Nov 17 2019 04:11 AM - edited Nov 17 2019 04:13 AM
I recently watched this video
https://www.youtube.com/watch?v=sE-xdb9hTqY
testing how Windows Defender (+ Sandbox mode ) performs against real malware. it made me kind of worried. I really hope Microsoft improves it so that installing 3rd party AV software won't be the first thing a user should do after Windows installation.
obviously I still and will keep using Windows Defender because I'm aware of the files I download but for the majority of people, that's not unfortunately the case.
I think Microsoft should put Windows Defender ATP inside the normal Windows 10 pro editions by default for everyone.
it's not a bad thing to make your OS a safe environment for your users.
https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp?ocid=cx-blog-mmpc
Nov 19 2019 09:13 PM - edited Nov 19 2019 09:15 PM
Interesting results, there were definitely a lot of malware thrown at the engine and you can see as they executed some got through evidently. What I would like is to get my hands on a copy of the malware samples used (or similar) to run against a machine in a lab. Anyone know where one could download bulk samples?
In the end you can't just rely on the AV by itself, you need to stack your security with everything you can (ASR, UAC, AppLocker) and maybe mix it with another 3rd party "next-gen-AI-ML-powered-fluff" endpoint protection. It is too bad that the ATP is a subscription when the out-of-the-box engine can't handle it all.
Nov 23 2019 12:01 AM