@@kekwnet no. He uses a VM which is completely isolated and those dont know that they are VM. Doesnt necessarily mean disconnected from internet. Otherwise he couldnt use the cloud servce protection of MS security.cheers
That ransomware should be fake. It was made by The Jester who is grey hat hacker. He helps defend the US from attacks. He made that to help out the hit TV show. Mr. Robot. So it shouldn't do anything unless someone made it as a joke/not a joke.
@Vishal Belbase not true. There are some identificators for virtual machines and if a malware can read them it can interpretate that he is in a virtual machine
(Quite possibly dumb) Sub-question: If it does escape from a Windows VM but the host runs Linux or Mac, would it be possible for the host to get infected?
Would have been interesting to do the same test with Windows Defender not configured one more time with the same samples just to compare the numbers at the end of the video.
Quite disappointed that Microsoft removed the "Desktop" location from controlled folders access by default. That is probably because it was causing conflicts when newly installed software was trying to create desktop shortcuts to lauch the program (I experienced these false positive blocks)
@@HotCakeX yeah and 99% of pepole doesnt have it and is a insider beta.No one cares about name before defender it was called Windows Security Essentials. Its the same 20h1 doesnt change much and how do you know what version is he using.
Would be good to see how well ransomware is stopped using OpenDNS, Cisco Umbrella, Cloudflare 1.1.1.1 Family etc with AV protection (double layers of security) Keep up the great work... :)
Brother, where are you? Brother? Brother this is the fifth boot.......plz no....brother! therefore, Leo and his VM is haunted and this error will arise in his dreams
Hi Leo, I like what you did you beef up WD and you could have beefed it up, even more, there are other settings within-group edit where you could have made some other minor changes. You can see where this becomes a powerful tool to use an a enterprise environment as well as the home user.
So friend congratulations on the excellent test with Windows Defender, I think that if you had removed the powershell as the main one and had deactivated it and left only the CMD as the main one this error might not occur in the end ... But even with this error in the end if u were at Start and located the error and remove with CCleaner or privacy eraser at the start of windows nothing would appear and the pc would be clean ... Congratulations Windows Defender has stood out in profound improvements with the artificial intelligence that was recently implemented. ..
Looks to me those MAPS group policy settings are not needed to harden if you already turn on "cloud-delivered protection" and "automatic sample submission" in your regular virus & threat protection settings. The group policy for 'Join Microsoft MAPS' states "In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership." The pre-reqs for block at first sight are: Join MAPS enabled (defaults to advanced if cloud-delivered protection is enabled), send file samples for analysis enabled (default to 'safe files' if automatic sample submission is enabled) and scan all downloaded files/attachments enabled (enabled by default if real-time protection is on). So all pre-reqs are already met. Furthermore the windows event logs show this when enabling the block at first sight policy: "Windows Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: Default\SpyNet\DisableBlockAtFirstSeen = 0x0 New value: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet\DisableBlockAtFirstSeen = 0x0" In other words, it was already not disabled...so enabled.
Windows Pro and Enterprise users that have their systems not in domain, you cannot summon Group Policy(gpmc.msc). However, you can summon Local Policy Editor(gpedit.msc), which is technically the same thing. Most changes are enacted after restart because most of them are registry keys.
Going through my watch later. Man this is an old video. I remember watching this when it released and it introduced me to something I never knew I'd love so much. I can't say I'm perusing a serious career in cybersecurity yet, but the amount I've learned through these years is unbelievable.
computing requires an enormous amount of mathematical type thinking ... AND THIS IS YOUR BEST VIDEO TO DATE !!! good music and the warehouse door slamming SOUND AFFECT is also great ...
It’s running through 1500 samples . This is not real world but a massive test all at once . 26 to 50% is fine when it does better than crowdstrike and cylance
About the fragmented malware which causes an error icon to appear in every restart : i'm most certain that if you had used AVG's *before- boot-to -windows -scan* this …. "haunted malware" as you called it , would have disappeared without the need for a PC-format . I have told you in the past how good is this unique scan from AVG , and to be honest ,I find it very weird that you don't even mention it at all !! . I believe that a unique protection feature such as this , would be worthy of some kind of mentioning …. Anyway , once again ,you have made another great video !! I really enjoy them !!
