INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: So you think Windows Defender is turned off? Wrong!  (Read 19751 times)

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
So you think Windows Defender is turned off? Wrong!
« on: February 04, 2018, 08:47:27 pm »

G'Day folk,

I had to reset the Windows Defender Firewall today to fix a problem created with the "Internet Connection Sharing" service by one of Microsoft's recent updates. I don't even use ICS, but I do have Hyper-V Manager installed, and it needs the ICS service to connect to the internet from a VM.

Note that I am running Windows 10 Pro with the latest updates available in Australia (version 10.0.1.16299 Build 16299 / version 1709 installed Dec 15, 2017, with patches up to January 10th). I also run Norton 360 Antivirus and Firewall, which includes Antimalware. So I do not rely on any of the Windows Defender functionality. All security is managed by Norton, including all security settings. This made it a bit of a challenge to reset the Windows Defender Firewall without completely uninstalling Norton 360, but I managed.  ;D

To do so I turned off Norton 360 and tried the reset functions is various parts of Windows. Most were not active, but I found a "Restore Default Policy" link in the "Windows Defender Firewall with Advanced Security" App that I have installed. This is actually a Management Console and allows Group Policy changes. It just gives more control of Defender.

Anyway, with the firewall reset I turned Norton 360 back on and rebooted my PC. Windows Defender Firewall should not be blocking applications under those conditions. Well, soon after rebooting the PC I had two notifications from Windows Defender Firewall that it had blocked applications, one of which was JRiver Media Center 23!  See the first image.

Naturally, I allowed MC access. But it got me thinking, what other components of Windows Defender are still running? Take a look at the second image. Yes, that's right, even though I am using Norton 360 there is a switch to turn on periodic Defender Antivirus scanner scans in parallel to Norton 360. What?! I think that switch is off by default. Is it turned on in your Windows 10 installation?

Now, remember that Microsoft started forcing an Antimalware solution on us some time back? Well, that is now integrated into Windows Defender, and shown under its Security Center. It is being kept up to date on my PC, and I have no way of stopping it. See the third image.

But wait! There's more!

So we know from the first image that Windows Defender Firewall is still operating even though I have a third party firewall installed, up to date, and operating. (Did you know that if your Antivirus or Firewall definitions aren't up to date, Defender will turn itself back on? Nah. I'm sure you didn't. Haven't renewed your third party Antivirus subscription? Say Hello to Defender!) Also, did you know that Defender Firewall works in three Profiles by default; Domain, Private, and Public Profiles. It seems when Norton 360 is installed and in control of Firewall settings, Defender thinks that it is only covering the Domain Profile, so it keep working in the Private and Public Profiles. The Private Profile was responsible for the two alerts I mentioned earlier. See the fourth image.

In fact the  "Windows Defender Firewall with Advanced Security" App shows that Defender Firewall is still active in all Profiles, even though it also shows the Norton 360 is managing the settings for those. See image five.

So as you can see, Windows Defender is never off, and you can't uninstall it. So if strange things happen in MC, look first to Windows Defender Security Center.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

DJLegba

  • Citizen of the Universe
  • *****
  • Posts: 995
Re: So you think Windows Defender is turned off? Wrong!
« Reply #1 on: February 04, 2018, 08:54:25 pm »

Resistance is futile! Why bother using Norton?
Logged

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #2 on: February 04, 2018, 09:02:29 pm »

At some stage I may drop Norton, but once Symantec got rid of all the bloat in it, it has actually been a very efficient and reliable security solution, and rarely gets in my way. So I am sticking to it at the moment.

Windows Defender is almost good enough now, but I am yet to test it on its own, let alone rely on it. Maybe the day will come.

