You left a lot of us hanging. You really need to do a video that goes into more depth on determining the optimal settings of Defender UI for protection and performance, then do a comparison with what you consider are the top 2 other anti-virus software solutions.
He clearly does not recommend using windows defender as the only antivirus. Get Kaspersky bitdefender etc which are actually good. Plenty of well known players have free products as well. Windows defender eats up your system resources too. There is no meaningful justification to keep using it. If you're concerned about cost, get Kaspersky free version or some other good product there are plenty
(enterprise user here) ASR is crucial, along with cloud sampling. In the MDE cloud portal, there are additional controls like "device discovery" as well, by default, it acts as a network device scanner to scan the device's subnet and try to grab information and share to MDE portal.
I have at least 3 of them. Mullvad secure DNS with filters. Portmaster firewall with filters. And one more which is so popular that YT is ready to ban just for saying about it )
Woot you included DefenderUI!!! I’ve been waiting so long for you to make a video on this 🎉🎉🎉 ASR customization is DefenderUIs best feature, brings it closer to Defender for Endpoint. It just needs a self-defense mechanism.
Found implementing ASR in an Enterprise context that we had very little compatibility problems by doing so for the vast majority of rules. Honestly, some of those need to become Defender baseline. As for your question around Cloud Protection Level, it mostly has to do with how long will Defender hold up the process if it can't talk or receive a response. The higher you set it, the more chance a machine can seem to freeze or slow down when executing something. Should also be noted that Defender now also has a Application Whitelisting style solution called Smart App. Oddly, it can't be set to On if its ever been set to off (some sort of trusted verification chain), but on standard users, this is a really easy way to setup default deny.
The video really need two more parts: impact on app compatibility and relative system performance degradation benchmarking. You have sort of summed up the first. Thanks.
@@vr0k3n There's literally zero mention of open source on their website, there's no access TO source code anywhere. Show me a path to the source code and i'll consider it open source after having examined the code. Not a second earlier.
I'd love to see you do a side-by-side test of WD, one VM with configure defender on the "max" template and the other VM with defender UI on the "aggressive" template
It is actually a big shame to in 2024 see this type of behavior from WD. If you need to install another app to improve the security of WD then you might as well instead go with a third-party-antivirus. I would never rely my security on an antivirus that in 2024 can't even detect a "well-known threat" and is mostly chanceless against the modern advanced form of threats. However, good work on the review about this software, keep up the great informative work you provide us with!
I agree. This video is too shallow. The optimal setting combination needs to be explored and then a comparison with the top 2 alternatives made in both protection and effect on system performance.
@@jeffc6059 It's still trash how windows 11 limit the cpu gen and the ability to be upgraded and advertised as ExTrA sEcuRIty when it can't even blocked well known virsu from 3 fucking years ago
Great info. Let's see if when using the UI, Defender can now compete with other products, given it is free. Buying paid malware protection products can become expensive when one has to protect a number of virtual and non-virtual devices.
@@actuit depends heavily on the office suit, pdf software that you have installed. So the general guideline is to enable max protection by turning on or setting to "warn" in DefenderUI and set high security/privacy in your office/pdf suit as well, and disable those which break your routine work
Rather than use third-party tweaks for Windows Defender, I prefer to use ESET security suite, uBlockorigin adblocker, and Quad9 DNS, which blocks malware domains.
It's almost the same, but the difference is to enabling the sense process for reporting data to the MS SecurityCenter, but in general the major functionality is exactly the same as for private users.
Thanks for investigating and sharing!... I use a few utilities e.g. Winaero Tweaker but hadn't come across DefenderUI -- looks v. promising though, will be checking it out for sure! 👍🏼
Without context, this test is not telling us much. Yes, carefully tuned, Defender improves, but at the same time consumes more resources. Without a comparison to other virusscanners, this does not tell us anything.
It consumes more resources cause it tries to make a careful analysis of every file. Don't you find this natural? Or you prefer that your AV just let some files go? The reasonable conclusion is only one: don't start many applications in a short period of time, especially one suspicious file after another, to let your AV make a good analysis, and generally let your system to distribute the system resources. Just like we normally do, right?
It's so insane to me those options aren't enabled by default on Windows Defender O_O What's the point in using it, then? I'd never fall for ransomware but i still have Kaspersky just in case whatever happens.
Nice vid Questions I'd ask is 1. If you just run black claw would windows detect and stop 2. Were the files in one drive and vault effected 3. Is letting python run part of the problem , ( doesn't python nominally get detected by Windows especially when it's doing things like launching a 100 malware programs , and some encryption programs use python ?)
About cloud detection, i use eset and when i want to open suspicious app or file it will block it first then it will do cloud analysis. If the app or file is safe it will let you use otherwise it will remove it. Antivirus should not allow suspicious app to run before analyzing it.
I'd be very interested in how you set up your VMs to be sure that your Hypervisor doesn't get infected. Aswell as where you're getting all those malware samples from. Cheers!
