I have at least 3 of them. Mullvad secure DNS with filters. Portmaster firewall with filters. And one more which is so popular that YT is ready to ban just for saying about it )
You left a lot of us hanging. You really need to do a video that goes into more depth on determining the optimal settings of Defender UI for protection and performance, then do a comparison with what you consider are the top 2 other anti-virus software solutions.
He clearly does not recommend using windows defender as the only antivirus. Get Kaspersky bitdefender etc which are actually good. Plenty of well known players have free products as well. Windows defender eats up your system resources too. There is no meaningful justification to keep using it. If you're concerned about cost, get Kaspersky free version or some other good product there are plenty
@@vr0k3n There's literally zero mention of open source on their website, there's no access TO source code anywhere. Show me a path to the source code and i'll consider it open source after having examined the code. Not a second earlier.
(enterprise user here) ASR is crucial, along with cloud sampling. In the MDE cloud portal, there are additional controls like "device discovery" as well, by default, it acts as a network device scanner to scan the device's subnet and try to grab information and share to MDE portal.
Stop shitting on Windows Defender. It is free and awesome. You did not even show what features you left on and what off. Enable Memory integrity and Kernel Mode Stack protection. Whoever is reading this. This channel is heavily promoted by other AV solutions alternatives that basically do the same crap. Also, just to test your flow. I also I tested the same Ransome you claim to pass, and it blocked it.
You talk about things you don't understand and then thinking you can prove a security expert otherwise with random crap you made up. Anyone promoting Windows Defender are either held at gunpoint or just unexperienced people with "trust me bro" as source. There are better, free, more effective and safer antivirus-softwares than Windows Defender that can't even protect from a well-known form of threat.
WD is good enough for average user. And no other free antivirus is any better than WD. IF for any reason you need extra security, prepare to pay for it
@@greghust8608aha. it detects 10 000 % viruses and malware. Independent researchers showed that BD is not that good, it let some viruses to encrypt files on the computer, whereas WD did not let it go. ANY kind of statement like 100x better is just a propaganda. You need to make an individual and very careful comparison with updated antivirus and its database to make a meaningful conclusion
@@ТоварищКамрадовСоциалистКоммун That's the most obvious lie I've seen so far in my security days. WD is easily bypassed by any form of malware because of several reasons. BitDefender is way different in cybersecurity with modern and advanced detection features. I've been reading and watching so many reviews and tests on WD and have done my own tests on several VM's I can say BitDefender VS Windows Defender is like an adult vs a child. WD is officially one of the worst AV's in modern time together with McAfee and Avast/AVG as a family. 10,000% is the worst cap you could come up with. Just watch some of TPSC's own videos and reviews on the softwares. You talk about things you do not understand, so don't come up with unlogical summaries based on unrealistic fantasies.
I'd love to see you do a side-by-side test of WD, one VM with configure defender on the "max" template and the other VM with defender UI on the "aggressive" template
Woot you included DefenderUI!!! I’ve been waiting so long for you to make a video on this 🎉🎉🎉 ASR customization is DefenderUIs best feature, brings it closer to Defender for Endpoint. It just needs a self-defense mechanism.
It is actually a big shame to in 2024 see this type of behavior from WD. If you need to install another app to improve the security of WD then you might as well instead go with a third-party-antivirus. I would never rely my security on an antivirus that in 2024 can't even detect a "well-known threat" and is mostly chanceless against the modern advanced form of threats. However, good work on the review about this software, keep up the great informative work you provide us with!
I agree. This video is too shallow. The optimal setting combination needs to be explored and then a comparison with the top 2 alternatives made in both protection and effect on system performance.
@@jeffc6059 It's still trash how windows 11 limit the cpu gen and the ability to be upgraded and advertised as ExTrA sEcuRIty when it can't even blocked well known virsu from 3 fucking years ago
It's so insane to me those options aren't enabled by default on Windows Defender O_O What's the point in using it, then? I'd never fall for ransomware but i still have Kaspersky just in case whatever happens.
