Advice Request Windows Defender & October Update

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Windows Defender turns into advanced protection if you tweak it with Andy Ful's ConfigureDefender tool. It is easy to use. You just click a few buttons and you're done.
If you tweak Windows Defender, it is sort of like Clark Kent turning into Superman.
 

Bikeman0I17

Level 1
Verified
Sep 22, 2017
48
Yes did that ran Andy Fuls Configure Defender, Also Have Malwarebytes Free on Desktop and Laptop, 3rd Desktop still running Avast Free as haven't had opportunity to switch that one possibly over to Defender as well, I may, but not sure as yet, it's older Desktop, AMD A6-3620 Quad Core APU, Radeon 3500D, 8gb of ram, 1tb hard drive (mechanical) no SSDs on that system.

Overall on 2 Main systems it's running fine thus far here, but still a bit cautious in using lol
 
L

Local Host

Yes did that ran Andy Fuls Configure Defender, Also Have Malwarebytes Free on Desktop and Laptop, 3rd Desktop still running Avast Free as haven't had opportunity to switch that one possibly over to Defender as well, I may, but not sure as yet, it's older Desktop, AMD A6-3620 Quad Core APU, Radeon 3500D, 8gb of ram, 1tb hard drive (mechanical) no SSDs on that system.

Overall on 2 Main systems it's running fine thus far here, but still a bit cautious in using lol
Performance is better, but still not perfect (it still affects 3D rendering and Visual Studio performance overall), there's also a huge number of false positives in my private Software (so as a developer it still gets in the way a lot).

Kaspersky still the way to go if I ever want to use an AV on my System, no performance hit nor false positives, just perfect :emoji_ok_hand:
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I can only say this. They had the opportunity to do something really innovative and have Windows Defender run on the GPU. Instead they decided to make it exclusive to only Intel gen 6 and up. Basically excluding 80-90% of all PC hardware out there.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
A recent update for Windows 1809 must have totally revamped the Protected folders feature.
I just enabled this feature again, and I didn't get any blocks. I couldn't believe my eyes. I checked my settings, I checked that the exclusion list was empty, and I just was not getting the blocks that I always got before.

In fact, it has a new text:
"Most of your apps will be allowed by Controlled folder access without adding them here. Apps determined by Microsoft as friendly are always allowed."
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
A recent update for Windows 1809 must have totally revamped the Protected folders feature.
I just enabled this feature again, and I didn't get any blocks. I couldn't believe my eyes. I checked my settings, I checked that the exclusion list was empty, and I just was not getting the blocks that I always got before.

In fact, it has a new text:
"Most of your apps will be allowed by Controlled folder access without adding them here. Apps determined by Microsoft as friendly are always allowed."
Interesting. :giggle:
I noticed that three ASR rules:
  • "Block JavaScript or VBScript from launching downloaded executable content",
  • "Use advanced protection against ransomware",
  • "Block executable files from running unless they meet a prevalence, age, or trusted list criteria",
can block most script trojan droppers, so it is hard to download and execute ransomware payload.
The first blocks attacks via Windows Script Host scripts, the second can mitigate PowerShell scripts.
The last one also works, but nobody knows how exactly.
The exception is when someone has installed MS Office - in that case the attacker can use the script with "Word.Application" or "Excel.Application" objects which are actually not caught both by ASR rules and Controlled Folder Access.
So the WD anti-ransomware protection = Controlled Folder Access + ASR rules.

Controlled Folder Access alone, can protect user Desktop and Start menu entries against many malware (except advanced ransomware), which simply try to copy/replace there the malicious files (for example shortcuts with malicious commandlines).

Edit.
For protecting Start menu and Quick Launch entries, some folders have to be added to the protected folders in CFA, for example:
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top