Windows 10 News and info | Forum
September 23, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Microsoft quietly makes huge change to Windows 10’s antivirus tool  (Read 34 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31810


I Do Windows


WWW Email
« on: September 04, 2020, 11:05:21 AM »
ReplyReply



Recently, it was discovered that Microsoft is no longer allowing consumers to disable Windows Defender antivirus tool via the Windows Registry. Microsoft originally remained tight-lighted on the changes made to Windows 10’s antivirus tool, but the company has now shared more details on the whole controversy.

Microsoft again confirmed that it has retired ‘DisableAntiSpyware’ to prevent users from disabling Windows Defender via Windows Registry. However, Microsoft says it has retired the legacy option to disable the antivirus because it no longer makes any sense in the latest version of Defender.

Windows Defender is designed to turn off automatically whenever users try to install another antivirus product, so it doesn’t really make sense to disable Windows 10’s built-in protection tool manually, according to Microsoft.

‘DisableAntiSpyware’ is designed only for IT pros and admins to disable the antivirus engine whenever they need to install their own security product.



“The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus. This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected,” Microsoft noted.

By retiring this feature, Microsoft will also prevent attackers from turning off Windows Defender.

Windows Defender can now download files

A report suggests that Windows 10’s built-in antivirus software ‘Windows Defender’ has been updated with a new feature that could be abused by attackers to download malware from the internet.

According to security researcher Askar, Windows Defender has been updated with a new command-line feature called “MpCmdRun.exe”, otherwise known as Microsoft Antimalware Service Command Line Utility.

Security researcher Askar claims that these changes to the Windows Defender-powered command-line tool could be abused by attackers as a living-off-the-land binary (LOLBin). In other words, hackers can abuse these binaries and download any file from the internet, including malware.

It also means that users will be able to use Windows Defender itself to download any file from the internet. This is unlikely to be a major security flaw as files are still checked by Windows Defender after you finish the download using the command-line tool.

In theory, Windows Defender tool can’t be used to download any malware that could infect your system, but this is an odd change, and security researchers believe that it could be abused.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page September 15, 2020, 04:33:29 AM