Advice Request Windows Defender & October Update

[Andy Ful]

I agree with @Lockdown that disabling PowerShell is generally a good idea (H_C recommended settings block PowerShell sponsors on all WIndows versions prior to windows 10).
Yet, the malware which is running as standard user (not elevated) cannot change the Language Mode, neither by PowerShell commands nor by the reg tweak.
Can Constrained Language Mode be bypassed for malicious tasks? Yes, there are some (not easy) ways.
PowerShell Constrained Language Mode is OK when used with default-deny setup.

 

[shmu26]

Thanks for the clarifications, Andy. I didn't realize that SRP had different rules for SUA and Admin accounts.

 

[Andy Ful]

Thanks for the clarifications, Andy. I didn't realize that SRP had different rules for SUA and Admin accounts.

I probably used not precise words. I did not mean the different accounts. There will be different accounts involved when you will start the process from SUA and let it elevate. But, when the process has been started from Admin account as standard user (= not elevated = medium rights or lower) and can elevate, then it is still running on Admin account. So, SRP is not related to SUA or Admin accounts, but to the privilege level of the process. The same is true for file execution blocking by SRP (default-deny).

 

[shmu26]

I probably used not precise words. I did not mean the different accounts. There will be different accounts involved when you will start the process from SUA and let it elevate. But, when the process has been started from Admin account as standard user (= not elevated = medium rights or lower) and can elevate, then it is still running on Admin account. So, SRP is not related to SUA or Admin accounts, but to the privilege level of the process. The same is true for file execution blocking by SRP (default-deny).

Okay, now it's clear.

 

[Eddie Morra]

People use it to protect them all the time and when you configure it properly, it becomes a lot better. However, the documentation sucks, so you're going to want to use something like Hard_Configurator or advice from others here for the rules on group policies, etc.

For a novice user, Windows Defender is probably a bad idea though. It's a lot easier for a traditional user to use a third-party full suite to cover more areas and then focus on safe practices (but let's be honest, sadly most don't care enough to learn, and then end up making bad decisions and becoming a victim anyway).

 

[Andy Ful]

Windows Defender security is not an easy problem, because there is not agreement between the experts.
The average user (inexperienced user) on Windows 10 will not see the difference in usability between WD and more configurable AVs. Many MalwareTips members can see the difference and usually prefer 3rd party AVs. Advanced AVs (like Kaspersky) can cover more vectors of attack, but they can have some problems with stability on Windows 10, because the OS is constantly and quickly evolving.
The advanced AV on Windows 10 can sometimes cause the same headache as malware, because of broken Windows Updates and conflicts with some applications.
There is no easy solution.

 

[Nightwalker]

IMO there are very few antivirus solutions nowadays that are actually better than the native, FREE and no hassle Windows Defender.

Solutions like Default-Deny products, Comodo with @cruelsister settings, Kaspersky, ESET and Emsisoft are without a doubt superior to the protection offered by default settings of Windows Defender, but many other solutions are simple subpar compared to it.

If you think that your great signature solution is much better than Windows Defender you should think twice.

 

[509322]

Windows Defender security is not an easy problem, because there is not agreement between the experts.
The average user (inexperienced user) on Windows 10 will not see the difference in usability between WD and more configurable AVs. Many MalwareTips members can see the difference and usually prefer 3rd party AVs. Advanced AVs (like Kaspersky) can cover more vectors of attack, but they can have some problems with stability on Windows 10, because the OS is constantly and quickly evolving.
The advanced AV on Windows 10 can sometimes cause the same headache as malware, because of broken Windows Updates and conflicts with some applications.
There is no easy solution.

It is a funny thing, but true.

IT security veterans who have tried just about everything under the sun over the span of years, usually end up using default deny.

Gee, I wonder why that is ?

 

[Eddie Morra]

If you think that your great signature solution is much better than Windows Defender you should think twice.

Don't worry... Baidu died a long time ago.

IMO they used to steal detection's from ESET using VirusTotal. It's an opinion for legal protection. They can deny it if they aren't dead and one day see this post, but I know what I saw on a regular basis. Pretty sure they ripped detection names from Microsoft as well.

This was in 2014. I haven't heard of Baidu since at-least 2015.

 

[509322]

IMO there are very few antivirus solutions nowadays that are actually better than the native, FREE and no hassle Windows Defender.

Solutions like Default-Deny products, Comodo with @cruelsister settings, Kaspersky, ESET and Emsisoft are without a doubt superior to the protection offered by default settings of Windows Defender, but many other solutions are simple subpar compared to it.

If you think that your great signature solution is much better than Windows Defender you should think twice.

Native Windows security suxx on Windows Home and Pro because Microsoft made it that way. Actually, I can argue that the sukinex is even worse on Enterprise. At the Enterprise Windows level it is all about default deny... lockdown\lockdown.

For all Microsoft security... No documentation, difficult to figure out, hard to configure, a real pain to maintain, in short... an excessive administrative burden.

Anyhow, I never got infected despite my malware and malicious script antics when Windows Defender was enabled. I did once encrypt my Dropbox because I got distracted, lost focus, and didn't pay attention. :X3:

SRP and tweaked Windows Defender Security Center is a good combo. No one can deny it. No one. It isn't perfect, but it sure is one helluva speed-bump for the malc0ders and hacks to contend with. Sufficient to make all but the most determined and motivated to give up.

Default Windows security suxx. Period. There are gaping holes in it by design... by Microsoft intent !