Hi Leo, no you definitely have to tweak Windows defender the best way of doing it is going through the edit local group policy if you can do that and tweak the heuristics and tweak the cloud level thisy ites it a little bit more difficult or more stringent more difficult to get t nohrough to the operating system. With that defender tool I'm assuming that you can tweak the settings even if you don't have the pro edition so that makes it even more effective tool to use.
*@The PC Security Channel* 2:19 Could you run this test again, but slower, give Windows PLENTY of time (several seconds?) to do the network checks & whatnot, and see if the detection ratio improves?
Keep your stuff on an external HDD which is backed up on another external HDD. I started doing this about 14 years ago when my PC got infected by a ransomware. I learnt more about PC security and never had the same problem.
If you look the last entry before the first test concludes it has processed 63 files an has a detection ratio 98.41%. I'm sure the final result was just a tad higher which means it basically tested to be just as effective as bitdefender and Kaspersky. How come that wasn't mentioned in the video. How come when bitdefender and Kaspersky tests to have the same 98% detection ratio we say oh that's great an then recomend them but when windows defender does it we say see told you defender was a piece of crap. The result shows that windows defender is clearly not crap.
Pretty sure he's sponsored by Kaspersky. There's literally no other way this makes sense, even US CISA recommends against using Kaspersky in enterprise.
@@IPendragonI please don't fool around in those test unknown files were used and here known ransomware from past decade was used where anything less than 100% is bad. and moreover the end result matters the defender could not save the files whereas others (kaspersky , bitdefender) blocked it somehow or the other using other protection mechanisms .... And moreover the US apps also collect data and if we the outer nation peoples are not worried why US hiccups when apps from other nation collects there data..Hypocritical Bs of a nation...Also he never mentioned name of kaspersky like that in this video so clear of your eye lenses and check your ears....
any free antivirus is no better than WD. Testing antiviruses by running a script which runs one after another viruses undermines the idea of cloud based analysis. No normal user will run many suspicious program at once, so your pc/internet bandwidth will be enough to research one file and get a good answer is it safe for it to run. Just like expected, in second scenario with 100% result it took much more time to run all the viruses. Which means that in reality your WD will also have close to 100% detection rate
Transformative content, I like that the malware sandbox domain allows you run a virtual machine all the way to Windows 7 32-Bit The one back at my house is 64 bit though
nice joke ) I'm sure that any normal use of PC will give enough time for WD/cloud to check if the file is safe or not. So running script that executes one file after another is no way a good estimation of AV capabilities. It's an extreme sport And when WD was a bit tweaked, it had all the time to check carefully every file executed, and was able to block all of them
I do think there are differences now with the Windows Security (now the basic protection with windows OS) and the MS Defender AV from Microsoft with the Office, it would be nice to test this one to see what it is the differences.
Only people who watched this video or already know about ASR rules will be able to follow it. I don't think it's enough for most computer users, since using Defender UI is already complicated for normal users, NOT US. But it's always good to know that at least we can reduce some cost for AV solutions for some computers that we don't poke random Internet websites. ;p
So is 98% considered good compared to other protection software? Is it enough to just have defender on my system? There was no comment about the overall performance of defender, would appreciate your input (or anyone else in the comments). Thank you!
yes, it's good. But if you plan to use it without tweaking its optional protection, you better go through ALL security/privacy settings in all your pdf/office/mail software and enhance them by: disabling scripts and macros by default, and enhancing other security settings, like disabling access to internet for pdf/office In fact, it's better to do it anyway, cause it's another layer of protection
Bear in mind this was a TINY test against just ransomware samples and has nothing to do with defenders overall protection As well as that, the world of ransomware even one sample being missed is game over
you need also bear in mind that it's not normal to run a script executing one malware after another. It's much more reallstic to EXTRACT a big pile of (possibly) malware files, which simulates a more likely situation. That's why many AV testers do exactly such kind of test instead of running a script. Though it does not deny that a method used in this channel is not relevant. It is relevant in some situations. And the result of 98% simply stands for a fact that windows defender under heavy load is much more capable when you give it a lot of time and/or system resources and a good internet access to online cloud test
you need also bear in mind that for a purpose of simplification of his test the owner of this channel runs his script under admin account, and possibly with minimal UAC security settings. Which no normal user should do )
Could you test the detection ratios of the open source antivirus ClamAV on Windows? Or Linux even. I've never seen a video like this and I have been curious about the detection ratios of this (only?) open source AV.
Clam av is not an antivirus, nor is it designed to be useful as one Its designed to be a malware scanner for mailboxes That means you set it up to scan every so often to remove malware people might send It has terrible detection rates when compared to any reasonable av (because its not an av) and is not something I would ever recommend using outside its intended purpose (this is the simple version)
@@sylussquared9724 Thanks for the clarification. You're probably right that it is not a realtime antivirus, even tho you could theoretically use it as one. Regardless, I would be interested to see detection results of a folder scan for example in comparison to second opinion scanners such as HitmanPro or Malwarebytes.