Frankly, I don't think Microsoft is trustworthy enough to keep it leading edge, which Symantec does. Just look at the bug with ICS. It has been around for quite a while and has a major impact: 15 to 25% CPU utilisation all the time, and ICS no longer works for those who need it. Microsoft's best repsonse is: "Use our wonderful Feedback App to tell us all about it. We do read that. Yes, we do!"  Yeah, I believe you...Not.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

AndrewFG

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 3392
Re: So you think Windows Defender is turned off? Wrong!
« Reply #3 on: February 05, 2018, 12:43:10 am »

In my experience Windows Defender is started by default when Windows starts, and with fairly strict settings. However about 3 minutes after boot, it checks if another AV / firewall is running (such as Norton) and if so, then Defender backs off and it let’s the other AV take over the lifting, and lets the other AV determine which applications to block and which files to scan etc.
Logged
Author of Whitebear Digital Media Renderer Analyser - http://www.whitebear.ch/dmra.htm
Author of Whitebear - http://www.whitebear.ch/mediaserver.htm

flac.rules

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1268
Re: So you think Windows Defender is turned off? Wrong!
« Reply #4 on: February 05, 2018, 01:09:33 am »

Windows 10 is a quite annoying OS in it's total unwillingness to actually do what the user tells is to. Turing off defender in the group policy editor seems to work though.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Re: So you think Windows Defender is turned off? Wrong!
« Reply #5 on: February 05, 2018, 07:33:59 am »

For others reading, here's a thread that Awesome Donkey kindly started:

Taming Windows Defender
Logged

tzr916

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 1392
Re: So you think Windows Defender is turned off? Wrong!
« Reply #6 on: February 05, 2018, 07:49:28 am »

...So as you can see, Windows Defender is never off, and you can't uninstall it. So if strange things happen in MC, look first to Windows Defender Security Center.

Just a tad bit misleading/misunderstanding. 

Unlike 3rd party security like Norton, Windows Defender is not part of, or the same as, Windows Firewall. They do two different things. Windows Defender is a scanner of files/processes while Windows Firewall blocks or allows network ports. They each have their own settings.

I don't use third party security, only built in Windows 10 Defender & Firewall on eight machines. I don't mess with Firewall settings, it does everything automatically. When a pop up to allow a program appears, I simply Allow. It has NEVER adversely affected my MC Server + 3 MC Clients, or any other programs I run on three laptops that do heavy browsing. I also don't mess with Defender settings, same reasons. It does things in the background and it has NEVER caused any problems.

The ONLY exception is if MC is doing something strange and Jim asks "antivirus". Which again, in Windows 10 is two different entities. And again, has NEVER actually turned out to fix any of the issues that I have had with MC (other's experiences may vary).

In reality, one can completely shut off Windows Defender in Group Policy - it will not scan any files/folders/processes. Have no idea about shutting off Windows Firewall, no interest in trying - either it allows a port or it doesn't (easy to check).

Logged
JRiverMC v33 •Windows 10 Pro 64bit •Defender Exclusions •ṈŘ 3rd party AV
•ASUS TUF gaming WiFi z590 •Thermaltake Toughpower GX2 600W
•i7-11700k @ 3.6GHz~5GHz •32GB PC4-25600 DDR4
•OS on Crucial P5 Plus M.2 PCIe Gen4 •Tv Recordings on SATA 6TB WD Red Pro
•4 OTA & 6 CableCard SiliconDust Tuners
•nVidia RTX2060 •XBR65Z9D •AVRX3700H •Fluance 7.2.2 [FH]
•SMP1000DSPѫRSS315HE-22■DIYSG Cube-12
•eD LT.500ѫeD 13ov.2■eD A3-300

RD James

  • Citizen of the Universe
  • *****
  • Posts: 1871
Re: So you think Windows Defender is turned off? Wrong!
« Reply #7 on: February 05, 2018, 12:44:11 pm »

It looks more like Norton 360 only manages rules for the Windows Firewall, rather than replacing it with its own firewall software.
A number of "firewall" applications do this. There's nothing wrong with the Windows Firewall.

Now, remember that Microsoft started forcing an Antimalware solution on us some time back? Well, that is now integrated into Windows Defender, and shown under its Security Center. It is being kept up to date on my PC, and I have no way of stopping it. See the third image.
I don't see how Windows keeping it up-to-date means that it's running.
That's not the latest version either - the latest client is 4.12.17007.18011

Windows 10 is a quite annoying OS in it's total unwillingness to actually do what the user tells is to. Turing off defender in the group policy editor seems to work though.
Most users are idiots and would disable all security/protections if it let them, then they complain about Windows being "insecure" when their systems are infected as a result.
Just look at what happened last year with the WannaCry ransomware. Hundreds of millions to several billions of estimated damage, depending on whose estimate you go by, for something which had been patched months earlier.