At the end of the day, people want to install a security soft and expect it to do everything for them. No one wants to have to think, respond, work or otherwise do a thing. Heck, the publishers are lucky if the person paid for the license.

 

[Nightwalker]

Don't worry... Baidu died a long time ago.

IMO they used to steal detection's from ESET using VirusTotal. It's an opinion for legal protection. They can deny it if they aren't dead and one day see this post, but I know what I saw on a regular basis. Pretty sure they ripped detection names from Microsoft as well.

This was in 2014. I haven't heard of Baidu since at-least 2015.

Even now there are many antivirus vendors ripping Microsoft, ESET and Kaspersky detections ...

Kaspersky defends false detection experiment

 

[Eddie Morra]

The linked-to article is from a test in 2010. I know what you mean though. I agree that detection ripping is commonly done against Microsoft, ESET and Kaspersky. I've seen it more towards Microsoft and ESET though in terms of detection name ripping.

I still remember all those vendors that tried to get away with stealing IP from Malwarebytes - which was literally outright illegal on copyright infringement and blatant theft. That was some funny stuff to read (them being baited, not the actual theft, obviously...). Remember IObit? Remember Yet Any Cleaner (YAC)? There was another one baited a few months ago as well. Funny stuff. I love Malwarebytes for those exposures.

IObit somehow managed to survive even after sort of blaming their users. YAC? They pretty much died after the exposure. I haven't heard of them since. Until now in my own post. They sucked from the start anyway.

 

[LDogg]

Remember IObit? Remember Yet Any Cleaner (YAC)? There was another one baited a few months ago as well. Funny stuff. I love Malwarebytes for those exposures.

IObit somehow managed to survive even after sort of blaming their users. YAC? They pretty much died after the exposure. I haven't heard of them since. Until now in my own post. They sucked from the start anyway.

I remember this happening back in the day. Unfortunately they're still around and some people even on here still use there software. Advanced Systemcare is one main software people still use. However not many do.

~LDogg

 

[Eddie Morra]

Native Windows security suxx on Windows Home and Pro because Microsoft made it that way. Actually, I can argue that the sukinex is even worse on Enterprise. At the Enterprise Windows level it is all about default deny... lockdown\lockdown.

A few months ago on a personal machine of mine, I enabled BitLocker. Do you want to know what happened? It wanted to reboot to do a few tests before going ahead with the encryption, and then bricked my Windows installation. I kid you not. It screwed up mid-encryption after the tests passed successfully, and then just totally bricked the Windows installation, leaving all the data it had already started to encrypt permanently lost.

Obviously I had a backup because I am not a retard, but I was pretty annoyed about it.

I still use BitLocker to this day, but that time was just annoying. You can bet this happened to someone else, and you can bet it happened to someone else who didn't have a backup. LOL.

 

[509322]

A few months ago on a personal machine of mine, I enabled BitLocker. Do you want to know what happened? It wanted to reboot to do a few tests before going ahead with the encryption, and then bricked my Windows installation. I kid you not. It screwed up mid-encryption after the tests passed successfully, and then just totally bricked the Windows installation, leaving all the data it had already started to encrypt permanently lost.

Obviously I had a backup because I am not a retard, but I was pretty annoyed about it.

I still use BitLocker to this day, but that time was just annoying. You can bet this happened to someone else, and you can bet it happened to someone else who didn't have a backup. LOL.

I tell @SHvFl about BitLocker as a menace, but he never experienced it. I know what you're talking about because I've seen it countless times. BitLocker causes lots of problems, just like VeraCrypt, TrueCrypt, etc.

 

[shmu26]

Windows Defender in 1809 seems to have a better memory, and that is good.
After shutting down the computer and restarting, it did not perform the initial, long check when launching software that was launched before.

 

[509322]

Windows Defender in 1809 seems to have a better memory, and that is good.
After shutting down the computer and restarting, it did not perform the initial, long check when launching software that was launched before.

Enjoy it while you can... until the next borking Windows update comes along and unravels your wonderful Windows 10 1809 experience.

I've known such nice periods of pleasingly fluid and trouble-free Windows.

They don't last for very long.

All thanks to Microsoft.

 

[Bikeman0I17]

After using Avast Free for the last 10 or 11 or more years, decided when I installed 1809 earlier this week to give Defender a shot and see if I liked it better than when i tried in the past, Performance not too bad right now, but no idea how its gonna behave in a few weeks from now. I guess if I have any problems, then back to Avast Free on I7 Desktop and Laptop machines.

 

[LDogg]

After using Avast Free for the last 10 or 11 or more years, decided when I installed 1809 earlier this week to give Defender a shot and see if I liked it better than when i tried in the past, Performance not too bad right now, but no idea how its gonna behave in a few weeks from now. I guess if I have any problems, then back to Avast Free on I7 Desktop and Laptop machines.

I wouldn't use WD as a standalone. Regardless of how "good" others may see it. I would still partner it with something else.

~LDogg

 

[509322]

I wouldn't use WD as a standalone. Regardless of how "good" others may see it. I would still partner it with something else.

~LDogg

Windows Defender is AV\pseudo-internet suite just like the others. It needs to be supplemented with SRP.

The one nice thing about WD is that it can be used seemlessly across SUA and Admin accounts. I am not sure if exclusions will apply across accounts, but settings\configuration tweaks should.

Anyone who has played with SUA enough knows some softs just don't work right in them.