[DISCUSSION] Microsoft AV Products (MSE/FFEP/SCEP)

Discussion in 'Application Software' started by moderate, Dec 25, 2013.

  1. moderate

    moderate MDL Guru

    Aug 31, 2009
    2,636
    2,143
    90
    #1 moderate, Dec 25, 2013
    Last edited by a moderator: Apr 20, 2017
  2. Aninvitedsoul

    Aninvitedsoul MDL Senior Member

    Sep 14, 2012
    421
    110
    10
    I'm wondering which is better System Center End Point Protection or the default Windows Defender of 8 pro ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. PaulDesmond

    PaulDesmond MDL Magnet

    Aug 6, 2009
    7,008
    7,161
    240
    a zero-day exploit will not be detected by any AV/security software until reported to the guys who update the engine which is mostly too late :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Aninvitedsoul

    Aninvitedsoul MDL Senior Member

    Sep 14, 2012
    421
    110
    10
    Ok then waht's the alternative.?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. CorporateRAT

    CorporateRAT MDL Member

    Aug 4, 2012
    242
    44
    10
    common Sense?
     
  6. Aninvitedsoul

    Aninvitedsoul MDL Senior Member

    Sep 14, 2012
    421
    110
    10

    Ya.I know. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. PaulDesmond

    PaulDesmond MDL Magnet

    Aug 6, 2009
    7,008
    7,161
    240
    #7 PaulDesmond, Dec 25, 2013
    Last edited: Dec 25, 2013
    there is no vaccine for a brand new bird flu which is not detected yet ...


    edit: and for the paranoiac I only can recommend sandboxie which is one of the most secure ways to not get infected
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Aninvitedsoul

    Aninvitedsoul MDL Senior Member

    Sep 14, 2012
    421
    110
    10
    #8 Aninvitedsoul, Dec 25, 2013
    Last edited: Dec 25, 2013
    On what basis would you judge a good AV.?What are the measures.? Personal experience or technical facts.?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. NiFu

    NiFu MDL Member

    Jun 29, 2013
    129
    133
    10
    Doesn't Defender for Windows 8.1 support also a "behaviour" detection unlike Defender for Windows 8 ?
     
  10. PaulDesmond

    PaulDesmond MDL Magnet

    Aug 6, 2009
    7,008
    7,161
    240
    honestly, I don't use any AV stuff because I don't need it. Judging AV software is not possible in an objective way. There are many ways to measure such software but it is related to the sources where "viruses" come from. Always consider AV manufacturers want to make bucks. The better they "influence" the magazines or so-called independent institutes, the better a test report will be. The all of us never will have the glimpse of a chance to really see what happens behind these doors.
    Simply run the build in engine in 8.1 and take it as is. No slow down of your system et cetera.
    I have not yet tried moderate's new special but I'm sure it might be more than enough for the all of us.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. moderate

    moderate MDL Guru

    Aug 31, 2009
    2,636
    2,143
    90
    #11 moderate, Dec 25, 2013
    Last edited: Dec 25, 2013
    (OP)
    MS called that feature "Network Behavior Monitoring", while I called it "network engine"... :))

    It runs as separate system service.
    For example it can detect infiltration just based on its network behavior (like establishing daemon (server) at some port, sending information somewhere, downloading crap to PC etc.) even it the app isn't in the signatures.
    All solutions, what I numbered 2., 3, and 4. support it (so the EXE too of course).
     
  12. NiFu

    NiFu MDL Member

    Jun 29, 2013
    129
    133
    10
    #12 NiFu, Dec 26, 2013
    Last edited by a moderator: Apr 20, 2017
    OK, I understand.

    For my understanding "behaviour" detection is something different. "Behaviour" detection should defeat "some" of the zero day exploits. E.G.: Downloaded exe files which modify other exe files (attach virus code). Other virus scanners have this feature for a long time. I have a benign program that regularly moved to quarantine folder by other virus scanner like "Avast". So I have to create an exception rule.

    Microsoft Defender doesn't do this with my program.

    Remark: "Windows Defender for Windows 8/8.1" and "System Center Endpoint Protection" update the virus signature files only once per day (other virus scanners update their signature files 4 times per day). Even if Microsoft delivers new signature files nearly every 2 hours - see here (spoiler text).

    With task scheduler you can force a signature update every hour:
    Code:
    "%programfiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate -MMPC
    or
    "%programfiles%\Microsoft Security Client\MpCmdRun.exe" -SignatureUpdate -MMPC
    If running this task scheduler job as user "SYSTEM" then even the black command line windows don't appear.
     
  13. moderate

    moderate MDL Guru

    Aug 31, 2009
    2,636
    2,143
    90
    #13 moderate, Dec 26, 2013
    Last edited: Dec 26, 2013
    (OP)
    I can tell only, that SCEP attached in 1st post has ALL features from lower versions (like W8-1 Defender), so if W8-1 Defender has any new features in system detection, then SCEP (and also MSSE) has it too... :)

    BTW: I think, that this system "behavioral" detection runs together with network "behavioral" detection as one feature, so it is only available on those version, where "network engine" is present (2. W8-1 Defender, 3. MSSE, 4. SCEP)...
     
  14. moderate

    moderate MDL Guru

    Aug 31, 2009
    2,636
    2,143
    90
    @NiFu:
    ...as you can see, latest SCEP has both of those two features (blue and red marks on the picture)
    View attachment 26122
     
  15. moderate

    moderate MDL Guru

    Aug 31, 2009
    2,636
    2,143
    90
    #16 moderate, Dec 29, 2013
    Last edited by a moderator: Apr 20, 2017
    (OP)
  16. leomate

    leomate MDL Junior Member

    Jun 19, 2009
    52
    7
    0
    Can anybody explain "remote control" feature in SCEP? And how to do it?
     
  17. roirraW "edor" ehT

    roirraW "edor" ehT MDL Addicted

    Sep 1, 2007
    616
    213
    30
    Sorry to kick this thread just for this info, but I thought I'd share that the System Center Protection works fine with Windows XP x86 with Service Pack 3.

    Thanks Moderate for sharing! Was hoping I could get this ever since I found out that it would have it during the beta.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. DJxSpeedy

    DJxSpeedy MDL Senior Member

    Jan 7, 2008
    278
    82
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. po15on

    po15on MDL Novice

    Sep 15, 2013
    6
    2
    0
    #20 po15on, Mar 31, 2014
    Last edited: Mar 31, 2014
    I suggest using EMET along with the antivirus of your choice