@@augusto3045 CORRECT , but he has a standard procedure during his tests . When he finishes the initial test , afterwards he performs PC-scan with several antivirus in order to check that everything is fine with the PC ( in this video check at @7:18 to see what I mean ). That's what I meant . I believe that if he had performed AVG's before ""boot to windows scan"" , instead of the standard scanning with Antivirus like Norton , Hitman Pro , i'm very confident that the issue with the ""haunted-malware"" would have been solved. That's what I meant.
Powernod - he could simply have used WD scan in offline mode which reboots, checks the boot sector and runs in safe mode, then reboots back into normal mode and gives you results. No need to install yet another AV.
The malware at the end of the video was probably successful because Attack Surface Reduction rules were not enabled. Testing malware files on the local network completely negates Block at First Sight even with this setting enabled via GPO (because the samples are missing the Mark of the Web.) At least this test method is better than his previous "tests" of WD, but his video is more a demonstration of WD's features than something resembling a real-world test.
I honestly wonder if my logic is correct. Modern windows is more solid so it rather shouldn't get infected easily like xp, vista or 7. So; 1. Using custom firewall 2. UAC with password for changes 3. Browser with anti malware adons 4. Opening unknown documents in the browser/one drive/sandbox is that enough?
I would guess so. But I would also say that no antivirus and just visiting genuine websites with adblocker turned on and making backups regularly _could_ be enough. I still use Kaspersky since I know I will at some point visit a dodgy website or download a dodgy executable. These few bucks a year are worth it for me since I like the data on my pc enough to spend that money.
@@kimakhiangte How about don't visit file sharing/streaming sites to begin with. Stealing software is how morons get infected, and illegal streaming sites are a hotbed for malvertising.
These settings are something interesting and that I didn't know existed. But for those who do not have the policy editor, such as Windows 10 Home users, how do you change these options?
of course you would want the firewall on.. I know some MSPs & ERP providers that would disagree. Always fun to see that disabled because otherwise it's difficult to troubleshoot..lol
Had the same sort of ghost as you put it that would appear everytime you boot up after being infected by malware, Used Autoruns software and found the entry of the component that was trying to start in the scheduled task tab, deleted the reg entry and all good after that, system was thoroughly cleaned first, might be handy for others that were left with the same problem
@NossR94 I don't think so ... Comodo Antivirus has the sanbox, the HIPS and the behavioral analysis that makes it armored compared to other free or paid ones.
Nunzio d'Abbruzzo - the HIPS is a nightmare, it doesn’t train properly, nor create rules for safe applications properly, and finally doesn’t always remember the settings and keeps triggering for something already saved. Comodo is a very nice idea, but it’s not tested properly and quality issues, I always feel like a beta tester, yet it’s released for production.
Really would love a video about general Windows or PC hardening! Some kind of "essentials" series on defense would rule. Found this channel today because I accidentally infected my computer yesterday with over 500 files. First time every doing something like that. I felt so stupid. I was moving too fast and clicked an ad instead of the real download. I felt like a grandma! But now i've been diving deep into PC security and finding it all super fascinating. Malwarebytes was able to get my PC clean and back to where it was before. (I hope)
I checked your kaspersky video and honestly the CPU usage was not very different (stayed on the mid 20's most of the time with spikes to 40's) and got a bit of a better result 99.53 vs 99.9. This was not a bad result for an included feature, not bad at all.
Don’t know if anyone else is like this too, but watching videos about others downloading malware is spine-chilling to me. That’s why I’ve really never watched videos like this. But I mean-content like the stuff Leo makes is something that you can’t find anywhere else and is also pretty interesting too lol 😂 And I’m over here watching malware one-tap PCs on one of the safest devices ever: an iPad computer lmao 🤣
Can you test Iobit Malware Fighter and Iobit Advance System Care Ultimate. Im running both right now and im wondering your thoughts on them running together. Thanks for all your videos keep them coming. You should set up the you tube join option. Im happy to pitch in a few bucks every month to help you get access to software keys for testing. Im sure I am not the only one willing to do so either.
Honestly, the 'performance hit' isn't as great as you want to think it is. the thing is, if you slam it with 100's+ of new files all attempting to load at the same time... ya it's going to do bad things. Though frankly I was someone who LOVED Comodo security suite & a literal every program had to be checked off & approved to be allowed to run (I accidently broken win 8.1 & 10, with it) and for the very feature I loved in it, to be including in windows 10 baked in... even if a preformance hit .. is great. There is always trade off with security & performance, but that hit is in load times, and first file loads... along with a secondary benefit of when a file is updated, it is considered first sight again.. which can help avoid subtle infections that otherwise get overlooked because it was clean once.