Windows Defender is almost good enough now, but I am yet to test it on its own, let alone rely on it. Maybe the day will come.
Defender is state of the art. It blocked the Bad Rabbit ransomware within fourteen minutes:
https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/

Frankly, I don't think Microsoft is trustworthy enough to keep it leading edge, which Symantec does.
If I'm not mistaken, I believe it took them several days to update in response to the Meltdown vulnerability, preventing Windows from installing the security update.
It doesn't appear that Norton 360 has anything comparable to Defender's Controlled Folder Access for things like ransomware defense either.
Logged

flac.rules

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1268
Re: So you think Windows Defender is turned off? Wrong!
« Reply #8 on: February 05, 2018, 12:56:48 pm »


Most users are idiots and would disable all security/protections if it let them, then they complain about Windows being "insecure" when their systems are infected as a result.
Just look at what happened last year with the WannaCry ransomware. Hundreds of millions to several billions of estimated damage, depending on whose estimate you go by, for something which had been patched months earlier.


Yeah, well, so let them, you can't prevent users from doing stupid stuff on an OS that lets you execute code, just make it reasonably clear that it's a bad idea, and let them turn it off. Defender can be as state of the art it wants, but it hogs resources and refuses to let the user control when and how it is running. The end result is that i turned it off completely. And don't get me started with the forced restarts, which i am sure has cost more data than any ransomware it has protected against.
Logged

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #9 on: February 05, 2018, 05:17:10 pm »

In my experience Windows Defender is started by default when Windows starts, and with fairly strict settings. However about 3 minutes after boot, it checks if another AV / firewall is running (such as Norton) and if so, then Defender backs off and it let’s the other AV take over the lifting, and lets the other AV determine which applications to block and which files to scan etc.

I think this is the case as well, and have written the same in the forum previously. Norton used to start before almost anything else in the past, but I suspect changes in the Microsoft security model (protecting the boot process) now make that impossible. But my point remains the same: Windows Defender is never off. A user who just installed MC, turned on Media Server to start with Windows, and then rebooted will see the same alert I did. If they don't respond correctly and Allow access, they will soon be on the forum asking why MC isn't working.

Just a tad bit misleading/misunderstanding. 

Not really. If you look at Microsoft's Firewall, Antivirus, and Antimalware, you will see that it has all been rebranded as "Defender". So Windows Defender is never off if one of the three components is running. Which it is on every system reboot, at least for a while. (Unless turned off in a Group Policy I guess.)


It looks more like Norton 360 only manages rules for the Windows Firewall, rather than replacing it with its own firewall software.
A number of "firewall" applications do this. There's nothing wrong with the Windows Firewall.

I am pretty sure that Symantec run their own Firewall, which has been around longer than any Windows Firewall has. The two alerts I saw from Defender Firewall and Allowed created rules in Defender Firewall that already existed in Norton. I have recently created rules in Norton that do not appear in the Defender Firewall. In fact, the only rules in Defender Firewall that are not highlighted as "Predefined" when I try to edit them are Inbound Rules for programs that start with Windows such as Steam, Media Center (just created), Akaima Netsession Client (just created), EaseUS Backup, and a DNS Server Forward Rules. It would be nice if Norton updated the Defender Firewall rules in parallel, so they were there if I uninstalled Norton, but I conclude it doesn't.

Plus, maybe there is nothing wrong with the current Windows Defender Firewall, but earlier versions were atrocious, with limited capability and little user control. It now looks much better though.

I don't see how Windows keeping it up-to-date means that it's running.
That's not the latest version either - the latest client is 4.12.17007.18011

True, even if not used it is probably a good idea for Windows to keep the Antimalware and other security components up to date, in case a user uninstalls their third-party security software. But for me that still qualifies as Windows Defender is never turned off. I am just raising awareness here.  ;)

I actually tried to confirm what the latest client version was, without much success so I stopped looking once I confirmed it was very recent. Updates to the Malicious Software Removal Tool (now Defender Antimalware) aren't shown in the Windows Update History. But I have now found that they are shown in the Reliability Monitor, and the last update was January 10 via KB890830. I'm not on a Windows Insider program so I don't get the earliest updates, and in Australia we actually do get updates at different times, usually later. One would hope that wasn't true for security components, but there you go; I haven't got that latest client.


