A false detection of Windows 10 Defender for my exe file suddenly occurred again
I have an .exe file that I created myself. I submitted it to Microsoft Security Intelligence webpage and it was approved as a false detection a few months ago. Today, That false detection suddenly happened and caused a lot of inconveniences to my users who using this file. So, what's the reason? Why did this detection happened again? And how can I report it and get it done forever?
Windows Defender copy protection interferes with our product
Hello, I'm Maarten Tops from Utomik. Utomik is a gaming platform that downloads small parts of a game and runs out while downloading the rest of the game in the background. This is achieved through hooking the Windows API file system functions to create a virtual file system. The context for this question is the [CopyFile][1] function. Normally when a game calls this function our hook simply translates the paths provided and calls the actual Windows API with those. Lately a particular Windows Defender behavior is breaking this. When CopyFile is called multiple times by a game (between 5-7 times in our experience) the game suddenly loads MpDetoursCopyAccelerator.dll and another process (I'm guessing the Defender process) takes care of the actual copy. Because this other process is not operating in our virtual file system context the copy operation fails. This in turn can cause the game to produce an error message. After investigating this issue we found we could prevent this behavior by blocking the loading of the MpDetoursCopyAccelerator.dll file. The game will in that case simply use CopyFile again and everything works as intended. However we feel that working against specific security software in this way is not our preferred solution. Is there another way we can approach this issue? Thanks for your time, Maarten Tops Senior Software Developer Utomik [1]: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-copyfile
Run a windows defender scan in windows 10 using POWERSHELL
Folks, Windows 10 by default doesnt have periodic scanning enabled, to enable that i have to toggle the switch then i am able to scan. I am looking for a powershell command that can flip this on and another command to get scan results once the scan is finished.Turn on Mandatory ASLR in Windows Security
I've been using it for quite a while now, it caused no problems or errors with any legitimate programs, games, anti cheat systems etc other than with some "custom" made portable programs. it's Off by default, when you turn it on, you will have to restart your device. Address space layout randomization Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries. The Linux PaX project first coined the term "ASLR", and published the first design and implementation of ASLR in July 2001 as a patch for the Linux kernel. It is seen as a complete implementation, providing also a patch for kernel stack randomization since October 2002.[1] The first mainstream operating system to support ASLR by default was the OpenBSD version 3.4 in 2003,[2][3] followed by Linux in 2005. https://en.wikipedia.org/wiki/Address_space_layout_randomization https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ Other options that are tuned off by default and you should enable to make your Windows device more secure With the increasing number of threats in cyber security and new ransomwares, If you are only relying on Windows 10's built in security and not using any 3rd party AV such as Kaspersky, you must enable these features to keep yourself secure. Hope everyone stay safe!Windows Defender and how it performs against malware
I recently watched this video https://www.youtube.com/watch?v=sE-xdb9hTqY testing how Windows Defender (+ Sandbox mode ) performs against real malware. it made me kind of worried. I really hope Microsoft improves it so that installing 3rd party AV software won't be the first thing a user should do after Windows installation. obviously I still and will keep using Windows Defender because I'm aware of the files I download but for the majority of people, that's not unfortunately the case. I think Microsoft should put Windows Defender ATP inside the normal Windows 10 pro editions by default for everyone. it's not a bad thing to make your OS a safe environment for your users. https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp?ocid=cx-blog-mmpcWindows 10 1709 - Defender detects Forticlient 5.6 and refuses to have defender be primary real time
Problem: If Forticlient 5.6 is installed and configured to have real time scanning disabled, in Windows 1709 defender forces its own real time scan to be disabled. The problem is the Forticlient is used for firewall policy enforcement so we really want to use it. Is there a way, through either Windows Intune or Defender ATP to configure that defender is primary threat protection? Thanks! -Neil