Was mich jetzt nur intressieren würde ist ob auch die Firewall stärker oder genauso mies ist wie vorher? Wäre es möglich das mit einem Test herauszufinden?
Hi, I gratefully follow you about cyber security. I have a very basic/newbie doubt about PIN vs Password, and I'd like to have your opinion. Recently I switched my Windows account to a local one (for security reason), so now I can access on my Windows system by both my local password OR my old Windows PIN, that's redundant IMO. Q: From a security point of view, is it good keeping only the local password, or is it better maintaining both methods?
I don't understand why you disable the ransomware protection feature (Controlled folder access)? The whole idea of that to protect against you know Ransomware?
I think it's because controlled folder access is disabled by default, and he wanted to run a test specifically with the default settings, assuming a user has never changed any of them. But you are correct, if you want to protect against ransomware, its advised to turn this feature on even if you don't do anything else.
Controlled folder access stops ALL programs accessing the files A: See the above comment ^ B: That would make the test unfair and completely pointless as it would not block the ransomware but stop it from encrypting the files
Recently purchased a new laptop this week. It came with McAfee pre-installed, and initially, I was pleased to receive a free 1-year subscription. However, after conducting some research, I decided to fully delete it and am now using Defender to protect it from internal threats like McAfee.
@@davidhoward4715 Actually, depending on the way you look at the feature, it is a trouble maker. Controlled Access Folder doesn't work like regular folder protection modules in market antiviruses, it's far more agressive and thefore less usable in the real world. Last time I checked, if you protected a folder, you couldn't even make yourself a modification in a document or use the space as an administrator, say decompress a zip file in the protected folder. User interaction with the mentioned folders was painful, resulting in a huge percent of the users disabling the feature.
@@gonzaloxmYeah, I would like to have it turned on but if I do I can't even play games because it doesn't let them save savefiles on the Documents folder
Hello, in your video in the progress of testing windows defender, cpu loaded on 100% May be Low performance cpu doesn't allow defender delete all Ransom in during
I have customized ASR rules such as show allow from USB, block cred stealing from Lsass in Pro or enterprise windows editions(benchmate or any app that stores creds in plaintext excluding will fail post http method) and warning for psexec wmi and process creation.
Hi. Could you investigate the issue regarding unsubscribing from various anti-virus software packages. I recently wanted to cancel my own very well known product but the option to cancel renewal wasn't even available.
that's a standard practice for many online services. You give your credits once - and it never ends. ALWAYS check if the company has a physical address where you can send a letter which obliges the company to close the contract
Automating the execution really defeats the purpose though doesn't it ? Ransomeare is a user issue, as are a good percentage of incidents. Its the low hanging fruit.
@@DomZeal if you want you can download a 3rd party. or if you don't want another thing installed on your pc you can hardener windows defender. everything you do on defender ui you can do in other ways like powershell and scripts. is just a easier way to manage it.
@@jmtradbr Fair enough. Although, Defender UI seems new to the market, it hasn't earn user's trust while having too much system privilege. We'll see in a few years.
Does the UAC set up to the max prevent running obscured exe files pretending to be .docx or .pdf and similar? I.e. I download a text document but I don't intend to install anything right now. So denying the crap running.
Because it is not a good option in the real world. If you have to whitelist every little thing, it becomes so annoying that you just disable it again. Get a real antivirus
@@pootispiker2866its not a hassle to use. You get a notification that something has been blocked. If its a wanted change, click on the notification and allow it. This feature alone keeps all the folders protected that you want.
@@pootispiker2866 Being using it for years, both at work and at home (I use both computers constantly). Yes, I had to whitelist a couple things initially, but it's been smooth sailing for years now.
Honestly, one of the easiest methods is sending E-mails with malicious links or even documents with malicious scripts attached. You'd be surprised how effective that approach is for targeting businesses with a fair share of employees on a shared network. 🫣
Question: Do we yet have any idea how many ransomeware that windows defender or any other antiviirus actualy encounter on a minute to minute basis under normal conditions. one has to wonder if any antivirus regularly encounters 1500 ransomware in less than 1 second like happens in the video. Question 2: How should home users have their windows defender set up?
2: just go through all menus and enable max protection ) if some programs that you need won't work properly, disable some of this overprotection. Temporally )
You know how they test the safety systems in cars, using crash dummies and actually crashing them? You know that’s not what’s happening with cars under normal conditions on a minute to minute basis, right?
We're interested in efficacy under what would be considered typical usage scenario's. if you can use windows defender for 3 years an never have any issue but it fails a barrage of 1500 ransomeware in less than 1 second in a test how does that constitute an accurate appraisal of it's efficacy!! To say it's not good enough would be like saying because a UFC champion couldn't fend off 1500 thugs at once he's not a good fighter! @@stephenwakeman3074
@@stephenwakeman3074 Is this really the argument you're going to have? Cars and computers are not equal. Apples and Oranges... When a car crashes it's usually totaled. When a computer crashes just hit the "reset" button. Your normal, every day cars are put through that to save your life and test their safety systems. Your normal, every day computer is not, because when it crashes or some documents get encrypted you just restore a back up or hit the reset button. You can back up your documents, you can't back up time, car crashes and death.