@@actuit depends heavily on the office suit, pdf software that you have installed. So the general guideline is to enable max protection by turning on or setting to "warn" in DefenderUI and set high security/privacy in your office/pdf suit as well, and disable those which break your routine work
Found implementing ASR in an Enterprise context that we had very little compatibility problems by doing so for the vast majority of rules. Honestly, some of those need to become Defender baseline. As for your question around Cloud Protection Level, it mostly has to do with how long will Defender hold up the process if it can't talk or receive a response. The higher you set it, the more chance a machine can seem to freeze or slow down when executing something. Should also be noted that Defender now also has a Application Whitelisting style solution called Smart App. Oddly, it can't be set to On if its ever been set to off (some sort of trusted verification chain), but on standard users, this is a really easy way to setup default deny.
The video really need two more parts: impact on app compatibility and relative system performance degradation benchmarking. You have sort of summed up the first. Thanks.
It's almost the same, but the difference is to enabling the sense process for reporting data to the MS SecurityCenter, but in general the major functionality is exactly the same as for private users.
Rather than use third-party tweaks for Windows Defender, I prefer to use ESET security suite, uBlockorigin adblocker, and Quad9 DNS, which blocks malware domains.
Without context, this test is not telling us much. Yes, carefully tuned, Defender improves, but at the same time consumes more resources. Without a comparison to other virusscanners, this does not tell us anything.
It consumes more resources cause it tries to make a careful analysis of every file. Don't you find this natural? Or you prefer that your AV just let some files go? The reasonable conclusion is only one: don't start many applications in a short period of time, especially one suspicious file after another, to let your AV make a good analysis, and generally let your system to distribute the system resources. Just like we normally do, right?
nice joke ) I'm sure that any normal use of PC will give enough time for WD/cloud to check if the file is safe or not. So running script that executes one file after another is no way a good estimation of AV capabilities. It's an extreme sport And when WD was a bit tweaked, it had all the time to check carefully every file executed, and was able to block all of them
If you look the last entry before the first test concludes it has processed 63 files an has a detection ratio 98.41%. I'm sure the final result was just a tad higher which means it basically tested to be just as effective as bitdefender and Kaspersky. How come that wasn't mentioned in the video. How come when bitdefender and Kaspersky tests to have the same 98% detection ratio we say oh that's great an then recomend them but when windows defender does it we say see told you defender was a piece of crap. The result shows that windows defender is clearly not crap.
Pretty sure he's sponsored by Kaspersky. There's literally no other way this makes sense, even US CISA recommends against using Kaspersky in enterprise.
@@IPendragonI please don't fool around in those test unknown files were used and here known ransomware from past decade was used where anything less than 100% is bad. and moreover the end result matters the defender could not save the files whereas others (kaspersky , bitdefender) blocked it somehow or the other using other protection mechanisms .... And moreover the US apps also collect data and if we the outer nation peoples are not worried why US hiccups when apps from other nation collects there data..Hypocritical Bs of a nation...Also he never mentioned name of kaspersky like that in this video so clear of your eye lenses and check your ears....
any free antivirus is no better than WD. Testing antiviruses by running a script which runs one after another viruses undermines the idea of cloud based analysis. No normal user will run many suspicious program at once, so your pc/internet bandwidth will be enough to research one file and get a good answer is it safe for it to run. Just like expected, in second scenario with 100% result it took much more time to run all the viruses. Which means that in reality your WD will also have close to 100% detection rate
Great info. Let's see if when using the UI, Defender can now compete with other products, given it is free. Buying paid malware protection products can become expensive when one has to protect a number of virtual and non-virtual devices.
*@The PC Security Channel* 2:19 Could you run this test again, but slower, give Windows PLENTY of time (several seconds?) to do the network checks & whatnot, and see if the detection ratio improves?
