More > JRiver Media Center 23 for Windows
So you think Windows Defender is turned off? Wrong!
JimH:
For others reading, here's a thread that Awesome Donkey kindly started:
Taming Windows Defender
tzr916:
--- Quote from: RoderickGI on February 04, 2018, 08:47:27 pm ---...So as you can see, Windows Defender is never off, and you can't uninstall it. So if strange things happen in MC, look first to Windows Defender Security Center.
--- End quote ---
Just a tad bit misleading/misunderstanding.
Unlike 3rd party security like Norton, Windows Defender is not part of, or the same as, Windows Firewall. They do two different things. Windows Defender is a scanner of files/processes while Windows Firewall blocks or allows network ports. They each have their own settings.
I don't use third party security, only built in Windows 10 Defender & Firewall on eight machines. I don't mess with Firewall settings, it does everything automatically. When a pop up to allow a program appears, I simply Allow. It has NEVER adversely affected my MC Server + 3 MC Clients, or any other programs I run on three laptops that do heavy browsing. I also don't mess with Defender settings, same reasons. It does things in the background and it has NEVER caused any problems.
The ONLY exception is if MC is doing something strange and Jim asks "antivirus". Which again, in Windows 10 is two different entities. And again, has NEVER actually turned out to fix any of the issues that I have had with MC (other's experiences may vary).
In reality, one can completely shut off Windows Defender in Group Policy - it will not scan any files/folders/processes. Have no idea about shutting off Windows Firewall, no interest in trying - either it allows a port or it doesn't (easy to check).
RD James:
It looks more like Norton 360 only manages rules for the Windows Firewall, rather than replacing it with its own firewall software.
A number of "firewall" applications do this. There's nothing wrong with the Windows Firewall.
--- Quote from: RoderickGI on February 04, 2018, 08:47:27 pm ---Now, remember that Microsoft started forcing an Antimalware solution on us some time back? Well, that is now integrated into Windows Defender, and shown under its Security Center. It is being kept up to date on my PC, and I have no way of stopping it. See the third image.
--- End quote ---
I don't see how Windows keeping it up-to-date means that it's running.
That's not the latest version either - the latest client is 4.12.17007.18011
--- Quote from: Elvis133 on February 05, 2018, 01:09:33 am ---Windows 10 is a quite annoying OS in it's total unwillingness to actually do what the user tells is to. Turing off defender in the group policy editor seems to work though.
--- End quote ---
Most users are idiots and would disable all security/protections if it let them, then they complain about Windows being "insecure" when their systems are infected as a result.
Just look at what happened last year with the WannaCry ransomware. Hundreds of millions to several billions of estimated damage, depending on whose estimate you go by, for something which had been patched months earlier.
--- Quote from: RoderickGI on February 04, 2018, 09:02:29 pm ---Windows Defender is almost good enough now, but I am yet to test it on its own, let alone rely on it. Maybe the day will come.
--- End quote ---
Defender is state of the art. It blocked the Bad Rabbit ransomware within fourteen minutes:
https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/
--- Quote from: RoderickGI on February 04, 2018, 09:02:29 pm ---Frankly, I don't think Microsoft is trustworthy enough to keep it leading edge, which Symantec does.
--- End quote ---
If I'm not mistaken, I believe it took them several days to update in response to the Meltdown vulnerability, preventing Windows from installing the security update.
It doesn't appear that Norton 360 has anything comparable to Defender's Controlled Folder Access for things like ransomware defense either.
flac.rules:
--- Quote from: RD James on February 05, 2018, 12:44:11 pm ---
Most users are idiots and would disable all security/protections if it let them, then they complain about Windows being "insecure" when their systems are infected as a result.
Just look at what happened last year with the WannaCry ransomware. Hundreds of millions to several billions of estimated damage, depending on whose estimate you go by, for something which had been patched months earlier.
--- End quote ---
Yeah, well, so let them, you can't prevent users from doing stupid stuff on an OS that lets you execute code, just make it reasonably clear that it's a bad idea, and let them turn it off. Defender can be as state of the art it wants, but it hogs resources and refuses to let the user control when and how it is running. The end result is that i turned it off completely. And don't get me started with the forced restarts, which i am sure has cost more data than any ransomware it has protected against.
RoderickGI:
--- Quote from: AndrewFG on February 05, 2018, 12:43:10 am ---In my experience Windows Defender is started by default when Windows starts, and with fairly strict settings. However about 3 minutes after boot, it checks if another AV / firewall is running (such as Norton) and if so, then Defender backs off and it let’s the other AV take over the lifting, and lets the other AV determine which applications to block and which files to scan etc.