Using a 3rd party NON opensource tool from a pretty sketchy website and using it... Personally I can't believe you would ' recomend' using this. This raises some serious red flags with me... Not sure about what defenderUI actually does or claims to do or actually does it since it isn't open source.
I just installed DefenderUI on windows 11 and I do not have all of those options tabs. Only a basic screen that looks like the Home tab in this video. Any idea why not?
@@kjisnot I had the same problem. I uninstalled it and reinstalled it by running as Admin, which worked. I didn't think of trying a reboot first. Thanks for that tip.
@@slapme3582 Why would it be impossible in production? What kind of environment are you thinking about? About the other part(lolbins), yeah AppLocker doesn't block it. There is a similar program on Linux called fapolicyd and its approach is to not let interpreters even read the file.
This DefenderUI is kinda cool. Maybe you should make a video talking about those different switches and what they do ?
Agreed! I've been trying it out, but a more knowledgeable source of info would be wonderful
You left a lot of us hanging. You really need to do a video that goes into more depth on determining the optimal settings of Defender UI for protection and performance, then do a comparison with what you consider are the top 2 other anti-virus software solutions.
He clearly does not recommend using windows defender as the only antivirus.
Get Kaspersky bitdefender etc which are actually good.
Plenty of well known players have free products as well.
Windows defender eats up your system resources too.
There is no meaningful justification to keep using it.
If you're concerned about cost, get Kaspersky free version or some other good product there are plenty
(enterprise user here) ASR is crucial, along with cloud sampling. In the MDE cloud portal, there are additional controls like "device discovery" as well, by default, it acts as a network device scanner to scan the device's subnet and try to grab information and share to MDE portal.
We've got almost all ASR rules set to block. There's new ones in PREVIEW as well.
a huge percentage of Ransomware is stopped by ad blockers.
ye adblockers dont just block ads they block trackers, malware etc too
@@5d4a5 run 3 add blockers. You would be shocked they never match numbers for blocked items on the same page.
Pi hole wins again
I have at least 3 of them.
Mullvad secure DNS with filters.
Portmaster firewall with filters.
And one more which is so popular that YT is ready to ban just for saying about it )
@@ТоварищКамрадовСоциалистКоммун can you encryp the name please
Woot you included DefenderUI!!! I’ve been waiting so long for you to make a video on this 🎉🎉🎉
ASR customization is DefenderUIs best feature, brings it closer to Defender for Endpoint. It just needs a self-defense mechanism.
Found implementing ASR in an Enterprise context that we had very little compatibility problems by doing so for the vast majority of rules. Honestly, some of those need to become Defender baseline.
As for your question around Cloud Protection Level, it mostly has to do with how long will Defender hold up the process if it can't talk or receive a response. The higher you set it, the more chance a machine can seem to freeze or slow down when executing something.
Should also be noted that Defender now also has a Application Whitelisting style solution called Smart App. Oddly, it can't be set to On if its ever been set to off (some sort of trusted verification chain), but on standard users, this is a really easy way to setup default deny.
The video really need two more parts: impact on app compatibility and relative system performance degradation benchmarking. You have sort of summed up the first. Thanks.
Man, if only DefenderUI was open source :(
Nice video btw, like always.
It is open source, wdym
"Open source is a killer of intellectual property and un-American." - Jim Allchin of Microsoft
@@vr0k3n There's literally zero mention of open source on their website, there's no access TO source code anywhere. Show me a path to the source code and i'll consider it open source after having examined the code. Not a second earlier.
I don't see the source either.
The developer is a great guy and active on his forums though.
I'd love to see you do a side-by-side test of WD, one VM with configure defender on the "max" template and the other VM with defender UI on the "aggressive" template
It is actually a big shame to in 2024 see this type of behavior from WD. If you need to install another app to improve the security of WD then you might as well instead go with a third-party-antivirus. I would never rely my security on an antivirus that in 2024 can't even detect a "well-known threat" and is mostly chanceless against the modern advanced form of threats.
However, good work on the review about this software, keep up the great informative work you provide us with!
I agree. This video is too shallow. The optimal setting combination needs to be explored and then a comparison with the top 2 alternatives made in both protection and effect on system performance.
@@jeffc6059 It's still trash how windows 11 limit the cpu gen and the ability to be upgraded and advertised as ExTrA sEcuRIty when it can't even blocked well known virsu from 3 fucking years ago
Huge 'Thank You' for posting this it was a real eye opener.
Great info. Let's see if when using the UI, Defender can now compete with other products, given it is free. Buying paid malware protection products can become expensive when one has to protect a number of virtual and non-virtual devices.
ASR works, but it does break a lot of things, depending on which you enable.
Would you recommend any as a baseline to not break anything but at least increase protection?
