[SOLVED] Memory Integrity bounces back to "turned off" state after Windows restart - fast ring 19536
This is an old post and the issue is no longer relevant. This has been happening since a couple of builds ago as well. I turn on the Memory Integrity in Core isolation section of Windows Defender, then after a restart or two, I go check again and see it's turned off. it usually happens when I uninstall a program that needs to be restarted. but it also happens when I uninstall a software that does Not need Windows restart to finish uninstall process. https://aka.ms/AA6xajf
A false detection of Windows 10 Defender for my exe file suddenly occurred again
I have an .exe file that I created myself. I submitted it to Microsoft Security Intelligence webpage and it was approved as a false detection a few months ago. Today, That false detection suddenly happened and caused a lot of inconveniences to my users who using this file. So, what's the reason? Why did this detection happened again? And how can I report it and get it done forever?
Windows Defender copy protection interferes with our product
Hello, I'm Maarten Tops from Utomik. Utomik is a gaming platform that downloads small parts of a game and runs out while downloading the rest of the game in the background. This is achieved through hooking the Windows API file system functions to create a virtual file system. The context for this question is the [CopyFile][1] function. Normally when a game calls this function our hook simply translates the paths provided and calls the actual Windows API with those. Lately a particular Windows Defender behavior is breaking this. When CopyFile is called multiple times by a game (between 5-7 times in our experience) the game suddenly loads MpDetoursCopyAccelerator.dll and another process (I'm guessing the Defender process) takes care of the actual copy. Because this other process is not operating in our virtual file system context the copy operation fails. This in turn can cause the game to produce an error message. After investigating this issue we found we could prevent this behavior by blocking the loading of the MpDetoursCopyAccelerator.dll file. The game will in that case simply use CopyFile again and everything works as intended. However we feel that working against specific security software in this way is not our preferred solution. Is there another way we can approach this issue? Thanks for your time, Maarten Tops Senior Software Developer Utomik [1]: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-copyfile
Run a windows defender scan in windows 10 using POWERSHELL
Folks, Windows 10 by default doesnt have periodic scanning enabled, to enable that i have to toggle the switch then i am able to scan. I am looking for a powershell command that can flip this on and another command to get scan results once the scan is finished.Turn on Mandatory ASLR in Windows Security
I've been using it for quite a while now, it caused no problems or errors with any legitimate programs, games, anti cheat systems etc other than with some "custom" made portable programs. it's Off by default, when you turn it on, you will have to restart your device. Address space layout randomization Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries. The Linux PaX project first coined the term "ASLR", and published the first design and implementation of ASLR in July 2001 as a patch for the Linux kernel. It is seen as a complete implementation, providing also a patch for kernel stack randomization since October 2002.[1] The first mainstream operating system to support ASLR by default was the OpenBSD version 3.4 in 2003,[2][3] followed by Linux in 2005. https://en.wikipedia.org/wiki/Address_space_layout_randomization https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ Other options that are tuned off by default and you should enable to make your Windows device more secure With the increasing number of threats in cyber security and new ransomwares, If you are only relying on Windows 10's built in security and not using any 3rd party AV such as Kaspersky, you must enable these features to keep yourself secure. Hope everyone stay safe!Windows Defender and how it performs against malware
I recently watched this video https://www.youtube.com/watch?v=sE-xdb9hTqY testing how Windows Defender (+ Sandbox mode ) performs against real malware. it made me kind of worried. I really hope Microsoft improves it so that installing 3rd party AV software won't be the first thing a user should do after Windows installation. obviously I still and will keep using Windows Defender because I'm aware of the files I download but for the majority of people, that's not unfortunately the case. I think Microsoft should put Windows Defender ATP inside the normal Windows 10 pro editions by default for everyone. it's not a bad thing to make your OS a safe environment for your users. https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp?ocid=cx-blog-mmpcWindows Defender Application Guard inside Windows Security App
Windows Defender Application Guard is designed to prevent attacks on local machines and from expanding malicious activity throughout a corporate network. If you are interested in learning more about Application Guard and how to install it in standalone mode, please see our previous blog. In the upcoming Windows release (Build 17691+), we have built an interface to configure Windows Defender Application Guard inside the Windows Security app. This allows users to configure Application Guard or check the administrator’s configuration of Application Guard at the same place as other Windows security features. The four settings that can be configured for Application Guard in the Windows Security app are: Save data Copy and paste Print files Advanced graphics Standalone users with devices that meet the minimum requirements will see Application Guard in the Browser & apps control section in Windows Security. From there, users can invoke the installation of this feature and configure its settings. When devices fall below the minimum spec, users will be alerted of this in the configuration page for Application Guard. Managed users can see how their administrators have configured their settings to have a better understanding of how they can operate between an Application Guard container and their host system. Here’s how users can configure or check their Application Guard status: Install and configure Go to the Windows Security app and select “App & browser control.” Select “Install Windows Defender Application Guard” under Isolated Browsing. Check the “Windows Defender Application Guard” box and Install from the Turn Windows features on or off screen and click OK. Restart your device. Return to the Windows Security app and select “App & browser control.” Select “Change Application Guard settings” to configure the settings. View managed Application Guard settings Go to the Windows Security app and select “App & browser control.” Select “Change Application Guard settings” to view the settings. Review the configurations set by your administrator. We encourage Windows Insiders to use the Windows Security app to configure and view Application Guard settings. Your feedback, suggestions, and telemetry will help us to improve Application Guard’s user experience. Feedback Hub link: Launch Windows Feedback for Microsoft Edge\Application GuardWindows 10 1709 - Defender detects Forticlient 5.6 and refuses to have defender be primary real time
Problem: If Forticlient 5.6 is installed and configured to have real time scanning disabled, in Windows 1709 defender forces its own real time scan to be disabled. The problem is the Forticlient is used for firewall policy enforcement so we really want to use it. Is there a way, through either Windows Intune or Defender ATP to configure that defender is primary threat protection? Thanks! -Neil