What specs do your virtual machines have? I'd just like to have a reference point for how much of your resources they're using as evidently 50% of 8gb isn't the same as 50% of 32gb etc.
Hey there! Do you think I can do this Windows Hardening with an i7-8700k and 16GB RAM while simultaneously being able to game/browse and such? I don't want to much of a performance impact.
Please make the video on hardening windows soon! I have no idea where to start but want to harden a VM so that viruses/people can't break out and do damage. Thanks!
Love your videos. Most informative I've ever found! If you had a choice of Bitdefender free (which I don't think has the safe files feature). Or Windows defender (so you can implement controller access). Which should you go for? In other words, is the availability of a controlled access feature valuable enough to warrant a less reliable detection rate?
Defender has to be turned of if you use another antivirus if you want a decent performance :-) Yet disabling scripting in Powershell is advisable if you want more security. Also using separate admin account with password, passkey or biometrics and a different user account for every day tasks. using Group Policies can reduce risk further. With firewall you can reduce exposure to malicious software. Separating often insecure IoT and out of support devices to another network can reduce exposure even further. Some people run Linux and when they need windows they use a VM. Linux by design is made more secure, small market share on desktop makes it a smaller target. There are real time antivirus for it. Like Bitdefender and Eset. Same still stands with Linux - You need to segregated access levels, reduce exposure and use common sense :)
Did you have a chance to make the same tests (including Ransomware Tests) in Windows Defender ATP? It would be interesting to do it and check how the system holds up! Thank you for your vids! Nice work!
George K - this group policy is for Defender. If you use Avast or any other antivirus it will disable Defender completely, so it would be irrelevant to change the group policy.
Hi, First of all thanks much for this video. I'm in the process of creating tweakguides screenshots to harden Windows Defender as you suggested. I did the exact same method and settings that you did except I turned on Pua protection through group policy not Powershell because I was getting an error there with. My one question for you is that I think I have noticed a slight decrease in performance and if that's true which of these settings if not all of them are going to have the most impact on performance?
Why does he enable PUP protection via powershell rather than with the GPO that does it? Also I found I had to load the powershell module for defender manually from the av install folder in programdata... on win 2004 anyway...
Question: I've ran a Full Scan with my Window Defender, and it showed me that I've hundreds of threats found caused of the new Kali Installer I've been installed in my VM. It never happened b4 but just started a few weeks ago, I've clicked on the " Start actions " button to remove those threats, but it never worked... What should I do now? just completely delete the Kali iso? but I needed it for my study.. >.< Sry if I've asked a weird question.
Firstly, thanks for the comprehensive insight. Secondly, I was wondering what your thoughts were on the various guards? Thirdly, looking forward to the windows hardening tips. Keep up the great work :)
i wish you ran it before hardening, then harden it and run the exact same test for a comparision :(
Ah, controls. Very important in an experiment.
well some malware could escape before hardening. ESPECIALLY that half removed one. It could escape completely.
He did test with default WD settings about 2 months ago ua-cam.com/video/VXtTgP8JkSk/v-deo.html
just check the start-up services to avoid seeing that dialogue box
this guy's videos makes me wanna download viruses so i can watch a war between them and my antivirus lol
Please do not try this at home. lol.
YES SAME
@@ahsookee he disables internet
@@kekwnet no. He uses a VM which is completely isolated and those dont know that they are VM. Doesnt necessarily mean disconnected from internet. Otherwise he couldnt use the cloud servce protection of MS security.cheers
I need a class on how to configure a secure test system for entertainment purposes....
1:38 "You have to pay 5.9 Million USD" ......... Ransomware thought it's targeting bill gates or what :v
we should forward these messages to Bill Gates lmao xD
That ransomware should be fake. It was made by The Jester who is grey hat hacker. He helps defend the US from attacks. He made that to help out the hit TV show. Mr. Robot. So it shouldn't do anything unless someone made it as a joke/not a joke.
Curious if any malware has ever broken out of your VM containment and infected the host machine
@Vishal Belbase not true. There are some identificators for virtual machines and if a malware can read them it can interpretate that he is in a virtual machine
Theos Escaping the VM is a whole different challenge.