@@actuit depends heavily on the office suit, pdf software that you have installed. So the general guideline is to enable max protection by turning on or setting to "warn" in DefenderUI and set high security/privacy in your office/pdf suit as well, and disable those which break your routine work
@@ТоварищКамрадовСоциалистКоммун I don't work at all really, so it just depends.
Rather than use third-party tweaks for Windows Defender, I prefer to use ESET security suite, uBlockorigin adblocker, and Quad9 DNS, which blocks malware domains.
really appreciate you regularly doing windows defender test.
Good thing I use Bitdefender instead. I used Defender before, but I did not feel safe. Now I know why- Crappy default settings.
It's always a good day when you know that the pc security channel uploaded
Hi, love your video. Can you please test the enterprise Defender for endpoint aka ATP
It's almost the same, but the difference is to enabling the sense process for reporting data to the MS SecurityCenter, but in general the major functionality is exactly the same as for private users.
I only use WD and have work wonders, pretty cool to see I can make it better., thank you for the video.
I had to quit fullscreen because the "Ransomware found" alert kept freaking me out lol
Thanks for investigating and sharing!... I use a few utilities e.g. Winaero Tweaker but hadn't come across DefenderUI -- looks v. promising though, will be checking it out for sure! 👍🏼
Can you make a detailed video with DefenderUi with different settings and tests?
Without context, this test is not telling us much.
Yes, carefully tuned, Defender improves, but at the same time consumes more resources.
Without a comparison to other virusscanners, this does not tell us anything.
It consumes more resources cause it tries to make a careful analysis of every file. Don't you find this natural? Or you prefer that your AV just let some files go?
The reasonable conclusion is only one: don't start many applications in a short period of time, especially one suspicious file after another, to let your AV make a good analysis, and generally let your system to distribute the system resources. Just like we normally do, right?
The initial reaction after watching the video also.
would be nice to know exactly which settings were changed to make it block 100%
If the reason you suggested why it misses known samples is correct, then on another exactly the same clean run it should catch that.
It's so insane to me those options aren't enabled by default on Windows Defender O_O What's the point in using it, then? I'd never fall for ransomware but i still have Kaspersky just in case whatever happens.
He explained this in the video...
Basically, it eats more resources and may create more false-positives.
That was what i wanna see, the ins and outs of ui add on, that did better.
Nice vid
Questions I'd ask is
1. If you just run black claw would windows detect and stop
2. Were the files in one drive and vault effected
3. Is letting python run part of the problem , ( doesn't python nominally get detected by Windows especially when it's doing things like launching a 100 malware programs , and some encryption programs use python ?)
1: No, I just tested it and it missed it (the sample I had was 2 years old)
2: IDK I didn't have onedrive setup but I would not be surprised
3: No
@@sylussquared9724 cheers for reply
About cloud detection, i use eset and when i want to open suspicious app or file it will block it first then it will do cloud analysis. If the app or file is safe it will let you use otherwise it will remove it. Antivirus should not allow suspicious app to run before analyzing it.
Would love to see how Windows Defender react against your ransomware simulators >_
I'd be very interested in how you set up your VMs to be sure that your Hypervisor doesn't get infected. Aswell as where you're getting all those malware samples from.
Cheers!
Hi Leo, no you definitely have to tweak Windows defender the best way of doing it is going through the edit local group policy if you can do that and tweak the heuristics and tweak the cloud level thisy ites it a little bit more difficult or more stringent more difficult to get t nohrough to the operating system. With that defender tool I'm assuming that you can tweak the settings even if you don't have the pro edition so that makes it even more effective tool to use.
*@The PC Security Channel*
2:19 Could you run this test again, but slower, give Windows PLENTY of time (several seconds?) to do the network checks & whatnot, and see if the detection ratio improves?
Keep your stuff on an external HDD which is backed up on another external HDD. I started doing this about 14 years ago when my PC got infected by a ransomware. I learnt more about PC security and never had the same problem.
Is VBS aka Memory Integrity on? That would be a more fair approach to this
thank you! Ransomware was a headache to me with windows defender. Atleast with this defender ui, there will be higher degree of protection...
Why is there no safe link to Defender UI by the channel in the notes?
If you look the last entry before the first test concludes it has processed 63 files an has a detection ratio 98.41%. I'm sure the final result was just a tad higher which means it basically tested to be just as effective as bitdefender and Kaspersky. How come that wasn't mentioned in the video. How come when bitdefender and Kaspersky tests to have the same 98% detection ratio we say oh that's great an then recomend them but when windows defender does it we say see told you defender was a piece of crap. The result shows that windows defender is clearly not crap.
The bitdefender and kaspersky test was on many more files.
@@JohnDoe-uw9nq How does that affect a percentage.
Pretty sure he's sponsored by Kaspersky. There's literally no other way this makes sense, even US CISA recommends against using Kaspersky in enterprise.