Hi Leo, no you definitely have to tweak Windows defender the best way of doing it is going through the edit local group policy if you can do that and tweak the heuristics and tweak the cloud level thisy ites it a little bit more difficult or more stringent more difficult to get t nohrough to the operating system. With that defender tool I'm assuming that you can tweak the settings even if you don't have the pro edition so that makes it even more effective tool to use.
About cloud detection, i use eset and when i want to open suspicious app or file it will block it first then it will do cloud analysis. If the app or file is safe it will let you use otherwise it will remove it. Antivirus should not allow suspicious app to run before analyzing it.
So is 98% considered good compared to other protection software? Is it enough to just have defender on my system? There was no comment about the overall performance of defender, would appreciate your input (or anyone else in the comments). Thank you!
yes, it's good. But if you plan to use it without tweaking its optional protection, you better go through ALL security/privacy settings in all your pdf/office/mail software and enhance them by: disabling scripts and macros by default, and enhancing other security settings, like disabling access to internet for pdf/office In fact, it's better to do it anyway, cause it's another layer of protection
Bear in mind this was a TINY test against just ransomware samples and has nothing to do with defenders overall protection As well as that, the world of ransomware even one sample being missed is game over
you need also bear in mind that it's not normal to run a script executing one malware after another. It's much more reallstic to EXTRACT a big pile of (possibly) malware files, which simulates a more likely situation. That's why many AV testers do exactly such kind of test instead of running a script. Though it does not deny that a method used in this channel is not relevant. It is relevant in some situations. And the result of 98% simply stands for a fact that windows defender under heavy load is much more capable when you give it a lot of time and/or system resources and a good internet access to online cloud test
you need also bear in mind that for a purpose of simplification of his test the owner of this channel runs his script under admin account, and possibly with minimal UAC security settings. Which no normal user should do )
@@slapme3582 Why would it be impossible in production? What kind of environment are you thinking about? About the other part(lolbins), yeah AppLocker doesn't block it. There is a similar program on Linux called fapolicyd and its approach is to not let interpreters even read the file.
I'd be very interested in how you set up your VMs to be sure that your Hypervisor doesn't get infected. Aswell as where you're getting all those malware samples from. Cheers!
Was mich jetzt nur intressieren würde ist ob auch die Firewall stärker oder genauso mies ist wie vorher? Wäre es möglich das mit einem Test herauszufinden?
Could you test the detection ratios of the open source antivirus ClamAV on Windows? Or Linux even. I've never seen a video like this and I have been curious about the detection ratios of this (only?) open source AV.
Clam av is not an antivirus, nor is it designed to be useful as one Its designed to be a malware scanner for mailboxes That means you set it up to scan every so often to remove malware people might send It has terrible detection rates when compared to any reasonable av (because its not an av) and is not something I would ever recommend using outside its intended purpose (this is the simple version)
@@sylussquared9724 Thanks for the clarification. You're probably right that it is not a realtime antivirus, even tho you could theoretically use it as one. Regardless, I would be interested to see detection results of a folder scan for example in comparison to second opinion scanners such as HitmanPro or Malwarebytes.
Nice vid Questions I'd ask is 1. If you just run black claw would windows detect and stop 2. Were the files in one drive and vault effected 3. Is letting python run part of the problem , ( doesn't python nominally get detected by Windows especially when it's doing things like launching a 100 malware programs , and some encryption programs use python ?)
The fact that you need to INSTALL a 3rd party tool, to bring up HIDDEN OPTIONS, shows how shit defender really is. No Option should be HIDDEN,and one should not need to INSTALL things to improve security.
Defender is built for many types of customers. It is also designed to be used with group policy (hence many of the settings are hidden). Also, if it came with the maximum settings by default, it would be a serious obstacle to home users at it would be way too aggressive and get in the way of users.
