Windows Defender - The worst AV ever?

Discussion in 'Windows 10' started by Windows_Addict, Feb 7, 2020.

  1. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    415
    642
    10
    I tested it again on W10 1909 with latest defender definitions, it worked as expected, you just need to make sure cover every track in the exclusions. Although in some cases the defender taskbar icon turned red but the file was not deleted and the operation continued and after one or two minutes the icon turned green and upon opening the defender no issues were found, files were still there in working condition.
    Let me know the files in PM and I'll try to test them.
     
  2. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    415
    642
    10
  3. Micro

    Micro MDL Member

    Apr 26, 2009
    105
    40
    10
    I have been beta testing Windows since slightly before 3.0 and will continue to for the foreseeable future. I do mean actual testing, not just installing builds as a 90%+ here do (no insult intended to those)
    You're following what we used to refer to as the "chicken little" script.
    Of course Defender can be defeated, so can any AV. Windows 95/98 had a serial # requirement that could be defeated by changing a single bit in a supporting DLL. So what?
    Of course there are ways to alter Defender into not working properly or weakening it by installing 3rd party apps.
    There is no real world defense for that other than locking the system and not allowing apps to be installed.
    Manual exclusions must be allowed for unforeseen files that can trigger Defender, but are safe, the same as with all AV apps.
    Lock out exclusions and you prevent some users from running their "necessary" apps.
    Conversely that is also why Defender is updated regularly and why "security intelligence" is updated every few hours, to mitigate the above circumstances.

    WADR - So I ask again, do you have a file or files that defeat Defender by executing them against a clean install that I can test.
    I have not found any on my own. If you have one or more it needs to be submitted so that improvements can be made rather than just "chicken littled".
    That is after all the purpose of beta testing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. bfoos

    bfoos MDL Guide Dog

    Jun 15, 2008
    613
    505
    30
    He's just looking for issues to complain and preach about. Common sense goes a long way in protecting ones self and possessions against threats of any kind. Any AV can be circumvented, not just Defender. Again, this thread is useless.
     
  5. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    922
    806
    30
    Indeed, Windows Defender does not even allow me to replace utilman, it monitors "innocent" commands as well, one of the reasons I disable it ASAP, to get my scripts working.
    Code:
    takeown /s %computername% /u %username% /f "%WINDIR%\System32\utilman.exe"
    icacls "%WINDIR%\System32\utilman.exe" /grant:r %username%:F
    copy /y %WINDIR%\System32\cmd.exe %WINDIR%\System32\utilman.exe
     
  6. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    415
    642
    10
    Yes, it'll nag these such commands but will allow those which will lead to kill the whole AV.
     
  7. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    415
    642
    10
    I've seen some systems which were infected with the easy methods mentioned in OP and WD was just helpless, from there I'm thinking to change the way about how to be secure. Point of this thread is to create awareness and have a discussion about it.

    I asked that question because others claimed that it can be done, from what I know it can not be done at-least in the easy way, point of asking it to be aware of possible things related to it for the knowledge and security purpose. or do you prefer that we should bury our head in the sand like ostrich and pretend everything is fine?
     
  8. endbase

    endbase MDL Guru

    Aug 12, 2012
    4,354
    1,448
    150
    So what is your point the answer is use your brain when it comes to internet don't believe pretending AV that should protect you just my 2 cents
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Krakatoa

    Krakatoa MDL Addicted

    Feb 22, 2011
    500
    740
    30
  10. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    415
    642
    10
    What about those who don't have a brain (experience to understand the possible ways of getting infected), how should do they deal with it?

    For example, my dad wants an app to edit pictures or videos or similar stuff, since windows doesn't have a proper store like google play, he goes to google to find it, since he doesn't know any existing app, he is downloading and trying some unknown apps, and he landed on a site which looked very fine and provided a good feel about the software, he installed it, that software first simply disabled the WD and later downloaded/extracted tons of malware.

    This is a very common story and can happen to anyone.
    Also, you can't rely solely upon the brain to protect your self since your brain is not capable to process the complicated software workings, and if anyone is trying out new legit-looking software (properly scanned) on the system, that user's system is at the risk of getting infected, it's simple as that.
    Remember how once CCleaner was infected in an update and antivirus's blocked it, now imagine you had installed it and it was set to auto-update, who would save you, is your brain/common sense alone capable of detecting such things? If it can happen with CCleaner, it can happen with most of the software.

    In conclusion, a good antivirus (which at least doesn't allow to kill itself that easily and definitely not WD) is a must if the system is at the risk of getting exposed to unknown USB's, and software/scripts other than some very major ones.
     
  11. endbase

    endbase MDL Guru

    Aug 12, 2012
    4,354
    1,448
    150
    I don't use AV for many years now and never have problems with malware or virus infecting my system AV is a placebo for people who don't know how to handle treats that are outside there also I have an image all the time of my OS in case I should made a mistake. It's build around fear of "normal" users that are not realy capable of handling situations of infections and in my vision there is no perfect AV because a good programmer could easely create a work around to infect a system if he wanted to so safety is a false thought that is created by marketing around the AV these days so two choices you go with that strategy or once again U use common sense again just my 2 cents
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. bfoos

    bfoos MDL Guide Dog

    Jun 15, 2008
    613
    505
    30
    He's not going to get it. It's obvious he has a personal vendetta to see through here and nobody is going to make him stop shouting FIRE!!! in a crowded theater. Common sense is all I need to stay safe online and on the streets. But a fear mongerer will do as a fear mongerer does. Have fun extolling the horrors of Defender! Again, this thread is useless and I've wasted too much time here.
     
  13. SL2

    SL2 MDL Member

    Jan 18, 2012
    155
    49
    10
    Brainless people didn't install Kaspersky ten years ago, and guess what, they still don't do it.
     
  14. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    922
    806
    30
  15. endbase

    endbase MDL Guru

    Aug 12, 2012
    4,354
    1,448
    150
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...