@@IPendragonI please don't fool around in those test unknown files were used and here known ransomware from past decade was used where anything less than 100% is bad. and moreover the end result matters the defender could not save the files whereas others (kaspersky , bitdefender) blocked it somehow or the other using other protection mechanisms .... And moreover the US apps also collect data and if we the outer nation peoples are not worried why US hiccups when apps from other nation collects there data..Hypocritical Bs of a nation...Also he never mentioned name of kaspersky like that in this video so clear of your eye lenses and check your ears....
any free antivirus is no better than WD. Testing antiviruses by running a script which runs one after another viruses undermines the idea of cloud based analysis. No normal user will run many suspicious program at once, so your pc/internet bandwidth will be enough to research one file and get a good answer is it safe for it to run. Just like expected, in second scenario with 100% result it took much more time to run all the viruses. Which means that in reality your WD will also have close to 100% detection rate
You should turn on control folder access and network protection
Transformative content, I like that the malware sandbox domain allows you run a virtual machine all the way to Windows 7 32-Bit
The one back at my house is 64 bit though
Last time I checked, the free tier allows ONLY Win7 32bit. And the cheapset paid tier costs hundreds.
My PC is so slow that Defender will have enough time to Get all the info it needs from the cloud before Ransomware can do anything:)
nice joke ) I'm sure that any normal use of PC will give enough time for WD/cloud to check if the file is safe or not.
So running script that executes one file after another is no way a good estimation of AV capabilities. It's an extreme sport
And when WD was a bit tweaked, it had all the time to check carefully every file executed, and was able to block all of them
I would definitely want to see a video testing Windows Defender with all Defender UI settings on aggressive
I do think there are differences now with the Windows Security (now the basic protection with windows OS) and the MS Defender AV from Microsoft with the Office, it would be nice to test this one to see what it is the differences.
i only just found ur channel. rly like these videos dont change 👍👍👍👍
Only people who watched this video or already know about ASR rules will be able to follow it. I don't think it's enough for most computer users, since using Defender UI is already complicated for normal users, NOT US.
But it's always good to know that at least we can reduce some cost for AV solutions for some computers that we don't poke random Internet websites. ;p
So is 98% considered good compared to other protection software? Is it enough to just have defender on my system? There was no comment about the overall performance of defender, would appreciate your input (or anyone else in the comments). Thank you!
yes, it's good. But if you plan to use it without tweaking its optional protection, you better go through ALL security/privacy settings in all your pdf/office/mail software and enhance them by: disabling scripts and macros by default, and enhancing other security settings, like disabling access to internet for pdf/office
In fact, it's better to do it anyway, cause it's another layer of protection
Bear in mind this was a TINY test against just ransomware samples and has nothing to do with defenders overall protection
As well as that, the world of ransomware even one sample being missed is game over
you need also bear in mind that it's not normal to run a script executing one malware after another. It's much more reallstic to EXTRACT a big pile of (possibly) malware files, which simulates a more likely situation. That's why many AV testers do exactly such kind of test instead of running a script. Though it does not deny that a method used in this channel is not relevant. It is relevant in some situations. And the result of 98% simply stands for a fact that windows defender under heavy load is much more capable when you give it a lot of time and/or system resources and a good internet access to online cloud test
you need also bear in mind that for a purpose of simplification of his test the owner of this channel runs his script under admin account, and possibly with minimal UAC security settings. Which no normal user should do )
Great video 👍.... Astonishing 😮
Make a video on Ubuntu system 🙂
Could you test the detection ratios of the open source antivirus ClamAV on Windows? Or Linux even. I've never seen a video like this and I have been curious about the detection ratios of this (only?) open source AV.
Clam av is not an antivirus, nor is it designed to be useful as one
Its designed to be a malware scanner for mailboxes
That means you set it up to scan every so often to remove malware people might send
It has terrible detection rates when compared to any reasonable av (because its not an av) and is not something I would ever recommend using outside its intended purpose
(this is the simple version)
@@sylussquared9724 Thanks for the clarification. You're probably right that it is not a realtime antivirus, even tho you could theoretically use it as one. Regardless, I would be interested to see detection results of a folder scan for example in comparison to second opinion scanners such as HitmanPro or Malwarebytes.
Was mich jetzt nur intressieren würde ist ob auch die Firewall stärker oder genauso mies ist wie vorher? Wäre es möglich das mit einem Test herauszufinden?
Thanks for testing Defender. While I prefer to use paid resources it is still interesting to see Defender's capabilities.
Hi, I gratefully follow you about cyber security. I have a very basic/newbie doubt about PIN vs Password, and I'd like to have your opinion. Recently I switched my Windows account to a local one (for security reason), so now I can access on my Windows system by both my local password OR my old Windows PIN, that's redundant IMO. Q: From a security point of view, is it good keeping only the local password, or is it better maintaining both methods?
Now that Defender UI has a pro version, I'd like to see a video comparing Defender UI Pro's performance against viruses.
I don't understand why you disable the ransomware protection feature (Controlled folder access)? The whole idea of that to protect against you know Ransomware?