@@davidhoward4715 Actually, depending on the way you look at the feature, it is a trouble maker. Controlled Access Folder doesn't work like regular folder protection modules in market antiviruses, it's far more agressive and thefore less usable in the real world. Last time I checked, if you protected a folder, you couldn't even make yourself a modification in a document or use the space as an administrator, say decompress a zip file in the protected folder. User interaction with the mentioned folders was painful, resulting in a huge percent of the users disabling the feature.
@@gonzaloxmYeah, I would like to have it turned on but if I do I can't even play games because it doesn't let them save savefiles on the Documents folder
I don't understand why you disable the ransomware protection feature (Controlled folder access)? The whole idea of that to protect against you know Ransomware?
I think it's because controlled folder access is disabled by default, and he wanted to run a test specifically with the default settings, assuming a user has never changed any of them. But you are correct, if you want to protect against ransomware, its advised to turn this feature on even if you don't do anything else.
Controlled folder access stops ALL programs accessing the files A: See the above comment ^ B: That would make the test unfair and completely pointless as it would not block the ransomware but stop it from encrypting the files
Keep your stuff on an external HDD which is backed up on another external HDD. I started doing this about 14 years ago when my PC got infected by a ransomware. I learnt more about PC security and never had the same problem.
Recently purchased a new laptop this week. It came with McAfee pre-installed, and initially, I was pleased to receive a free 1-year subscription. However, after conducting some research, I decided to fully delete it and am now using Defender to protect it from internal threats like McAfee.
Only people who watched this video or already know about ASR rules will be able to follow it. I don't think it's enough for most computer users, since using Defender UI is already complicated for normal users, NOT US. But it's always good to know that at least we can reduce some cost for AV solutions for some computers that we don't poke random Internet websites. ;p
Does the UAC set up to the max prevent running obscured exe files pretending to be .docx or .pdf and similar? I.e. I download a text document but I don't intend to install anything right now. So denying the crap running.
Thanks for investigating and sharing!... I use a few utilities e.g. Winaero Tweaker but hadn't come across DefenderUI -- looks v. promising though, will be checking it out for sure! 👍🏼
Transformative content, I like that the malware sandbox domain allows you run a virtual machine all the way to Windows 7 32-Bit The one back at my house is 64 bit though
Hello, in your video in the progress of testing windows defender, cpu loaded on 100% May be Low performance cpu doesn't allow defender delete all Ransom in during
I do think there are differences now with the Windows Security (now the basic protection with windows OS) and the MS Defender AV from Microsoft with the Office, it would be nice to test this one to see what it is the differences.
I have customized ASR rules such as show allow from USB, block cred stealing from Lsass in Pro or enterprise windows editions(benchmate or any app that stores creds in plaintext excluding will fail post http method) and warning for psexec wmi and process creation.
Hi, I gratefully follow you about cyber security. I have a very basic/newbie doubt about PIN vs Password, and I'd like to have your opinion. Recently I switched my Windows account to a local one (for security reason), so now I can access on my Windows system by both my local password OR my old Windows PIN, that's redundant IMO. Q: From a security point of view, is it good keeping only the local password, or is it better maintaining both methods?
Automating the execution really defeats the purpose though doesn't it ? Ransomeare is a user issue, as are a good percentage of incidents. Its the low hanging fruit.
Honestly, one of the easiest methods is sending E-mails with malicious links or even documents with malicious scripts attached. You'd be surprised how effective that approach is for targeting businesses with a fair share of employees on a shared network. 🫣
Using a 3rd party NON opensource tool from a pretty sketchy website and using it... Personally I can't believe you would ' recomend' using this. This raises some serious red flags with me... Not sure about what defenderUI actually does or claims to do or actually does it since it isn't open source.
Hi. Could you investigate the issue regarding unsubscribing from various anti-virus software packages. I recently wanted to cancel my own very well known product but the option to cancel renewal wasn't even available.
that's a standard practice for many online services. You give your credits once - and it never ends. ALWAYS check if the company has a physical address where you can send a letter which obliges the company to close the contract