Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

It was probably checking for malicious links. I'd actually call it fair that it scanned this, but if it was slow to do so they should work on the speed.

 

To be honest, they have no business checking the links in my bookmarks file LOL. But this just shows how dumb Win Defender really is. I wouldn't be surprised if they have even send the file to the cloud, which is a breach of privacy if you ask me.

 

I guarantee they sent it to the cloud. If there were any they weren't already familiar with, they tried to connect to them as well. They do that with Skype also. If you send someone a link to a server you control you can see in the logs that they connected to it when you sent the link.

 

Actually, malware from local HTML files is not uncommon nowadays, mainly in the business field where for example, it may come as an email attachment pretending to be companies' login site. In my short experience, ESET are the best at detecting local malicious HTML files followed by Bitdefender. Microsoft Defender and Kaspersky are the worst, where Kaspersky's file av component avoids scanning local HTML files 99% of the time.

 

Did you mean the enterprise version of Defender? Because the home version is much less sophisticated as it is.

 

some users often forget to tell which additional security is also installed

 

Updated virus definitions.
Does anyone have this problem with Paint.net?

 

Can you exclude the file extension from Defender's scan options, or at least the folder the file resides in? Sorry my memory is fading on what options are available for Defender, since I've been running Linux 98% of the time for several months now, and barely missing Windows at all.

 

Good to know in case someone reaches out to me about it. I almost responded yesterday that I wasn't having any issues but then I realized I wasn't running Defender on any of my PCs.

 

With the virus definitions update, the problem is solved.

 

you can exclude files, folders, filetypes, processes.

but its not recommended to exclude html at all, more than to create a special folder and exclude this one.

bookmarks.html contains a lot of html in bad case, any browser will have timeouts while importing because they are analysed on reading. for me i cannot second this behavior here for html, but for import.

 

Thanks, I kind of thought that was the case. In my scenario, and probably that of Rasheed's, I know 100% for sure the bookmarks.html file I export from my browser is safe, therefore he might want to export it to a dedicated, specific folder that's excluded form Defender's scanning, which, if I'm not mistaken, is what you might be suggesting.

 

Good one, thanks for the tip, totally forgot about this. And this is probably because of WD's horrible GUI. I also noticed that WD is for some reason scanning XnView's databases, I can often see a small delay when opening picture thumbnails. I don't see any reason for it to scan pics.

I still think it's dumb as hell! I have now made an exclusion.

Yes, I have just seen the latest report about data transmission performed by multiple AV's, and surprise, surprise, WD is actually pretty bad from what I understood. Perhaps I should make the switch to some third party AV after all.

 

Got an update to the Antimalware Platform just now. KB 4052623. Must be important. I forced the update here. About:

Spoiler: def current version

What you get when clicking the link under Definition updates/Antimalware Platform update
https://learn.microsoft.com/en-us/m...efender-antivirus-updates?view=o365-worldwide

 

https://www.darkreading.com/attacks...ed-for-windows-defender-update-process-hijack

 

Oh wow. OK thanks, @itman

 

Relax. This was a research project and in no way does it imply that this process is being actively exploited.

 

True, but I still think it's shocking it was this simple to bypass MS Defender, even the corporate version. Who knows how many companies are hacked, without them even knowing about it, with these kind of tricks. Also see this topic, about another way to bypass corporate AV's:

https://www.wilderssecurity.com/thr...ing-and-eager-ransomware-double-agent.452197/

 

I had configured "Turn off routine remediation" to "on" in GPEdit yet Defender deleted a file without my confirmation. Anyone else seeing the same? The file was configured to run at startup if it matters. Good job Microsoft, you 1d10ts.

 

Anything can be bypassed by a skilled hacker. If they want you, they will get you. I only win by being a worthless target.

 

The thing is, it seems like companies like Apple and Microsoft rely on third party security researchers instead of its own employees to point out flaws in built-in security in Windows and macOS. At the end of the day, these are design errors.

 

Their own employees are less likely to catch the design flaws that they themselves made, else they would not have happened. Rule 1 of testing software. Never be the last word on testing your own work. This is why I disagree with anyone that suggests that Defender should be better because they made the OS. It's the very reason why it should be worse. If I had a nickel for every time one of my programmers said "It works on my machine"... I'd have some nickels.

 

Yes, but that's exactly my point, companies like Apple and MS should have special ''hacker'' teams that weren't involved with actually developing OS built-in security. Now it seems they rely on third party bug hunters, it's a bit silly, especially when you see how easy it is to bypass this stuff.

 

The other question is do they pay better than the zero day brokers? If you would find a nice bug and MS would pay 250k and a broker 400k were would you sell it? (Random numbers used for an example)