Do not trust Windows Defender...

Hi all,
I performed the Windows Defender Block at First Sight feature and I have the Windows Defender default settings as shown under my image as Cloud Protection being Enabled.

However, there is this test file and seems that Defender did not block this type of test. Please see print screens.
I even validated my connection to the cloud service using the command MpCmdRun -ValidateMapsConnection and came up Connection Validated.

ValidateMapsConnection successfully established a connection to MAPS

Even though, the test file failed and Defender let it through, I went to the Defender Security app and it said Threats Found and I had to choose the selected remediation choices.

https://docs.microsoft.com/en-us/win...virus#validate

Test file link is there within this documentation: [removed by admin]



This is really bad. I don't trust Defender now.

In order to understand this correctly, let me summarize what I see here.

1. you were testing Windows Defender settings

2. you downloaded a test file from a site seemingly designed to test these settings

3. the file was not stopped as you expected but was allowed to enter the system

4. Windows Defender required your input to decide what to do with the file

5. at what point did the ransomware get in?

Have you run scans also with other AV software?

The point where the malware popped up, is when I hit the Run button from the notification bar. See my image here.
Now, of course, if it were to be a "Real World" scenario, I would NOT even click on anything like this.

I was just testing Defender.

But as you can see, It still failed the test.

Update >>> Well, I made a change in Group Policy and tested again, and this time it just blocked the test file/malware that I had last time. So I guess Defender needs some fine tuning in order to be a better AV.

See my images here on my findings.

f14tomcat said:

If you chose, consciously, to run it, even though Defender stopped it cold from going any further, how does this interpret as Defender failed?

I think the point win10freak was making is that according to Microsoft's own documentation the file should not even make it on to the computer: https://prnt.sc/m2obu2

I am using version 1803 so cannot comment on whether this is a change in behavior or a bug of some kind.

Try running the file from the notification bar in IE browser, don’t download it, but run it from that notification bar.

After hitting Run then it should pop up the test malware program.