Windows Defender - The worst AV ever?

Discussion in 'Windows 10' started by Windows_Addict, Feb 7, 2020.

  1. sxhilkxdxm

    sxhilkxdxm MDL Junior Member

    Mar 7, 2020
    74
    22
    0
    Noted.
    Thanks BAU


    I dislike it too ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,050
    30
    #162 BAU, Nov 8, 2020
    Last edited: Dec 3, 2020
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    7,679
    14,987
    240
    ToggleDickfender yessss!

    Please please open a dedicated thread. I love the Disable - Enable approach. Simple...Beautiful... Zero complications.
     
  4. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,050
    30
    I've toyed a bit with it, it used to be Yes for Disable and No for Enable, not that great in retrospective - thanks to @freddie-o for suggesting a more intuitive form!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,050
    30
    Volatile Environment (there is actually only one entry, HKCU is just a link to one of the HKU entries) goes away after reboot.
    Keeping the entry there is a compromise for sys-admins, since the whole script is no longer logged in Microsoft-Windows-PowerShell/Operational.
    But sure, I will consider it.

    Removing UAC bypass does not significantly slims or clears the script.
    Plus, it's a statement. I want all UAC bypasses, specially ones so easy to pull off, patched and back-ported to all windows versions.
    Malware have been actively using such bypasses with impunity, taking advantage of the fact that most windows users do not use a limited account.
    If you did not know, Defender actually has a detection rule for DiskCleanup UAC bypass. But it only tackles one use case, via schtasks - it's absolutely maddening.
    Script also ends with couple lines of code that can be un-commented to patch this specific bypass and I would not want to let go of that.

    Script used to toggle a lot more defender features, but now only stops auto-actions.
    No AV should first delete stuff and then tell you about. Specially when Defender has so many fake positives for stuff Microsoft dislikes, but not actually malicious.
    Too many times have I seen it do that, and then it was impossible to recover the file / force closed my file manager or running scripts leading to loss of work.
    There's no easy way for a user to toggle that, so the script helps with it. But on this point I agree it's debatable.
    I also should comment the whole tweaks section, as is it resets a few policies.
    And that might not be a bad thing per-se, I've lately seen many reports of defender not working anymore and even in-place repairs not fixing it because policies survive that. Definitely not my script.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    7,679
    14,987
    240
    After toggling Dickfender with ToggleDefender

    Nice
    2020-12-05_081827.png

    Is this right?
    2020-12-05_082100.png
     
  7. Windows_Addict

    Windows_Addict MDL Addicted

    Jul 19, 2018
    922
    2,072
    30
  8. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,050
    30
    Having a native feedback of Defender state is actually a cool feature of the script, specially since notifications on toggle are hidden.
    Best-practice is to always show all icons in the systray, but you can hide it individually via Taskbar settings, or comment it in the script at line #16
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. AeonX

    AeonX MDL Addicted

    May 24, 2013
    701
    553
    30
    Windows Defender is worse than a virus I try to disable it in Windows 10 version 2004 from a friend and I can't do it at all.

    I disable tamper protection and use group policy but the entry in registry for the GP is not created correctly. I create the entry manually and it is deleted :angry:

    Version 2004 is more buggy than hell I don't know how you guys can use it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. uffbros

    uffbros MDL Senior Member

    Aug 9, 2010
    385
    36
    10
    Never a problem here??????
     
  11. shhnedo

    shhnedo MDL Addicted

    Mar 20, 2011
    949
    1,304
    30
    @BAU This.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. BAU

    BAU MDL Addicted

    Feb 10, 2009
    943
    2,050
    30
    Well, the Bahrain shady investment group did not manage to touch any asset from Avira, as they were given an offer they can't refuse by Broadcom last week.
    It probably went something along the lines of sell it to us, or we can't guarantee a drone won't misfire around your location..
    And yes, Broadcom supposedly has ties with the NSA. I pretty much trust NSA more than all the other data-hoarding entities combined, tough.
    Broadcom earlier this year also bought Symantec (Norton), so now the newly re-listed company NortonLifeLock = Norton + Avira.
    But since Norton reached scareware level (almost fake av) on it's last legs, I don't see how that would mix with a product 10x better that was Avira.
    The obvious conclusion is that Broadcom was only after home users and companies data with this purchase.
    The future looks grim for consumers and business in these veritable world data wars.
    For now, you can trust Bitdefender and Eset, or stick with the subpar Defender.
    @shhnedo, I'm more ambitious than that, I want a forum section :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Space Dandy

    Space Dandy MDL Junior Member

    Jan 3, 2017
    54
    14
    0

    Oh I see thanks! :rolleyes:
     
  14. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    7,679
    14,987
    240
    This! :tooth:
     
  15. nosirrahx

    nosirrahx MDL Addicted

    Nov 7, 2017
    926
    430
    30
    Warning, don't try this unless you are cool with holding down the power button to reboot your system.

    Want to see something funny?

    Grab ProcessExplorer (or any tool with the same functionality).
    Right click MsMpEng.exe and select 'Kill Process'. You will get an access denied warning.
    Now right click MsMpEng.exe again and select 'Suspend', then close ProcessExplorer.

    Now try to do literally anything with your system.

    Effectively Defender is waiting for new execution attempts to clear a security check and the suspended process prevents that from ever happening.
     
  16. AeonX

    AeonX MDL Addicted

    May 24, 2013
    701
    553
    30
    Avira was once the best and only good antivirus free but over time it got heavy and irritating so I abandoned it. I currently believe that only paid antivirus is good. My favorite since the time of Windows XP is ESET super light and efficient :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Windows_Addict

    Windows_Addict MDL Addicted

    Jul 19, 2018
    922
    2,072
    30
    Microsoft Security Essentials is not supposed to disable itself when other antivirus's gets installed. However, we can still kill its services to disable it the same as we can do with windows defender.

    In another scenario, if we install two av's, such as Kaspersky and Bitdefender (whose services can't be killed), we can pause one av and continue to use other. By this, I suppose WD shouldn't have to allow anything to kill itself, just so that it can disable itself when needed.

    I don't have any idea why WD in 2020 doesn't have basic protection to stop itself from being killed, just like almost all 3rd party AV software has.

    Because of this, on more than 50% of PC's, any software can do something like this without any fuss,
    - Kill WD
    - Extract/download malware/ransomware
    - Execute it

    Are they fu*king nuts? :dunno:
     
  18. Insanegamer1996

    Insanegamer1996 MDL Junior Member

    Oct 22, 2019
    99
    6
    0
    It feels like WD is the only antivirus that i dont feel impact on my pc performance. I did not test eset but im pretty sure WD is the most optimized antivirus for windows pc's when it comes to impacting performance.