Home

Windows Defender and how it performs against malware

%3CLINGO-SUB%20id%3D%22lingo-sub-1013745%22%20slang%3D%22en-US%22%3EWindows%20Defender%20and%20how%20it%20performs%20against%20malware%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1013745%22%20slang%3D%22en-US%22%3E%3CP%3EI%20recently%20watched%20this%20video%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DsE-xdb9hTqY%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DsE-xdb9hTqY%3C%2FA%3E%3C%2FP%3E%3CP%3Etesting%20how%20Windows%20Defender%20(%2B%20Sandbox%20mode%20)%20performs%20against%20real%20malware.%20it%20made%20me%20kind%20of%20worried.%20I%20really%20hope%20Microsoft%20improves%20it%20so%20that%20installing%203rd%20party%20AV%20software%20won't%20be%20the%20first%20thing%20a%20user%20should%20do%20after%20Windows%20installation.%3C%2FP%3E%3CP%3Eobviously%20I%20still%20and%20will%20keep%20using%20Windows%20Defender%20because%20I'm%20aware%20of%20the%20files%20I%20download%20but%20for%20the%20majority%20of%20people%2C%20that's%20not%20unfortunately%20the%20case.%3C%2FP%3E%3CP%3EI%20think%20Microsoft%20should%20put%20Windows%20Defender%20ATP%20inside%20the%20normal%20Windows%2010%20pro%20editions%20by%20default%20for%20everyone.%26nbsp%3B%3C%2FP%3E%3CP%3Eit's%20not%20a%20bad%20thing%20to%20make%20your%20OS%20a%20safe%20environment%20for%20your%20users.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fwindows%2Fmicrosoft-defender-atp%3Focid%3Dcx-blog-mmpc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fwindows%2Fmicrosoft-defender-atp%3Focid%3Dcx-blog-mmpc%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1013745%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Emalware%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esandbox%20mode%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Etest%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Defender%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1019556%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20and%20how%20it%20performs%20against%20malware%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1019556%22%20slang%3D%22en-US%22%3E%3CP%3EInteresting%20results%2C%20there%20were%20definitely%20a%20lot%20of%20malware%20thrown%20at%20the%20engine%20and%20you%20can%20see%20as%20they%20executed%20some%20got%20through%20evidently.%20What%20I%20would%20like%20is%20to%20get%20my%20hands%20on%20a%20copy%20of%20the%20malware%20samples%20used%20(or%20similar)%20to%20run%20against%20a%20machine%20in%20a%20lab.%20Anyone%20know%20where%20one%20could%20download%20bulk%20samples%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20end%20you%20can't%20just%20rely%20on%20the%20AV%20by%20itself%2C%20you%20need%20to%20stack%20your%20security%20with%20everything%20you%20can%20(ASR%2C%20UAC%2C%20AppLocker)%20and%20maybe%20mix%20it%20with%20another%203rd%20party%20%22next-gen-AI-ML-powered-fluff%22%20endpoint%20protection.%20It%20is%20too%20bad%20that%20the%20ATP%20is%20a%20subscription%20when%20the%20out-of-the-box%20engine%20can't%20handle%20it%20all.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
HotCakeX
Esteemed Contributor

I recently watched this video

https://www.youtube.com/watch?v=sE-xdb9hTqY

testing how Windows Defender (+ Sandbox mode ) performs against real malware. it made me kind of worried. I really hope Microsoft improves it so that installing 3rd party AV software won't be the first thing a user should do after Windows installation.

obviously I still and will keep using Windows Defender because I'm aware of the files I download but for the majority of people, that's not unfortunately the case.

I think Microsoft should put Windows Defender ATP inside the normal Windows 10 pro editions by default for everyone. 

it's not a bad thing to make your OS a safe environment for your users.

https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp?ocid=cx-blog-mmpc

 

Windows Defender Antivirus in Microsoft Windows 10 now comes with a sandbox for application isolation. How does it perform against a real onslaught of zero-d...
2 Replies
Highlighted

Interesting results, there were definitely a lot of malware thrown at the engine and you can see as they executed some got through evidently. What I would like is to get my hands on a copy of the malware samples used (or similar) to run against a machine in a lab. Anyone know where one could download bulk samples?

 

In the end you can't just rely on the AV by itself, you need to stack your security with everything you can (ASR, UAC, AppLocker) and maybe mix it with another 3rd party "next-gen-AI-ML-powered-fluff" endpoint protection. It is too bad that the ATP is a subscription when the out-of-the-box engine can't handle it all.

Highlighted
Ikr, I tried to get a subscription for WD ATP but first I had to fill in a long form and give details about a company that I should own and employees etc. so it's not for home users who want to be more secure, those people need to use 3rd party AVs.
about the samples, that guy made the video says in one of his previous videos explains how to get these fresh samples.
I saw the Kaspersky internet security 2020 results and it had 100% success rate.
but I'm not surprised.
Kaspersky was also the company who First identified Stuxnet and enaculated it
https://null-byte.wonderhowto.com/news/what-heck-was-stuxnet-0160816/