New
#21
Many years ago there were false positives for Windows Defender.
Malwrebytes, and many portable AV software were used for comparison.
Microsoft feedback was used as well as telephone and chat.
It took a very long time for Microsoft to modify the Windows defender database.
There was a Microsoft affiliated person on Technet that was able to get a quick fix.
So for the long term it may be an option.
Ok, now I see why you say Win Defender is good, because it gets a 666:
The best Windows antivirus software for home users . . . Test antivirus software for Windows 10 - June 2019 | AV-TEST
I think I'll start using it now, over Avast, because that Fuery.C!cl looks like a legitimate catch, and nothing I've been running caught it.
But, how do I tell if I have Win Defender "Version" 4.18? I don't see that anywhere . . . I see how - here are my notes (below)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I should probably check how the AV program I'm using rates, once per year . . . and, reset my Win Firewall to Default settings
Weekly, run: Win Defender, Malwarebytes, ADWCleaner
Do I need to manually update Win Defender before a scan, or does it automatically do that? No way to tell.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
When I install a program, I usually disable all Startups through CCleaner, and non-MS Programs through msconfig
I went to try disabling these in msconfig for Win Defender, but it re-checks them:
Windows Defender Advanced Threat Protection Service
Windows Defender Antivirus Network Inspection Service
Windows Defender Antivirus Service
Any idea how to Disable Win Defender, or should I just not worry about this with Win Defender?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Where are windows 10 defender offline scan logs/results? . . . log files - Where are windows 10 defender offline scan logs/results? - Server Fault
Right-click on the Start button / Event Viewer
Applications and Services Logs / Microsoft / Windows / Windows Defender / Operational
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What virus did it catch?
See . . . Level / "Warning" . . . most are "Information"
It is Detected, and then Removed
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What Version is it? . . . Click into the most recent "Information" Event to see:
09/12/19
Platform version: 4.18.1907.4
Engine version: 1.1.16300.1
Network Realtime Inspection engine version: 1.1.16300.1
Antivirus security intelligence version: 1.301.1099.0
Antispyware security intelligence version: 1.301.1099.0
Network Realtime Inspection security intelligence version: 1.301.1099.0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Commands to Restore - Copy and paste into an Admin Command prompt
cd "%ProgramFiles%\Windows Defender"
cls
mpcmdrun.exe /?
C:\Program Files\Windows Defender>
MpCmdRun.exe -RemoveDefinitions -All
MpCmdRun.exe -RemoveDefinitions -Engine
MpCmdRun.exe -SignatureUpdate -MMPC
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
WD is updated by WU. You do not have to take any action yourself.
You can get the WD version through the UI but do not need to normally.
WD, Settings [in the UI's bottom-left corner], About
Antimalware Client Version - WD version
Antivirus Version - WD definitions version
I have no idea why you are talking about disabling things.
There is also a log in %UserProfile%\AppData\Local\Temp\MpCmdRun.log
Denis
. . . no idea why you are talking about disabling things
When I install a new program, it's a good idea to disable your AV, so that there's no conflict.
Maybe I have to go into services.msc . . . Stop the three of them there, first . . . Then do a Restart
Apparently, they don't think it's a good idea that you should be able to do this through msconfig / Services
- - - Updated - - -
THIS LOOKS GOOD
Microsoft Windows Defender 4.18 for Windows 10 (192315) | AV-TEST . . . 06/19 . . . Protection, Performance, Usability . . . WD scores the highest score in all three categories . . . https://www.av-test.org/en/antivirus/home-windows/windows-10/june-2019/microsoft-windows-defender-4.18-192315/
PHISHING? SMART SCREEN? I CAN HANDLE THE TASK SCHEDULER
Microsoft Windows Defender Security Center Review & Rating | PCMag.com . . . 08/20/19 . . . Poor results in phishing protection test. Awkward scan scheduling. SmartScreen Filter works only in Microsoft browsers . . . https://www.pcmag.com/review/171496/microsoft-windows-defender-security-center
THE SMART SCREEN DOESN'T LOOK LIKE AN ISSUE
How the SmartScreen Filter Works in Windows 8 and 10 . . . 05/10/17 . . . This operating system level protection works no matter where the application or file comes from. So, if you download an application in Google Chrome, Google’s Safe Browsing service will check if the application is safe. Then, when you try to run it, Windows SmartScreen will check if the application is safe. If that’s all good, Windows Defender or whatever other antivirus you have installed will check whether the application is dangerous. SmartScreen is just another layer of protection . . . On Windows 10, SmartScreen also blocks malicious websites and downloads in Microsoft Edge and Windows Store apps, just as the Google Safe Browsing service blocks access to dangerous websites in Chrome and Firefox . . . Settings / Update & Security / Windows Security / App & browser control . . . [Warn] Check apps and files . . . [Warn] SmartScreen for Microsoft Edge . . . [Warn] SmartScreen for Microsoft Store apps . . . {SmartScreen Filter works only in Microsoft browsers? According to this article, no, it provides OS level protection . . . So what about Poor results in phishing protection test?} . . . https://www.howtogeek.com/123938/htg-explains-how-the-smartscreen-filter-works-in-windows-8/
BUT, WD DOES NOT DO WELL HERE, AND ISN'T EVEN LISTED AS A CONTENDER
AMTSO org - Security Features Check . . . 06/14/14 On one of these tests, it has you test a file download. After you see that your AV program rejects it, in Firefox at least, go to where it shows you your downloads, and click to cancel that download, otherwise, it keeps trying to download it . . . https://www.amtso.org/security-features-check/
- - - - - - - - - - - - - - - - - - - - - -
09/13/19 WD was Slow or Failed some of these AMTSO tests . . . I currently think that WD might be just good for a second opinion, once per year . . . Go back to Avast - (from memory) Avast aborts the download of malware, before it happens - it never even reaches your SSD
- - - - - - - - - - - - - - - - - - - - - -
I run a WD Full Scan - and it can't remove the AMTSO fake EICAR?
- - - - - - - - - - - - - - - - - - - - - -
What if I do a WD offline scan?
Right-click on the Start button / Event Viewer
Applications and Services Logs / Microsoft / Windows / Windows Defender / Operational
right-click on Operational / Filter Current Log /
. . . check: Critical and Warning (to see what it caught)
. . . do not check Critical and Warning, if you want to see where it shows "Removed"
WD indicates that it removed them
- - - - - - - - - - - - - - - - - - - - - -
I run another WD Full Scan . . . and no threats are found.
- - - - - - - - - - - - - - - - - - - - - -
09/13/19 I re-install Avast Free, and run a Full Scan
It found the AMTSO fake EICAR . . . please see attached screenshots
Threat: EICAR Test-NOT virus!!!
Move to Virus Chest
Action successful
- - - - - - - - - - - - - - - - - - - - - -
I'll give the Win Defender submission page the AMTSO link. Maybe they can improve.
- - - - - - - - - - - - - - - - - - - - - -