Windows Defender - The worst AV ever?

Discussion in 'Windows 10' started by Windows_Addict, Feb 7, 2020.

  1. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    471
    1,018
    10
    #121 shewolf, Apr 26, 2020
    Last edited: Apr 26, 2020
    I promised myself I wouldn't do it again, only this time because you have a nice nick.:rolleyes:
    Suppose just as an example, as the shortest path of explanation, you choose as a protected folder "C:\Windows".
    From "Allow an app through Controlled folder access" remove "cmd.exe" and "powershell.exe" if there are here, run script.
    And say which popup come out? Now you can experiment with all folders and each *.exe


    If you want to experiment with Windows Defender Sandbox, enable it, restart your PC, disable Controlled folder access and run script.
    With "disabled" WD attempt to download "eicar" test file, you will say what happens?

    I ended up here.

    :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    471
    1,018
    10
    #123 shewolf, Apr 27, 2020
    Last edited: Apr 27, 2020
    Typical reaction of 99.9% of users on this forum, and then you are surprised if I call you by your real name.
    He does not understand what is being said but promptly attacks the one who wants to help you understand the problem
    I see that you did not protect WD, recommended to turn on the WD Sandbox and then do the test. if you do not this any further discussion is without effect.

    I expect you to do it as I recommended.
    :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Windows_Addict

    Windows_Addict MDL Addicted

    Jul 19, 2018
    706
    1,447
    30
    I already enabled it, forgot to mention that.

    Just tested it again to make sure.
    "MsMpEngCP.exe" process was running which is a part of WD sandbox thing,

    Ran the script, it disabled WD, and that sandbox process was shutdown,
    downloaded eicar, tested other few apps which WD would have killed at first sight, nothing. All are working without interference.
     
  4. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    471
    1,018
    10
    #125 shewolf, Apr 27, 2020
    Last edited: Apr 27, 2020
    If the WD sandbox is properly turned on, and you say that this script turns it off there is only one answer to your claim, you're lying !!!!

    I'll also explain why I can say it, you're lying.
    Because it is not possible to activate the WD sandbox without restarting the PC you also cannot deactivate it without resetting the PC.
    This script does not do this, you don't need to run it to find that out, enough to read it.

    So, you can freely change your name to "I'm stupid of the day" so that everyone can know in advance who they are dealing with.

    :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Windows_Addict

    Windows_Addict MDL Addicted

    Jul 19, 2018
    706
    1,447
    30
    Lol :p

    I know the process and restarted the system before applying the script.

    It's hilarious how you make claims even without testing the mentioned scripts, and calling liars others who have posted what they find after running it. Anyway I'm not interested in convincing you. Keep believing whatever you prefer.

    Have a good day.
     
  6. BAU

    BAU MDL Addicted

    Feb 10, 2009
    859
    1,735
    30
  7. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    471
    1,018
    10
    #128 shewolf, Apr 27, 2020
    Last edited: Apr 27, 2020
    When someone says such things, I expect them to be able to confirm how they are able to do it.
    The question is: how can you bypass the WD sandbox?

    :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. BAU

    BAU MDL Addicted

    Feb 10, 2009
    859
    1,735
    30
    It's one thing to read about something - WD sandbox - and another to understand what it means for users - yes, it's great against attacks on WD itself (an actor with limited rights will first attack high-privileged processes such as the antivirus, and because of sandboxing won't gain much if exploiting it). It also enables and enforces more mitigations than by default, but due to the nature of sandboxing, scan performance suffers so it's not enabled by default even now, years later.
    Nobody here has talked about that because it does not matter - we're just showing that setting a registry policy completely neutralizes Defender, despite Tamper Protection or whatever.
    And setting that registry policy requires admin rights, so using a limited-rights account is the best protection. If on the other hand using an admin-rights account like 90%+ windows users do, and relying on UAC to protect you against unauthorized access - you're actually naked! Any malicious software masquerading as something useful can covertly gain admin rights and with it take over your system, and for example neutralizing/uninstalling Defender and then dl and installing anything.
    There are several AlwaysNotify-compatible UAC-bypasses in the wild now and have been for many years. Microsoft does not care, because 'UAC is not a security boundary' in their view.

    So, scared little doggy, how about you copy paste the script in a powershell window and see for yourself? Use a virtual machine with a clean installed windows 10 if you must.
    Until then, ignored.
     
  9. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    471
    1,018
    10
    #130 shewolf, Apr 27, 2020
    Last edited: Apr 27, 2020
    Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm.

    So I advise everyone, use WD with sandbox enabled, in this way you superbly protect your operating system and your data.
    Only WD offers this, it's very simple for everyone; open CMD.exe as admin, paste this command to it, setx /M MP_FORCE_USE_SANDBOX 1, hint enter and restart your PC, to disable it, same procedure but change commant to, setx /M MP_FORCE_USE_SANDBOX 0, restart needed. that's all.

    :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    687
    777
    30
    Could it be by "design" that Windows Defender can be disabled? When you install another Antivirus, Defender automatically gets disabled.
     
  11. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    471
    1,018
    10
  12. Smiglo5

    Smiglo5 MDL Novice

    Jul 8, 2018
    34
    1
    0
    Is ToggleDefender script still working on 2004 build of W10?
    @BAU
     
  13. Windows_Addict

    Windows_Addict MDL Addicted

    Jul 19, 2018
    706
    1,447
    30
    Yes, it works in W10 2004.
     
  14. mdl052020

    mdl052020 MDL Senior Member

    May 31, 2020
    457
    474
    10
    Remove Defender Permanently Script by Aveyo is not working in win10 2004 as i have checked it some days ago .
     
  15. xinso

    xinso MDL Guru

    Mar 5, 2009
    5,218
    7,429
    180
    #136 xinso, Jul 25, 2020
    Last edited: Jul 25, 2020
    Remove Defender Permanently from win10 2004. What's gonna happen to Windows Update since 18362.1?
     
  16. TairikuOkami

    TairikuOkami MDL Expert

    Mar 15, 2014
    1,021
    877
    60

    Attached Files: