Discussion in 'Windows 10' started by Windows_Addict, Feb 7, 2020.
You need to login to view this posts content.
Turn off the TP by using the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features TamperProtection 0
Does not work using admin rights, does not work using system rights, does not work with trustedinstaller rights.
This is the only feature Tamper Protection???
For example, uninstalling using the cmd / ps script works:
Adding exceptions works.
Disabling Defender works with DefenderControl.
You need UAC (higher rights) for registry nor does the registry key work in higher Windows 10 versions (2004+). You tried, you failed, it's normal because I'm as said, the expert on WD topic.
I also checked the posted script, it will not work in 1909+ because whenever WD detects elevated PS (you already need admin rights to start and change the default PS policy) then the road ends there, you also can block PS completely together with host scripting as well as enable signature checks and then it's game over.
Again, I'm out here. There is nothing interesting left in the topic now, just searching now for exploits which to 99% need admin rights. I agree that there are some unknown samples, but we already said that an AV is not meant to be 100% secure the user, it's not possible, there are lots of variables.
Yes, I need admin rights and uac. But I know why you write it to me?????
You didn't answer me what I asked!!!!!
I've never had one on any of the systems I manage and currently that stands at 12, about half of them general purpose systems.
If you are getting FPs that could easily be the result of crack/keygen/game mod software as many of these tools are encrypted using the same tools used to encrypt mid-level malware project (the high end projects get far better encryption).
That's true, Windows Defender has even removed my own modified binaries, it's pretty annoying, a good AV should not falsely detect such files as threats, ESET has never removed my cracks.
Maybe it's not so bad as a basic protection for an average person, but for power users it's horrible.
You need to login to view this posts content.
Put your cracks in an excluded folder.
@Micro I've revised the OP and added commands to disable the WD with the working URL to download the utility.
Provide the file you claimed did the ^above^ or stop making false claims.
Simple code is not the same as the file you claimed ^above^.
Physical access to enter the 3 lines you provided actually proves nothing.
With physical access to your PC, I own you.
Entering your PC through a file and then executing is a whole different matter.
Again I ask, provide the file you refer to ^above^ for testing or stop making claims.
I'm done here, feel free to troll whoever remains.
I thought you had so much experience working with windows from 3.0 that you could have guessed how the given proof of concept can be exploited against the general users, but you are asking for files in a way that you don't know how an attacker can reach to your computer and giving arguments like someone needs physical access to infect you.
Let me explain to you the obvious about how a general person (with average computer skills) with general computer settings can get infected,
- save the script (either this or that) as .cmd (this is the file you are looking for btw in case if you missed it because you weren't seeing any download option /pun intended) and archive it with .rar. or .7z (not in .zip because default explorer will show smart screen nag for extracted content and assuming that most people have 3rd party archive manager installed, opening .7z wouldn't be a problem, and winrar and 7zip doesn't store zone markers in extracted content, leading you no smart screen nag)
- someone send this archive file to your beloved ones on email (outlook, cloud mail, etc) with attractive content or masquerading itself as some other reputed source in a phishing attempt).
- user downloads it with chrome without any issue and WD doesn't detect anything upon scanning, most users are not aware of what is a .cmd file and why it's used, so they simply click on it as any noob would do.
- the script doesn't ask for elevation and automatically does all the work and removes system's only security which is WD, now the script can download any s**t it wants and execute it silently in the background and nothing will stop it, and it all can be done in a way which is completely hidden.
Now a few things which you also need to consider,
In these scripts there is nothing new, UAC bypass and WD bypass were already known by many people, so don't think this is new and MS will fix it as soon as they get to know it, it means they are not motivated enough to fix such easy vulnerabilities.
Even after these real-world example, If you are still looking for "that file" and assuming that whatever is written here is false and wouldn't work then most likely your comprehension skills are very poor, I don't think I can explain it you better than this.
Still, if you insist on getting "that file", here you can download it in the attachment.
*script can work in completely hidden mode if want.
defender is not worst ever by far...theirs a lot crappy AV out their.
If you consider "self defence" as a parameter then which AV exactly would be the worst, or let's say worst than WD?
After all, self defense feature should be core point in measuring any av's reliability, isn't that right?
Norton to me is commercial garbage
Is it possible to do such similar things against norton? If yes then thread title needs to be changed, if no then norton is not the worst.