I think it's because controlled folder access is disabled by default, and he wanted to run a test specifically with the default settings, assuming a user has never changed any of them. But you are correct, if you want to protect against ransomware, its advised to turn this feature on even if you don't do anything else.
Controlled folder access stops ALL programs accessing the files
A: See the above comment ^
B: That would make the test unfair and completely pointless as it would not block the ransomware but stop it from encrypting the files
Recently purchased a new laptop this week. It came with McAfee pre-installed, and initially, I was pleased to receive a free 1-year subscription. However, after conducting some research, I decided to fully delete it and am now using Defender to protect it from internal threats like McAfee.
Oh no -should not have watched this video - I am trusting Defender everyday !!! Great video - thanks
Can you do it with Elastic agent as well?
can you please make a video between malwarebytes and norton?
Have you heard a malware type where its main file is somehow immune to a simple delete command if found?
Yep, those are called polymorphic malware and certain fileless malware also could be considered immune to that
excellent video!
Can you test MS Defender for Endpoint? would love to see how that holds up
Try turning on ransomware protection inside windows defender
That is controlled folder access. I remember it breaking things.
@@valkaielod No, you don't.
@@davidhoward4715 Actually, depending on the way you look at the feature, it is a trouble maker. Controlled Access Folder doesn't work like regular folder protection modules in market antiviruses, it's far more agressive and thefore less usable in the real world. Last time I checked, if you protected a folder, you couldn't even make yourself a modification in a document or use the space as an administrator, say decompress a zip file in the protected folder. User interaction with the mentioned folders was painful, resulting in a huge percent of the users disabling the feature.
@@gonzaloxm I just checked that it is off by default.
@@gonzaloxmYeah, I would like to have it turned on but if I do I can't even play games because it doesn't let them save savefiles on the Documents folder
Hello, in your video in the progress of testing windows defender, cpu loaded on 100%
May be Low performance cpu doesn't allow defender delete all Ransom in during
4:01 Gibberish is poetic, not my school essay topic!
Thank you. Very good video.
I have customized ASR rules such as show allow from USB, block cred stealing from Lsass in Pro or enterprise windows editions(benchmate or any app that stores creds in plaintext excluding will fail post http method) and warning for psexec wmi and process creation.
Please do another free AV matchup :)
You are the go-to computer security channel man keep it up
Is the DefenderUI safe and legit to optimise Windows / Microsoft Defender?
Yes and its free
yes, in case if you are the owner of the computer and OS Windows )
Can you try Microsoft Defender for Endpoint?
Hi. Could you investigate the issue regarding unsubscribing from various anti-virus software packages. I recently wanted to cancel my own very well known product but the option to cancel renewal wasn't even available.
that's a standard practice for many online services. You give your credits once - and it never ends. ALWAYS check if the company has a physical address where you can send a letter which obliges the company to close the contract
Pretty cool but I'm going to stick with Bitdefender
Automating the execution really defeats the purpose though doesn't it ?
Ransomeare is a user issue, as are a good percentage of incidents.
Its the low hanging fruit.
The purpose here is to check detection rate.
Do a deeper dive on the defenderui to see what exactly gave ya that 100%. Or ill have to set up a vm to try your script on, if its downloadable.
u forget Sandboxie?
1:24 I knew "Windows Defender is all you need" is a joke, it didn't resist even for 1 minute.
the problem with being default is that malware also knows what to expect, but defender ui can enable more protections for windows defender
@jmtradbr if I have to install a defender mod to make it fully functional, why don't I just get a good 3rd party antivirus in the first place
@@DomZeal if you want you can download a 3rd party. or if you don't want another thing installed on your pc you can hardener windows defender. everything you do on defender ui you can do in other ways like powershell and scripts. is just a easier way to manage it.
@@jmtradbr Fair enough. Although, Defender UI seems new to the market, it hasn't earn user's trust while having too much system privilege. We'll see in a few years.
Does the UAC set up to the max prevent running obscured exe files pretending to be .docx or .pdf and similar? I.e. I download a text document but I don't intend to install anything right now. So denying the crap running.
is it safe to use defenderUI showed in the video?
seems like so (take into account what is said at 4:11)
That's good enough! Random bloke says install this angelic software and someone else we don't know says also.
@@stupossibleifygo check yourself if you think its the opposite
im pretty sure yeah but cranking up the settings can create more false positives and eat more of your resources
@@5d4a5 i know, but i prefer to deal with false positives than with a miss, also i dont mind if uses more resources if keeps the computer more secure
Can u review Ikarus Security ?
Controlled folder access being turned on should stop this correct ?
Yes, but it will also stop all other programs from accessing said folders
Only use it on files you really cannot risk loosing
@@sylussquared9724 I always have it on, will pop up if blocked and u just turn it off for that moment. Really isn't that bad IMO
@@ZachsnotboardIts a constant frustration though, with continued "allow deny" options popping up all the damn time (kinda like how macs ship).