(Quite possibly dumb) Sub-question: If it does escape from a Windows VM but the host runs Linux or Mac, would it be possible for the host to get infected?
That's like Agent Smith getting out of the Matrix into the real world
Step 1: shared folder
Step 2: mounted as write read
Would have been interesting to do the same test with Windows Defender not configured one more time with the same samples just to compare the numbers at the end of the video.
Leo again as I always said thank you for your great work and amazingly informative videos to watch
Great stuff Leo. Looking forward to follow-up videos you mentioned. Thanks
Quite disappointed that Microsoft removed the "Desktop" location from controlled folders access by default. That is probably because it was causing conflicts when newly installed software was trying to create desktop shortcuts to lauch the program (I experienced these false positive blocks)
@@HotCakeX wow a whamen that's interested in any sort of computing 🥰
@@HotCakeX yeah and 99% of pepole doesnt have it and is a insider beta.No one cares about name before defender it was called Windows Security Essentials. Its the same 20h1 doesnt change much and how do you know what version is he using.
Do a test for Norton security
Would be good to see how well ransomware is stopped using OpenDNS, Cisco Umbrella, Cloudflare 1.1.1.1 Family etc with AV protection (double layers of security) Keep up the great work... :)
Brother, where are you?
Brother?
Brother this is the fifth boot.......plz no....brother!
therefore, Leo and his VM is haunted and this error will arise in his dreams
Hi Leo, I like what you did you beef up WD and you could have beefed it up, even more, there are other settings within-group edit where you could have made some other minor changes. You can see where this becomes a powerful tool to use an a enterprise environment as well as the home user.
2:35 in Windows 10 2004 the folder is named "Microsoft Defender Antivirus"
Yeah I was a bit confused when I looked under my Edit Group Policies and it wasn't there.
@@nonvideo I can't even find Edit Group Policies
@@vinnyc365 You need Windows 10 Pro. Windows 10 Home won't let you access it.
@@nonvideo That's true, but you can install gpedit on home
So friend congratulations on the excellent test with Windows Defender, I think that if you had removed the powershell as the main one and had deactivated it and left only the CMD as the main one this error might not occur in the end ... But even with this error in the end if u were at Start and located the error and remove with CCleaner or privacy eraser at the start of windows nothing would appear and the pc would be clean ... Congratulations Windows Defender has stood out in profound improvements with the artificial intelligence that was recently implemented. ..
Damn that hardening did the trick! Thou I use WinDef (and also common sense to not click random stuff), this is impressive! Great video!
You on the latest windows version? You still have all the old icons ?
The new icons are delivered through the windows store, he's probably just using a local account.
@@TheFPSPower I use a local account and i got the new icons
Probably the LTSC version, which doesn't have all the crap of other Windows editions
It is ltsc soo it's not a revelant for windows 10 normal edition
The new icons are being delivered in waves I hear.
Might be worth noting that the Group Policy isn't available in the Home SKU. Don't know if any of the policies can be edited in the registry directly
It is available, you just have to activate it, you can find some instructions easily in the internet, does not take longer than only a few minutes
Here's a hint: Everything that he just said can be achieve via the Registry.
Cool!! I added these to the Advanced Settings video posted a few months ago by Computer Solutions, so we'll see how it goes.
Do you have the list of Windows Defender tweaks you did (in the video) on your website or on a document/PDF? Thanks!
Bro I always told you defender is very powerful and it is my favourite. I will always love it. This is your first unbiased video. Like from my side.
I added this video to my watch list. I'm at work right now but have always been a fan of Bastille so I must watch.
I have a 32 core machine. I’m excited to know I can use this configuration.
You will get more false-positives with absolutely max settings.
Just found this video. Great job making complex instructions, make sense to us simpletons.
have you done any research on Basic "FREE" AVG vs Windows Defender?
I didn't know about the PUAProtection command. Thank you. Just did it on my machine.
I love the new format it makes these videos feel more like a show you'd see on TV!
I always knew, one day Microsoft will make a good av, now it is true. No more 3rd party craps
Looks to me those MAPS group policy settings are not needed to harden if you already turn on "cloud-delivered protection" and "automatic sample submission" in your regular virus & threat protection settings. The group policy for 'Join Microsoft MAPS' states "In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership."
The pre-reqs for block at first sight are: Join MAPS enabled (defaults to advanced if cloud-delivered protection is enabled), send file samples for analysis enabled (default to 'safe files' if automatic sample submission is enabled) and scan all downloaded files/attachments enabled (enabled by default if real-time protection is on). So all pre-reqs are already met.
