- Dec 23, 2014
- 8,119
This reasoning would make useless Universities, NASA, etc. But, even if such reasoning is faulty in my opinion, you are right that security forums cannot help most people directly. Anyway, the help can be delivered indirectly, when MT reader wants to manage the friend's computer. Furthermore, MT is one of the many forums, so it is not hard to find valuable information about computer problems.
I would disagree with you if you think that Leo's influence on computer users is more important than a well known security forum.
That is normal. You have to read many posts, and usually, there will be some posts that can expand your knowledge. Of course, security forums like MT or Wilderssecurity are not focused on learning their readers. People here also like to discuss, share information, etc.
It seems that the most valuable information for home users about WD you can find on MT forum.
- Mar 16, 2019
- 3,633
Even though WD did well here Leo couldn't stop himself from making fun of WD. Typical mentality of him. At the start of the video he said, he's been following WD since the beginning and knows how it works. Lol, he still doesn't know very well how it works. WD used less than 40% CPU during this test yet he said the CPU usage was over 50% and also acted like it was bad, too high. While Bitdefender in similar tests, uses over 90% CPU during testing but back then he said it was fine because the higher the CPU usage the faster the threats will be taken care of. After this test he also poked fun saying if you have 24 cores CPU then you may afford to make this changes. Really! Are you kidding me! This is the guy you think knows how WD works! What a d**k! Two faced clown.
Everyone should also remember that Leo works for Emsisoft and making fun of WD is like a part of his job. I've seen Emsisoft employees throwing unnecessary shades on WD on their support forum as well as in Emsisoft Emergency Kit which they only removed after I made a complaint.
Everyone should also remember that Leo works for Emsisoft and making fun of WD is like a part of his job. I've seen Emsisoft employees throwing unnecessary shades on WD on their support forum as well as in Emsisoft Emergency Kit which they only removed after I made a complaint.
- May 10, 2019
- 1,854
That's why I prefer the approach followed, while a bit differently, by Norton, Kaspersky, and Eset. They use cloud and show you how many people use a file and when it was first seen and whatsoever
Similar threads
