Would Windows Defender detect the installation of a keylogger?

The installation would be installed remotely. Would Windows Defender block or at least notify of the installation?

Try3 said:

You seem to be asking for assistance in installing malware.

If not then Windows defender is capable of detecting & preventing keyloggers.

Don't know why you would assume that. No, I was a victim of a keylogger back on my Windows 7 computer. The person who installed that k/l appears poised to do it again. At the time, I did not have AV software so she was able to install the k/l with no problem. I finally got it off my machine but not before some damage had been done.

Joad said:

The installation would be installed remotely. Would Windows Defender block or at least notify of the installation?

It depends entirely on the keylogger. From a beginner perspective, or simply someone who has no idea what he/she is doing most keyloggers have to be manually installed these days in order to bypass Windows Defender and other AV. This is because when they are installed remotely they are considered malicious and therefore blocked. Can you imagine antivirus letting a keylogger be installed remotely without intervening? And so they will be known to AV and stopped straight away, most will anyway. The exception here will be when the keylogger being installed is not known to antivirus and is undetectable. This will include new variants of keyloggers which have no current signature. And you can see this is an unlikely occurence because most people wanting to keylog someone else don't know where to start when it comes to obtaining keyloggers which do not have 'CATCH ME! IM OVER HERE!' written all over them. They usually get them off a website, no doubt unverified and no doubt used so much antivirus barely have to work in order to detect them.

It is obviously possible to install a keylogger remotely but it requires much greater knowledge and awareness of security than simply installing it and overriding any detections manually. And it often requires compromising the system beforehand in order to get the keylogger on the system as good 'ole fashioned downloading malware (which would contain the keylogger) is now much harder to pull off when antivirus detection has known this trick since the very beginning of computing. Infecting a computer via a download is the oldest trick in the book and it takes a lot of knowledge and/or a very clean piece of malware to do it effectively this way. The alternative would be to compromise the system another way remotely before then installing the keylogger in order to evade the inevitable detection. And like I said, this is now in the realms of hacking and a comprehensive topic compared to the seemingly trivial task of installing a keylogger, which often when compromised requires a simple command and consequently the transfer of a DLL.

I say all this I actually have very little knowledge other than the basic training I completed in computer security. I can say for certain that anybody trying to install a keylogger remotely will have difficulty if they are not aware of what they are doing. It's not as simple as simply obtaining a keylogger and then giving to someone and hoping they run it. Because this method is now largely obsolete due to high rates of detection it requires a little more finesse. And this is something many people do not have or do not have time acquiring because they think their name is James Bond from the get-go and all they need is this mysterious super hacker 2000 software and the rest is history.

Also, if you're doing this yourself I would be careful. Unauthorised access of another persons computer is illegal regardless of the severity of the access and/or damaged caused. If you want to learn how to hack by all means get yourself enrolled onto a computer security/hacking course and then test your skills in a VIRTUAL LAB environment. As soon as you start accessing other peoples information and/or computers without permission you're looking at criminal charges straight off the bat. And if you don't know what you're doing you really don't know how easy it is for law enforcement to attribute the attack to you. They have professionals that can track highly skilled hackers half way across the globe to secretive government units that are not even publicly known or acknowledged. These guys (usually on both ends) are on $100,000+ a year to hack and defend. They are among the highest qualified IT professionals on the planet. And you're there installing a keylogger on someone's system and may not even understand what your IP address is let alone how the keylogger works. Governments like to set an example of those who think they are clever doing this stuff when really when it comes to computers they cannot even tie their own shoelaces. Because it gives off a clear message to others, including those that do, what they are facing.

Just an FYI there. But in any case, if this is a potential threat to you or a friend, family member etc it's entirely dependent on the situation and whether you're facing an attacker with some level of skill at the minimum, or none at all. The former will be a threat to anybody including the most experienced at defending these types of attacks. The latter poses neglible threat because they likely think the internet is a magical place that was spawned by the Matrix movie and they think turning off their computer and letting it 'cool down' will fix errors on a hard drive.

You'll have difficulty preventing a new malware variant that contains a keylogger. Software won't help much in detection either because it has to detect DLLs in memory if I'm not mistaken. This means it has to know what it's looking for. It also has to be able to detect the behaviour and there are many processes which interact with the system that could be similar to the way malware acts. Hackers often use this to their advantage by using legit actions to cover the tracks for their bad actions.
A good example is HID device imitation. Plug in a HID device, it connects, it sends commands to the computer. Oops. That was actually malware but your computer trusted the HID device.

There is no silver bullet when it comes to malware. If we could detect the undetectable there would be no such thing as malware and we wouldn't need antivirus/antimalware. And much of the stuff you have to worry about can get by in plain sight.

That being said, most people do not know that much. They got told by their friends about a website to download a keylogger, they get it and they try and get their friend to install it, or maybe an enemy or whatever. Straight out of the box it's hot because it's likely going to be the same keylogger thousands and thousands of other people have used. So no matter how innocent looking the keylogger appears on the system, it's entire behaviour and signature can be modelled and attributed to that keylogger.

For everything else, no software is going to help. That's just the truth. Not just keyloggers but any other type of malware also.