Furthermore the windows event logs show this when enabling the block at first sight policy:
"Windows Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\SpyNet\DisableBlockAtFirstSeen = 0x0
New value: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet\DisableBlockAtFirstSeen = 0x0"
In other words, it was already not disabled...so enabled.
Great content Leo, thanks!
Windows Pro and Enterprise users that have their systems not in domain, you cannot summon Group Policy(gpmc.msc). However, you can summon Local Policy Editor(gpedit.msc), which is technically the same thing. Most changes are enacted after restart because most of them are registry keys.
Hey, could you go over the national security letter which any cooperation based in the USA can receive?
Going through my watch later. Man this is an old video. I remember watching this when it released and it introduced me to something I never knew I'd love so much. I can't say I'm perusing a serious career in cybersecurity yet, but the amount I've learned through these years is unbelievable.
computing requires an enormous amount of mathematical type thinking ... AND THIS IS YOUR BEST VIDEO TO DATE !!! good music and the warehouse door slamming SOUND AFFECT is also great ...
does bitdefender total security slow down gaming performance?
all antivirus take cpu cycles.... theres some that take less other more.
Leo: I'm concerned the antivirus consumed up to 50% CPU
Also Leo: makes the antivirus deal with 1k malware files executed at once
It’s running through 1500 samples . This is not real world but a massive test all at once . 26 to 50% is fine when it does better than crowdstrike and cylance
About the fragmented malware which causes an error icon to appear in every restart :
i'm most certain that if you had used AVG's *before- boot-to -windows -scan* this …. "haunted malware" as you called it , would have disappeared without the need for a PC-format .
I have told you in the past how good is this unique scan from AVG , and to be honest ,I find it very weird that you don't even mention it at all !! .
I believe that a unique protection feature such as this , would be worthy of some kind of mentioning ….
Anyway , once again ,you have made another great video !! I really enjoy them !!
AVG??? hes use the windows defender not AVG of Avast
@@augusto3045 CORRECT , but he has a standard procedure during his tests .
When he finishes the initial test , afterwards he performs PC-scan with several antivirus in order to check that everything is fine with the PC ( in this video check at @7:18 to see what I mean ). That's what I meant .
I believe that if he had performed AVG's before ""boot to windows scan"" , instead of the standard scanning with Antivirus like Norton , Hitman Pro , i'm very confident that the issue with the ""haunted-malware"" would have been solved.
That's what I meant.
Powernod - he could simply have used WD scan in offline mode which reboots, checks the boot sector and runs in safe mode, then reboots back into normal mode and gives you results. No need to install yet another AV.
The malware at the end of the video was probably successful because Attack Surface Reduction rules were not enabled. Testing malware files on the local network completely negates Block at First Sight even with this setting enabled via GPO (because the samples are missing the Mark of the Web.) At least this test method is better than his previous "tests" of WD, but his video is more a demonstration of WD's features than something resembling a real-world test.
true, also there is MDATP to add to this.....
Yep, he’s not as smart as he thinks. His tests are generally unrealistic.
@@AlpineTerrier Too bad most of his fans take his word as The Gospel!
true
I honestly wonder if my logic is correct.
Modern windows is more solid so it rather shouldn't get infected easily like xp, vista or 7.
So;
1. Using custom firewall
2. UAC with password for changes
3. Browser with anti malware adons
4. Opening unknown documents in the browser/one drive/sandbox
is that enough?
I would guess so. But I would also say that no antivirus and just visiting genuine websites with adblocker turned on and making backups regularly _could_ be enough. I still use Kaspersky since I know I will at some point visit a dodgy website or download a dodgy executable. These few bucks a year are worth it for me since I like the data on my pc enough to spend that money.
@AM 9. Use your phone for visiting shady sites and downloading from free file sharing/streaming sites.
UAC has never really been any good as people have developed ways to bypass it.
@@kimakhiangte How about don't visit file sharing/streaming sites to begin with. Stealing software is how morons get infected, and illegal streaming sites are a hotbed for malvertising.
@@TotalNonstopThemes You just called 1/3 of a whole planet morons, because for them it is the only way to get software and movies.