--- End quote ---
I think this is the case as well, and have written the same in the forum previously. Norton used to start before almost anything else in the past, but I suspect changes in the Microsoft security model (protecting the boot process) now make that impossible. But my point remains the same: Windows Defender is never off. A user who just installed MC, turned on Media Server to start with Windows, and then rebooted will see the same alert I did. If they don't respond correctly and Allow access, they will soon be on the forum asking why MC isn't working.
--- Quote from: tzr916 on February 05, 2018, 07:49:28 am ---Just a tad bit misleading/misunderstanding.
--- End quote ---
Not really. If you look at Microsoft's Firewall, Antivirus, and Antimalware, you will see that it has all been rebranded as "Defender". So Windows Defender is never off if one of the three components is running. Which it is on every system reboot, at least for a while. (Unless turned off in a Group Policy I guess.)
--- Quote from: RD James on February 05, 2018, 12:44:11 pm ---It looks more like Norton 360 only manages rules for the Windows Firewall, rather than replacing it with its own firewall software.
A number of "firewall" applications do this. There's nothing wrong with the Windows Firewall.
--- End quote ---
I am pretty sure that Symantec run their own Firewall, which has been around longer than any Windows Firewall has. The two alerts I saw from Defender Firewall and Allowed created rules in Defender Firewall that already existed in Norton. I have recently created rules in Norton that do not appear in the Defender Firewall. In fact, the only rules in Defender Firewall that are not highlighted as "Predefined" when I try to edit them are Inbound Rules for programs that start with Windows such as Steam, Media Center (just created), Akaima Netsession Client (just created), EaseUS Backup, and a DNS Server Forward Rules. It would be nice if Norton updated the Defender Firewall rules in parallel, so they were there if I uninstalled Norton, but I conclude it doesn't.
Plus, maybe there is nothing wrong with the current Windows Defender Firewall, but earlier versions were atrocious, with limited capability and little user control. It now looks much better though.
--- Quote from: RD James on February 05, 2018, 12:44:11 pm ---I don't see how Windows keeping it up-to-date means that it's running.
That's not the latest version either - the latest client is 4.12.17007.18011
--- End quote ---
True, even if not used it is probably a good idea for Windows to keep the Antimalware and other security components up to date, in case a user uninstalls their third-party security software. But for me that still qualifies as Windows Defender is never turned off. I am just raising awareness here. ;)
I actually tried to confirm what the latest client version was, without much success so I stopped looking once I confirmed it was very recent. Updates to the Malicious Software Removal Tool (now Defender Antimalware) aren't shown in the Windows Update History. But I have now found that they are shown in the Reliability Monitor, and the last update was January 10 via KB890830. I'm not on a Windows Insider program so I don't get the earliest updates, and in Australia we actually do get updates at different times, usually later. One would hope that wasn't true for security components, but there you go; I haven't got that latest client.
--- Quote from: RD James on February 05, 2018, 12:44:11 pm ---Most users are idiots
--- End quote ---
I would put it a little differently, such as many users are unaware of the consequences of their actions with respect to technology, until they have a problem. But essentially, yeah.
--- Quote from: RD James on February 05, 2018, 12:44:11 pm ---Defender is state of the art.
--- End quote ---
Symantec is also very responsive, and use similar technologies to identify threats as discussed in that article. I don't know the actual time it took to block the various ransomware threats, but Norton sent out emails within hours of reports assuring users they were protected. Norton doesn't have anything like the new Controlled Folder Access capability as yet, and that is interesting. Norton do have excellent User Support via the Norton 360 interface though, with diagnostic tools to help solve problem automatically, and a chat system that is very responsive and helpful. They actually fix stuff straight away... Unlike Microsoft's "submit something via out Feedback App" approach.
Anyway, you are just convincing me that Defender (yes, all three components) are pretty much at the stage that I could remove Norton and rely on Microsoft... But that is a big ask at the moment because Microsoft has truly screwed me around over the last year or two. After all, Microsoft has just burned 15% of my CPU for quite some time because of an incompatibility with their own Firewall, requiring a reset of that Firewall, which I don't even use. I have looked for a solution several times since the problem arose, and it was only yesterday that I finally found a post on Tenforums that explained the simple fix. So trust is a difficult issue.
TL;DR Windows Defender is never off. ;D
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version