Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Windows Defender Hardening test vs Malware
Message
<blockquote data-quote="Andy Ful" data-source="post: 875004" data-attributes="member: 32260"><p>The results of this video are hard to interpret.</p><p></p><p>The optimistic interpretation:</p><p>All samples were detected, blocked or mitigated. There were some leftovers in the registry that tried to run nonexistent (quarantined) malware with Windows start.</p><p></p><p>The pessimistic interpretation:</p><p>Four samples infected the system and successfully got the persistence, although some malicious actions were partially blocked.</p><p></p><p>Unfortunately, this hardening was incomplete. In fact, only two options were improved over the default settings. The ASR rules and Network Protection were not activated and some settings were the default ones (did not require to be set by GPO).</p><p></p><p>The test setup was very different from the real-world scenario. The author tested (as usual) the scenario related to Enterprises - the samples were run from the local network. In this scenario, WD "Block At First Sight" feature does not work even if it was set by GPO in the video (unnecessarily, because it is activated by default).</p><p></p><p><strong>Such videos can be valuable only as a demonstration of AV features. The test results cannot show if the protection is very strong, good or rather average. </strong></p><p></p><p>So, we can thank the author for trying, even if there are some things that should be improved. By the way, it is hard to test WD because of its post-infection protection.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 875004, member: 32260"] The results of this video are hard to interpret. The optimistic interpretation: All samples were detected, blocked or mitigated. There were some leftovers in the registry that tried to run nonexistent (quarantined) malware with Windows start. The pessimistic interpretation: Four samples infected the system and successfully got the persistence, although some malicious actions were partially blocked. Unfortunately, this hardening was incomplete. In fact, only two options were improved over the default settings. The ASR rules and Network Protection were not activated and some settings were the default ones (did not require to be set by GPO). The test setup was very different from the real-world scenario. The author tested (as usual) the scenario related to Enterprises - the samples were run from the local network. In this scenario, WD "Block At First Sight" feature does not work even if it was set by GPO in the video (unnecessarily, because it is activated by default). [B]Such videos can be valuable only as a demonstration of AV features. The test results cannot show if the protection is very strong, good or rather average. [/B] So, we can thank the author for trying, even if there are some things that should be improved. By the way, it is hard to test WD because of its post-infection protection. [/QUOTE]
Insert quotes…
Verification
Post reply
Top