Windows Defender - The worst AV ever?

Discussion in 'Windows 10' started by Windows_Addict, Feb 7, 2020.

  1. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,209
    1,156
    60
    #81 CHEF-KOCH, Feb 10, 2020
    Last edited: Feb 10, 2020
  2. Krakatoa

    Krakatoa MDL Senior Member

    Feb 22, 2011
    499
    730
    10
    Tamper protection:
    Excellent:
    Turn off the TP by using the registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features TamperProtection 0
    Does not work using admin rights, does not work using system rights, does not work with trustedinstaller rights.
    This is the only feature Tamper Protection???
    For example, uninstalling using the cmd / ps script works:
    https://forums.mydigitallife.net/posts/1576848/
    And also...
    Adding exceptions works.
    Disabling Defender works with DefenderControl.
     
  3. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,209
    1,156
    60
    #83 CHEF-KOCH, Feb 10, 2020
    Last edited: Feb 10, 2020
    You need UAC (higher rights) for registry nor does the registry key work in higher Windows 10 versions (2004+). You tried, you failed, it's normal because I'm as said, the expert on WD topic.

    I also checked the posted script, it will not work in 1909+ because whenever WD detects elevated PS (you already need admin rights to start and change the default PS policy) then the road ends there, you also can block PS completely together with host scripting as well as enable signature checks and then it's game over.

    Again, I'm out here. There is nothing interesting left in the topic now, just searching now for exploits which to 99% need admin rights. I agree that there are some unknown samples, but we already said that an AV is not meant to be 100% secure the user, it's not possible, there are lots of variables.
     

    Attached Files:

  4. Krakatoa

    Krakatoa MDL Senior Member

    Feb 22, 2011
    499
    730
    10
    Yes, I need admin rights and uac. But I know why you write it to me?????
    You didn't answer me what I asked!!!!!
     
  5. nosirrahx

    nosirrahx MDL Senior Member

    Nov 7, 2017
    347
    188
    10
    I've never had one on any of the systems I manage and currently that stands at 12, about half of them general purpose systems.

    If you are getting FPs that could easily be the result of crack/keygen/game mod software as many of these tools are encrypted using the same tools used to encrypt mid-level malware project (the high end projects get far better encryption).
     
  6. PsychedelicShaman

    PsychedelicShaman MDL Member

    Dec 4, 2017
    133
    312
    10
    That's true, Windows Defender has even removed my own modified binaries, it's pretty annoying, a good AV should not falsely detect such files as threats, ESET has never removed my cracks.
    Maybe it's not so bad as a basic protection for an average person, but for power users it's horrible.
     
  7. boyonthebus

    boyonthebus MDL Addicted

    Sep 16, 2018
    672
    364
    30
    Put your cracks in an excluded folder.
     
  8. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    @Micro I've revised the OP and added commands to disable the WD with the working URL to download the utility.
     
  9. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    487
    852
    10
  10. Micro

    Micro MDL Junior Member

    Apr 26, 2009
    99
    40
    0
    Simple -
    https://forums.mydigitallife.net/th...r-the-worst-av-ever.81120/page-3#post-1576784

    Provide the file you claimed did the ^above^ or stop making false claims.
    Simple code is not the same as the file you claimed ^above^.
    Physical access to enter the 3 lines you provided actually proves nothing.
    With physical access to your PC, I own you.
    Entering your PC through a file and then executing is a whole different matter.
    Again I ask, provide the file you refer to ^above^ for testing or stop making claims.
    I'm done here, feel free to troll whoever remains.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    I thought you had so much experience working with windows from 3.0 that you could have guessed how the given proof of concept can be exploited against the general users, but you are asking for files in a way that you don't know how an attacker can reach to your computer and giving arguments like someone needs physical access to infect you.

    Let me explain to you the obvious about how a general person (with average computer skills) with general computer settings can get infected,

    - save the script (either this or that) as .cmd (this is the file you are looking for btw in case if you missed it because you weren't seeing any download option /pun intended) and archive it with .rar. or .7z (not in .zip because default explorer will show smart screen nag for extracted content and assuming that most people have 3rd party archive manager installed, opening .7z wouldn't be a problem, and winrar and 7zip doesn't store zone markers in extracted content, leading you no smart screen nag)

    - someone send this archive file to your beloved ones on email (outlook, cloud mail, etc) with attractive content or masquerading itself as some other reputed source in a phishing attempt).

    - user downloads it with chrome without any issue and WD doesn't detect anything upon scanning, most users are not aware of what is a .cmd file and why it's used, so they simply click on it as any noob would do.

    - the script doesn't ask for elevation and automatically does all the work and removes system's only security which is WD, now the script can download any s**t it wants and execute it silently in the background and nothing will stop it, and it all can be done in a way which is completely hidden.


    --------------

    Now a few things which you also need to consider,
    In these scripts there is nothing new, UAC bypass and WD bypass were already known by many people, so don't think this is new and MS will fix it as soon as they get to know it, it means they are not motivated enough to fix such easy vulnerabilities.
    Even after these real-world example, If you are still looking for "that file" and assuming that whatever is written here is false and wouldn't work then most likely your comprehension skills are very poor, I don't think I can explain it you better than this.

    Still, if you insist on getting "that file", here you can download it in the attachment.

    *script can work in completely hidden mode if want.
     

    Attached Files:

  12. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    3,493
    725
    120
    defender is not worst ever by far...theirs a lot crappy AV out their.
     
  13. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    If you consider "self defence" as a parameter then which AV exactly would be the worst, or let's say worst than WD?

    After all, self defense feature should be core point in measuring any av's reliability, isn't that right?
     
  14. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    3,493
    725
    120
    Norton to me is commercial garbage:rolleyes:
     
  15. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    Is it possible to do such similar things against norton? If yes then thread title needs to be changed, if no then norton is not the worst.
     
  16. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    487
    852
    10
    Btw,
     

    Attached Files: