@@kekwnet no. He uses a VM which is completely isolated and those dont know that they are VM. Doesnt necessarily mean disconnected from internet. Otherwise he couldnt use the cloud servce protection of MS security.cheers
That ransomware should be fake. It was made by The Jester who is grey hat hacker. He helps defend the US from attacks. He made that to help out the hit TV show. Mr. Robot. So it shouldn't do anything unless someone made it as a joke/not a joke.
Would have been interesting to do the same test with Windows Defender not configured one more time with the same samples just to compare the numbers at the end of the video.
@Vishal Belbase not true. There are some identificators for virtual machines and if a malware can read them it can interpretate that he is in a virtual machine
(Quite possibly dumb) Sub-question: If it does escape from a Windows VM but the host runs Linux or Mac, would it be possible for the host to get infected?
Hi Leo, I like what you did you beef up WD and you could have beefed it up, even more, there are other settings within-group edit where you could have made some other minor changes. You can see where this becomes a powerful tool to use an a enterprise environment as well as the home user.
Would be good to see how well ransomware is stopped using OpenDNS, Cisco Umbrella, Cloudflare 1.1.1.1 Family etc with AV protection (double layers of security) Keep up the great work... :)
Quite disappointed that Microsoft removed the "Desktop" location from controlled folders access by default. That is probably because it was causing conflicts when newly installed software was trying to create desktop shortcuts to lauch the program (I experienced these false positive blocks)
@@HotCakeX yeah and 99% of pepole doesnt have it and is a insider beta.No one cares about name before defender it was called Windows Security Essentials. Its the same 20h1 doesnt change much and how do you know what version is he using.
Brother, where are you? Brother? Brother this is the fifth boot.......plz no....brother! therefore, Leo and his VM is haunted and this error will arise in his dreams
So friend congratulations on the excellent test with Windows Defender, I think that if you had removed the powershell as the main one and had deactivated it and left only the CMD as the main one this error might not occur in the end ... But even with this error in the end if u were at Start and located the error and remove with CCleaner or privacy eraser at the start of windows nothing would appear and the pc would be clean ... Congratulations Windows Defender has stood out in profound improvements with the artificial intelligence that was recently implemented. ..
Going through my watch later. Man this is an old video. I remember watching this when it released and it introduced me to something I never knew I'd love so much. I can't say I'm perusing a serious career in cybersecurity yet, but the amount I've learned through these years is unbelievable.
Love your videos. Most informative I've ever found! If you had a choice of Bitdefender free (which I don't think has the safe files feature). Or Windows defender (so you can implement controller access). Which should you go for? In other words, is the availability of a controlled access feature valuable enough to warrant a less reliable detection rate?
The malware at the end of the video was probably successful because Attack Surface Reduction rules were not enabled. Testing malware files on the local network completely negates Block at First Sight even with this setting enabled via GPO (because the samples are missing the Mark of the Web.) At least this test method is better than his previous "tests" of WD, but his video is more a demonstration of WD's features than something resembling a real-world test.
Looks to me those MAPS group policy settings are not needed to harden if you already turn on "cloud-delivered protection" and "automatic sample submission" in your regular virus & threat protection settings. The group policy for 'Join Microsoft MAPS' states "In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership." The pre-reqs for block at first sight are: Join MAPS enabled (defaults to advanced if cloud-delivered protection is enabled), send file samples for analysis enabled (default to 'safe files' if automatic sample submission is enabled) and scan all downloaded files/attachments enabled (enabled by default if real-time protection is on). So all pre-reqs are already met. Furthermore the windows event logs show this when enabling the block at first sight policy: "Windows Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: Default\SpyNet\DisableBlockAtFirstSeen = 0x0 New value: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet\DisableBlockAtFirstSeen = 0x0" In other words, it was already not disabled...so enabled.
I added this video to my watch list. I'm at work right now but have always been a fan of Bastille so I must watch.
4 года назад
Windows Pro and Enterprise users that have their systems not in domain, you cannot summon Group Policy(gpmc.msc). However, you can summon Local Policy Editor(gpedit.msc), which is technically the same thing. Most changes are enacted after restart because most of them are registry keys.
About the fragmented malware which causes an error icon to appear in every restart : i'm most certain that if you had used AVG's *before- boot-to -windows -scan* this …. "haunted malware" as you called it , would have disappeared without the need for a PC-format . I have told you in the past how good is this unique scan from AVG , and to be honest ,I find it very weird that you don't even mention it at all !! . I believe that a unique protection feature such as this , would be worthy of some kind of mentioning …. Anyway , once again ,you have made another great video !! I really enjoy them !!
@@augusto3045 CORRECT , but he has a standard procedure during his tests . When he finishes the initial test , afterwards he performs PC-scan with several antivirus in order to check that everything is fine with the PC ( in this video check at @7:18 to see what I mean ). That's what I meant . I believe that if he had performed AVG's before ""boot to windows scan"" , instead of the standard scanning with Antivirus like Norton , Hitman Pro , i'm very confident that the issue with the ""haunted-malware"" would have been solved. That's what I meant.
Powernod - he could simply have used WD scan in offline mode which reboots, checks the boot sector and runs in safe mode, then reboots back into normal mode and gives you results. No need to install yet another AV.
computing requires an enormous amount of mathematical type thinking ... AND THIS IS YOUR BEST VIDEO TO DATE !!! good music and the warehouse door slamming SOUND AFFECT is also great ...
I checked your kaspersky video and honestly the CPU usage was not very different (stayed on the mid 20's most of the time with spikes to 40's) and got a bit of a better result 99.53 vs 99.9. This was not a bad result for an included feature, not bad at all.
of course you would want the firewall on.. I know some MSPs & ERP providers that would disagree. Always fun to see that disabled because otherwise it's difficult to troubleshoot..lol
It’s running through 1500 samples . This is not real world but a massive test all at once . 26 to 50% is fine when it does better than crowdstrike and cylance
I honestly wonder if my logic is correct. Modern windows is more solid so it rather shouldn't get infected easily like xp, vista or 7. So; 1. Using custom firewall 2. UAC with password for changes 3. Browser with anti malware adons 4. Opening unknown documents in the browser/one drive/sandbox is that enough?
I would guess so. But I would also say that no antivirus and just visiting genuine websites with adblocker turned on and making backups regularly _could_ be enough. I still use Kaspersky since I know I will at some point visit a dodgy website or download a dodgy executable. These few bucks a year are worth it for me since I like the data on my pc enough to spend that money.
@@kimakhiangte How about don't visit file sharing/streaming sites to begin with. Stealing software is how morons get infected, and illegal streaming sites are a hotbed for malvertising.
Really would love a video about general Windows or PC hardening! Some kind of "essentials" series on defense would rule. Found this channel today because I accidentally infected my computer yesterday with over 500 files. First time every doing something like that. I felt so stupid. I was moving too fast and clicked an ad instead of the real download. I felt like a grandma! But now i've been diving deep into PC security and finding it all super fascinating. Malwarebytes was able to get my PC clean and back to where it was before. (I hope)
Or to outsmart those who make malware. They hide in normal downloads. My computer was overrun by a malware which I got when I tried a mod for a game online.
Great video. Windows Defender got a great detection improvement, too bad those settings make Windows unusable. Folder protection alone throws false positives like there is no tomorrow.
That is the fundamental challenge when building any detection engine, and Microsoft's isn't any different. With the high level of configurability, at least now, it gives users options for different scenarios.
Firstly, thanks for the comprehensive insight. Secondly, I was wondering what your thoughts were on the various guards? Thirdly, looking forward to the windows hardening tips. Keep up the great work :)
Had the same sort of ghost as you put it that would appear everytime you boot up after being infected by malware, Used Autoruns software and found the entry of the component that was trying to start in the scheduled task tab, deleted the reg entry and all good after that, system was thoroughly cleaned first, might be handy for others that were left with the same problem
Honestly, the 'performance hit' isn't as great as you want to think it is. the thing is, if you slam it with 100's+ of new files all attempting to load at the same time... ya it's going to do bad things. Though frankly I was someone who LOVED Comodo security suite & a literal every program had to be checked off & approved to be allowed to run (I accidently broken win 8.1 & 10, with it) and for the very feature I loved in it, to be including in windows 10 baked in... even if a preformance hit .. is great. There is always trade off with security & performance, but that hit is in load times, and first file loads... along with a secondary benefit of when a file is updated, it is considered first sight again.. which can help avoid subtle infections that otherwise get overlooked because it was clean once.
What specs do your virtual machines have? I'd just like to have a reference point for how much of your resources they're using as evidently 50% of 8gb isn't the same as 50% of 32gb etc.
That was pretty good for software you dont need to pay extra for. I currently use Emsisoft and will probably continue to do so when it runs out but I also have Malwarebytes Premium untill 2022 free from Natwest, and Hitman Pro as my startup/second opinion scanner :)
Don’t know if anyone else is like this too, but watching videos about others downloading malware is spine-chilling to me. That’s why I’ve really never watched videos like this. But I mean-content like the stuff Leo makes is something that you can’t find anywhere else and is also pretty interesting too lol 😂 And I’m over here watching malware one-tap PCs on one of the safest devices ever: an iPad computer lmao 🤣
Can you test Iobit Malware Fighter and Iobit Advance System Care Ultimate. Im running both right now and im wondering your thoughts on them running together. Thanks for all your videos keep them coming. You should set up the you tube join option. Im happy to pitch in a few bucks every month to help you get access to software keys for testing. Im sure I am not the only one willing to do so either.
Hey there! Do you think I can do this Windows Hardening with an i7-8700k and 16GB RAM while simultaneously being able to game/browse and such? I don't want to much of a performance impact.
Did you have a chance to make the same tests (including Ransomware Tests) in Windows Defender ATP? It would be interesting to do it and check how the system holds up! Thank you for your vids! Nice work!
Please make the video on hardening windows soon! I have no idea where to start but want to harden a VM so that viruses/people can't break out and do damage. Thanks!
Hi, First of all thanks much for this video. I'm in the process of creating tweakguides screenshots to harden Windows Defender as you suggested. I did the exact same method and settings that you did except I turned on Pua protection through group policy not Powershell because I was getting an error there with. My one question for you is that I think I have noticed a slight decrease in performance and if that's true which of these settings if not all of them are going to have the most impact on performance?
These settings are something interesting and that I didn't know existed. But for those who do not have the policy editor, such as Windows 10 Home users, how do you change these options?
@@lukasvincourcz7043 that could be it, or they are just incompetent. Just look at how fucked settings still are on Windows 10, having to change between the control panel and the settings app all the time to do simple things.
theres a youtube video that said/ explained why microsoft have this inconsistency issues, i belive it said its because of legacy aplications and because they have to support all old software and stuff as well as when they remove or change something as simple as paint they still have alot of complains.... microsoft did said they eventually want to put all control panel options in the new one tho and they are progressing on it as its slowly getting new options. now how true this is i don't know tho. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-bC6tngl0PTI.html ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-hn5QjtpjW_U.html
@@jasertio Yes, this is true. Even in the Windows registry were you see different settings for: "Windows" and "Windows NT". But as somebody said it, I guess it is because they want to keep it compatible with legacy applications and also have the legacy bugs
Will you still recommend free Kaspersky and Bitdefender over Window's Defender? Also, can we have a new video of both free Kaspersky vs free Bitdefender?
@NossR94 I don't think so ... Comodo Antivirus has the sanbox, the HIPS and the behavioral analysis that makes it armored compared to other free or paid ones.
Nunzio d'Abbruzzo - the HIPS is a nightmare, it doesn’t train properly, nor create rules for safe applications properly, and finally doesn’t always remember the settings and keeps triggering for something already saved. Comodo is a very nice idea, but it’s not tested properly and quality issues, I always feel like a beta tester, yet it’s released for production.
I'd like to see windows defender combined with malware bytes premium. I'd also like to see kaspersky against bitdefender again except the 2020 versions. Thanks!
Why does he enable PUP protection via powershell rather than with the GPO that does it? Also I found I had to load the powershell module for defender manually from the av install folder in programdata... on win 2004 anyway...
I have Norton AV and Malware-bytes installed on my computer (both are paid versions) I can't believe that Malware-bytes was hardly mentioned in this video or in the comments. I can't live without either. Have to say that Malware bytes catches most all threats before my Norton. Windows Defender is just better then nothing. Other then that. Defender if you have to put in all those setting is a piece of junk. Also free anything is better then nothing, but not at all as good as any paid version. Also note that anti virus protection and malware protection are two different things. In my opinion you need both. BTW even the best AV or Malware software you have installed. Those threats out there are smarter and can sometimes pass by. So you stay safe and keep your computer safe.
This would be more realistic if it was showcasing how good defender is under normal settings (aka a home environment where a user doesn't know anything) and just proceeds with life like all is good. Home license doesn't have GP available.
Question: I've ran a Full Scan with my Window Defender, and it showed me that I've hundreds of threats found caused of the new Kali Installer I've been installed in my VM. It never happened b4 but just started a few weeks ago, I've clicked on the " Start actions " button to remove those threats, but it never worked... What should I do now? just completely delete the Kali iso? but I needed it for my study.. >.< Sry if I've asked a weird question.
Hey leo try one of those experiments in free protection. try using Kaspersky free ransomware protection with a hardened windows defender and see if it tests to be an effective solution or not. I don't about you but i think that would be quite an interesting test.
George K - this group policy is for Defender. If you use Avast or any other antivirus it will disable Defender completely, so it would be irrelevant to change the group policy.
I have been using Windows Defender exclusively for the past 5-6 years from Windows 7 to Windows 10. Of course, I don’t download hacks/cracks these days. I pay for the software I used for at least 12-13 years now. Also, I create normal user account along with one admin account. I only login using a non-admin account. Also, using a group policy I disable UAC and require a password to run as admin when using a non-admin account. This makes sure I don’t click the stupid UAC dialog prompt by accident .