@@zybch that actually seems like a nice feature to ship defult
@@Zachsnotboard Showing file extensions in explorer would also be nice feature to ship default
Leo make a review of the free public DNS services that block malware domains
Antiviruses generally have no change aganist good zero day malwares even if they are best but after few days later they got detected generally.
Also you testing aganist known samples.
just don't use those security/antivirus packages which come without zero trust. It's that plain simple
Well, yes and no - behavior analysis usually stops alot of risky sh*t.
Depends on which. The ones with good behavior protection can beat almost any form of malware. Windows Defender however, is a big exception.
Why would you ignore Controlled Folder Access, which is literally labelled as "ramsonware protection"?
Because it is not a good option in the real world. If you have to whitelist every little thing, it becomes so annoying that you just disable it again. Get a real antivirus
@@pootispiker2866its not a hassle to use. You get a notification that something has been blocked. If its a wanted change, click on the notification and allow it.
This feature alone keeps all the folders protected that you want.
@@pootispiker2866 Being using it for years, both at work and at home (I use both computers constantly). Yes, I had to whitelist a couple things initially, but it's been smooth sailing for years now.
Is it possible to test Morphisec?
How are the "black hatters" typically getting their ransomware payloads on targeted computers?
Honestly, one of the easiest methods is sending E-mails with malicious links or even documents with malicious scripts attached. You'd be surprised how effective that approach is for targeting businesses with a fair share of employees on a shared network. 🫣
Cool thank you 😊
System idle process takes all cpu when iam idle on my PC. Is that alright? Some people told me.its fine. But i see yours is less than 0.01
Is DefenderUI trust worthy?
Does anyone know how to uninstall that 'copilot' thing? Please.
please do more videos about this
Where can i download Defender UI?
Question: Do we yet have any idea how many ransomeware that windows defender or any other antiviirus actualy encounter on a minute to minute basis under normal conditions. one has to wonder if any antivirus regularly encounters 1500 ransomware in less than 1 second like happens in the video. Question 2: How should home users have their windows defender set up?
2: just go through all menus and enable max protection )
if some programs that you need won't work properly, disable some of this overprotection. Temporally )
You know how they test the safety systems in cars, using crash dummies and actually crashing them? You know that’s not what’s happening with cars under normal conditions on a minute to minute basis, right?
We're interested in efficacy under what would be considered typical usage scenario's. if you can use windows defender for 3 years an never have any issue but it fails a barrage of 1500 ransomeware in less than 1 second in a test how does that constitute an accurate appraisal of it's efficacy!! To say it's not good enough would be like saying because a UFC champion couldn't fend off 1500 thugs at once he's not a good fighter! @@stephenwakeman3074
@@stephenwakeman3074 Is this really the argument you're going to have? Cars and computers are not equal. Apples and Oranges...
When a car crashes it's usually totaled. When a computer crashes just hit the "reset" button.
Your normal, every day cars are put through that to save your life and test their safety systems.
Your normal, every day computer is not, because when it crashes or some documents get encrypted you just restore a back up or hit the reset button. You can back up your documents, you can't back up time, car crashes and death.
I don't get why you use defenderui that's the same as download any other security software.
There is also configure defender, does exactly the same but its portable.
Using a 3rd party NON opensource tool from a pretty sketchy website and using it... Personally I can't believe you would ' recomend' using this. This raises some serious red flags with me... Not sure about what defenderUI actually does or claims to do or actually does it since it isn't open source.
you talk about M$, right?
@@ТоварищКамрадовСоциалистКоммун talking about the 3rd party defende GUI app
@@JPEaglesandKatz sorry thought you talk about M$. It fits the description. Wouldn't call it a tool, but it might not deserve a better name
It said "Ransomware Found"
even after Knowing about ransomware ,defender didn't block the ransomware which is 3 year old , we cant ,and it should not be trusted
So if Windows Defender wont protect, then should we use Malwarebytes?
Kaspersky Free
@@realVampyToast
That's a good choice, BitDefender free is pretty decent too.
Eset and Kaspersky Are the goats dont use other AV's
ITS ONLY 30 DAYS@@realVampyToast
Malwarebytes is not ready for prime time. It slows down systems big time
I just installed DefenderUI on windows 11 and I do not have all of those options tabs. Only a basic screen that looks like the Home tab in this video. Any idea why not?
A reboot took care of it. I have all of the same options now.
@@kjisnot I had the same problem. I uninstalled it and reinstalled it by running as Admin, which worked. I didn't think of trying a reboot first. Thanks for that tip.
I tried to put Windows Defender on my Linux Mint desktop and laptop, but couldn't make it work - so I just said to hell with it ;-)
Bitdefender FTW
microsoft actually improving something thats not normal
AppLocker would have defeated most of it with a simple rule 😂
Only MS signed executables
Impossible in production, Still vulnerable to lolbins exploitations. No simple answer here.
@@slapme3582 Why would it be impossible in production? What kind of environment are you thinking about?
About the other part(lolbins), yeah AppLocker doesn't block it. There is a similar program on Linux called fapolicyd and its approach is to not let interpreters even read the file.