These settings are something interesting and that I didn't know existed. But for those who do not have the policy editor, such as Windows 10 Home users, how do you change these options?
www.maketecheasier.com/harden-windows-defender/
Equally entertaining and informative. Excellent quality 👍
Thanks Leo you do a great job and i learn something new every time i watch your video's. i Look forward to your video on hardening windows 10.
Wow, what a suprise
Hardening was incomplete. It needed ASR rules
github.com/AndyFul/ConfigureDefender
Will you do the same hard setting to other products?
of course you would want the firewall on.. I know some MSPs & ERP providers that would disagree. Always fun to see that disabled because otherwise it's difficult to troubleshoot..lol
Had the same sort of ghost as you put it that would appear everytime you boot up after being infected by malware, Used Autoruns software and found the entry of the component that was trying to start in the scheduled task tab, deleted the reg entry and all good after that, system was thoroughly cleaned first, might be handy for others that were left with the same problem
Yes, I want to see the hardening of windows. :)
You can test Comodo Antivirus (proactive configuration). Thank you.
@NossR94 I don't think so ... Comodo Antivirus has the sanbox, the HIPS and the behavioral analysis that makes it armored compared to other free or paid ones.
Nunzio d'Abbruzzo - the HIPS is a nightmare, it doesn’t train properly, nor create rules for safe applications properly, and finally doesn’t always remember the settings and keeps triggering for something already saved. Comodo is a very nice idea, but it’s not tested properly and quality issues, I always feel like a beta tester, yet it’s released for production.
How do you turn it on
What are thoughts on Windows Defender as an Enterprise install vs Sophos and Sophos Central?
Really would love a video about general Windows or PC hardening! Some kind of "essentials" series on defense would rule. Found this channel today because I accidentally infected my computer yesterday with over 500 files. First time every doing something like that. I felt so stupid. I was moving too fast and clicked an ad instead of the real download. I felt like a grandma! But now i've been diving deep into PC security and finding it all super fascinating. Malwarebytes was able to get my PC clean and back to where it was before. (I hope)
how would a person go about learning to diagnose and repair software PC problems
I checked your kaspersky video and honestly the CPU usage was not very different (stayed on the mid 20's most of the time with spikes to 40's) and got a bit of a better result 99.53 vs 99.9.
This was not a bad result for an included feature, not bad at all.
Don’t know if anyone else is like this too, but watching videos about others downloading malware is spine-chilling to me. That’s why I’ve really never watched videos like this. But I mean-content like the stuff Leo makes is something that you can’t find anywhere else and is also pretty interesting too lol 😂
And I’m over here watching malware one-tap PCs on one of the safest devices ever: an iPad computer lmao 🤣
you didn't mention which version of Windows 10 & Windows Defender you did use?
Interesting test, I love it!
Question I'm going back to a windows PC after 9 years on a Mac. What Is the best security solution that takes up the least amount of system resources?
What's the best antivirus to buy right now for PC?
Hey, this is a good one. But how about a home user?
I really that you now show how to secure windows. Keep that good work up :) thanks
Can you test Iobit Malware Fighter and Iobit Advance System Care Ultimate. Im running both right now and im wondering your thoughts on them running together. Thanks for all your videos keep them coming. You should set up the you tube join option. Im happy to pitch in a few bucks every month to help you get access to software keys for testing. Im sure I am not the only one willing to do so either.
iObit is a very shady company and both of those are a scam and scareware.
are your backgrounds available to download? if yes, how do i get them?
preferabily without the text
Which Software you use for Screen Recording?
Please test hardened Kaspersky! You've always tested it on recommended settings, never on ultra high!
Honestly, the 'performance hit' isn't as great as you want to think it is. the thing is, if you slam it with 100's+ of new files all attempting to load at the same time... ya it's going to do bad things.
Though frankly I was someone who LOVED Comodo security suite & a literal every program had to be checked off & approved to be allowed to run (I accidently broken win 8.1 & 10, with it) and for the very feature I loved in it, to be including in windows 10 baked in... even if a preformance hit .. is great.
There is always trade off with security & performance, but that hit is in load times, and first file loads... along with a secondary benefit of when a file is updated, it is considered first sight again.. which can help avoid subtle infections that otherwise get overlooked because it was clean once.
What specs do your virtual machines have? I'd just like to have a reference point for how much of your resources they're using as evidently 50% of 8gb isn't the same as 50% of 32gb etc.
Hi Leo. Great video as always. Would it be possible to execute any of these 800 threats without administrative privileges?
