Yes, this is exactly what I have asked you to provide. What is the name of the app that he installed so that the effects can be duplicated ? Was this a basic OS installation or one that you had "improved" ? The only way to improve Defender against these type of "alleged" incursions is to be able to duplicate your claims. If you intend to keep making these claims, at the very least provide the hard data to back them up. If you can't provide the name(s) of the software involved in this quoted claim, then I would ask that the mods lock this thread as simple trolling.
I already linked to latest AV test @Joe C and WD is one of the top rated one's now, because as I said since Windows 10 MS puts millions into it. Just because it was bad (XP/Vista) (under different name ("Windows Security Essentials" and as a third-party program). Does not mean it's still bad. I also think that this does not help OP with his problem, his problem is that he did not use the strongest settings nor did he checked GPO to "configure" WD to solve the mentioned "bypass". As said, use "Hard_Configurator", it controls Windows 10 security internals (it's a clunky tool) but works like a dream. It controls smart screen, includes WD Control, allows working with AppGuard and whatnot. It's all someone need, MS definitely should provide similar GUI, but I heard no plans that they are going to do it.
@CHEF-KOCH @Joe C The basis to name the thread title like this is how easily whole WD protection can be by passed with 3 simple lines, as per my knowledge we can't do the same with other AV's, that's why I wrote, worst AV and question mark is there instead of ! because I'm not sure if I've got all the points correct. Whats' the point in saying the fact that it has high rating in various tests when you can bypass the whole thing easily. Why it is so hard to understand that a malicious software will simply utilize the fact that WD is the only AV protecting 50 % users, who is stopping them to simply disable the AV and download the malware's later that's without any alert. I've already provided you the methods how to fully disable the WD without any alert with 3 simple lines. What more do you need, tell me exactly.
could be... I dunno There is another place that does independent av tests but I can not recall the name off the top of my head
@CHEF-KOCH Lets face these basic questions and leave out all the ratings chart and what the world thinks. By using the common sense I suppose the first step of any malware would be to disable/neutralize the installed AV, otherwise what's the point in executing itself when the AV is going to delete the malware anyway, so if AV is bypassed then it simply means malware won and system will be definitely infected. Now since we know how easily WD can be bypassed, don't you think it means WD provides you a zero protection in a way? If you or anyone can mention similar easy bypasses for other AV's for example kaspersky with password protected settings, I'll apologies to everyone for wasting everyone's time and for this thread title, but until then the thread motive and meaning is justified.
OK, CCleaner example. 1. CCleaner (Piriform) infected with malware (before July 2017). 2. July 2017: Avast buys Piriform, CCleaner belongs to Avast. 3. Avast does not know that it has CCLeaner with malware on its servers. 4. 15 Aug 2017 - 12 Sep 2017 Offered infected version. Antiviruses have no problem. 5. 12 Sep 2017 Detected (Cisco Talos) malware in CCleaner. Did your three lines have any effect on CCleaner malware? Not to me. By the way, Defender can be removed by a simple script (uninstalling mum packages, after Windows starts Windows is without Defender), it is not necessary to use DefenderControl. It is not easy, it requires admin rights. It's not a "very basic level of attack" (uninstall Defender mum packages is very basic level of attack), that's what DefenderControl does, and something like that is probably programmed to any antivirus. If someone has admin privileges, they can elevate them to system / trustedinstaller and then do whatever they want with the system. If it could not go directly, with a restart certainly (run something before the antivirus).
When running, WD will not allow you to run DefenderControl app or other scripts which touches the area of tamper protection and removes WD, doesn't matter if it's running with system / trustedinstaller privileges. Defender will block it and flag the warning. Loophole is in excluding the file from scan, WD allows it with command line, and other AV's don't, that's the main reason why attack on WD is so easy. ---- Will check CCleaner detection matter later, however I remember that in 2017 some articles mentioned that some AV's detected it in real time, will try to find it.