Would it still perform as good with internet disconnected? (and those options enabled)
Hey there! Do you think I can do this Windows Hardening with an i7-8700k and 16GB RAM while simultaneously being able to game/browse and such? I don't want to much of a performance impact.
Nice job from M$
Could you try trend micro 2020?
Please make the video on hardening windows soon! I have no idea where to start but want to harden a VM so that viruses/people can't break out and do damage. Thanks!
Love your videos. Most informative I've ever found! If you had a choice of Bitdefender free (which I don't think has the safe files feature). Or Windows defender (so you can implement controller access). Which should you go for? In other words, is the availability of a controlled access feature valuable enough to warrant a less reliable detection rate?
Would you recommend these settings on top of a third party AV?
Defender has to be turned of if you use another antivirus if you want a decent performance :-) Yet disabling scripting in Powershell is advisable if you want more security. Also using separate admin account with password, passkey or biometrics and a different user account for every day tasks. using Group Policies can reduce risk further. With firewall you can reduce exposure to malicious software. Separating often insecure IoT and out of support devices to another network can reduce exposure even further.
Some people run Linux and when they need windows they use a VM.
Linux by design is made more secure, small market share on desktop makes it a smaller target. There are real time antivirus for it. Like Bitdefender and Eset. Same still stands with Linux - You need to segregated access levels, reduce exposure and use common sense :)
defender and firewall two different things
I'm using Kaspersky and so far the experience has been great. I would love to see a test about it.
Can you recommend an AV for pc gaming?
Did you have a chance to make the same tests (including Ransomware Tests) in Windows Defender ATP? It would be interesting to do it and check how the system holds up!
Thank you for your vids! Nice work!
Added to favourite playlist
Can you please tell me where do you get those malware samples from please
Did you try DefenderUi?
while using Avast would you recommend these changes is group policy? Thanks
George K - this group policy is for Defender. If you use Avast or any other antivirus it will disable Defender completely, so it would be irrelevant to change the group policy.
Hi,
First of all thanks much for this video. I'm in the process of creating tweakguides screenshots to harden Windows Defender as you suggested. I did the exact same method and settings that you did except I turned on Pua protection through group policy not Powershell because I was getting an error there with. My one question for you is that I think I have noticed a slight decrease in performance and if that's true which of these settings if not all of them are going to have the most impact on performance?
what about zero tolerance blocking level for cloud protection 3:26
Why does he enable PUP protection via powershell rather than with the GPO that does it? Also I found I had to load the powershell module for defender manually from the av install folder in programdata... on win 2004 anyway...
I'm staying tuned for the video how to harden windows 💪😊
Opinions on RogueKiller? Works really well IMO
So is it good?
defender made that one script an orphan
You should mention how many files or how much data you have on your computer so that we can estimate the time it takes.
Getting an error message when windows boots up is really annoying :/
I guess you could track that down and fix it.
But can't use both ESET and WD all protections? Anyhow?
It is actually pretty good
Leo, you are the best! Do a video on how to harden your MacOS system security.
Why don't you check if PC is infected (malware in memory, autoruns keys added) and run second opinion scanners before rebooting?
I'm surprised you didn't use Malwarebytes or Adwcleaner as a second opinion scan or the only ESET scanner or Kaspersky Virus Removal Tool.
I wouldn't be able to sleep if I had that many malwares
So what is the best way to contact you for help with ransomware attacks?
As usual, an interesting video. I will look into these settings for my company.
Where can we find these malwares to make our own tests?
Question: I've ran a Full Scan with my Window Defender, and it showed me that I've hundreds of threats found caused of the new Kali Installer I've been installed in my VM. It never happened b4 but just started a few weeks ago, I've clicked on the " Start actions " button to remove those threats, but it never worked... What should I do now? just completely delete the Kali iso? but I needed it for my study.. >.< Sry if I've asked a weird question.
Contact Microsoft, or try search how to clean logs(may work), this is the only issue for me. Most of the time threads already 'cleaned'.
@@x1aomantou Thx for the reply, i might just keep using it since it's not affecting much of my performance..
I tried to use -MpPreference but its showing parameter cannot be found.
Firstly, thanks for the comprehensive insight. Secondly, I was wondering what your thoughts were on the various guards? Thirdly, looking forward to the windows hardening tips. Keep up the great work :)
What free antivirus should I use?