Most users are idiots

I would put it a little differently, such as many users are unaware of the consequences of their actions with respect to technology, until they have a problem. But essentially, yeah.



Defender is state of the art.

Symantec is also very responsive, and use similar technologies to identify threats as discussed in that article. I don't know the actual time it took to block the various ransomware threats, but Norton sent out emails within hours of reports assuring users they were protected. Norton doesn't have anything like the new Controlled Folder Access capability as yet, and that is interesting. Norton do have excellent User Support via the Norton 360 interface though, with diagnostic tools to help solve problem automatically, and a chat system that is very responsive and helpful. They actually fix stuff straight away... Unlike Microsoft's "submit something via out Feedback App" approach.

Anyway, you are just convincing me that Defender (yes, all three components) are pretty much at the stage that I could remove Norton and rely on Microsoft... But that is a big ask at the moment because Microsoft has truly screwed me around over the last year or two. After all, Microsoft has just burned 15% of my CPU for quite some time because of an incompatibility with their own Firewall, requiring a reset of that Firewall, which I don't even use. I have looked for a solution several times since the problem arose, and it was only yesterday that I finally found a post on Tenforums that explained the simple fix. So trust is a difficult issue.

TL;DR Windows Defender is never off;D
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

tzr916

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 1392
Re: So you think Windows Defender is turned off? Wrong!
« Reply #10 on: February 05, 2018, 06:11:18 pm »

Not really. If you look at Microsoft's Firewall, Antivirus, and Antimalware, you will see that it has all been rebranded as "Defender". So Windows Defender is never off if one of the three components is running. Which it is on every system reboot, at least for a while. (Unless turned off in a Group Policy I guess.)
I guess... The antivirus scanner is now called "Virus & Threat Detection", while the firewall is now called "Windows Defender Firewall". Both can be accessed through "Defender Security Center", but they are two completely different parts that each have their separate functions and settings. One can certainly turn off antivirus without affecting firewall, by design.

While I understand the possible reasons someone might want to turn off file/process scanning (cpu cycles, disk activity, etc)... Can someone explain what reason there would be to turn off/uninstall the firewall? Basically allow all programs, and open all ports. Isn't that way way more dangerous than turning off virus scanning?

But if someone is feeling brave: https://www.youtube.com/watch?v=eM9n6I7_X8U
Logged
JRiverMC v33 •Windows 10 Pro 64bit •Defender Exclusions •ṈŘ 3rd party AV
•ASUS TUF gaming WiFi z590 •Thermaltake Toughpower GX2 600W
•i7-11700k @ 3.6GHz~5GHz •32GB PC4-25600 DDR4
•OS on Crucial P5 Plus M.2 PCIe Gen4 •Tv Recordings on SATA 6TB WD Red Pro
•4 OTA & 6 CableCard SiliconDust Tuners
•nVidia RTX2060 •XBR65Z9D •AVRX3700H •Fluance 7.2.2 [FH]
•SMP1000DSPѫRSS315HE-22■DIYSG Cube-12
•eD LT.500ѫeD 13ov.2■eD A3-300

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #11 on: February 05, 2018, 06:41:28 pm »

I guess...

While the menu item may be called "Virus & Threat Detection" in the  "Windows Defender Security Center", once you click into that menu item it is called "Windows Defender Antivirus". There is also "Windows Defender SmartScreen", not to forget that all the Exploit Protection components have been moved into the "Windows Defender Security Center", plus Parental Controls. It's a rebranding of what were multiple components, and the first step to combining them into one User Interface.

All security suites I have ever used allowed either or both the Firewall and Antivirus to be turned off when required. Almost all started as separate applications. Certainly, Norton did, and then the User Interface was blended.

Can someone explain what reason there would be to turn off/uninstall the firewall?

Because I have another Firewall and don't want two running. That would be worse than running double NAT in a network setup. Two sets of rules to maintain, unless they are automatically synchronised. Two Firewalls to manage when trying to identify problems. No thanks.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

tzr916

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 1392
Re: So you think Windows Defender is turned off? Wrong!
« Reply #12 on: February 05, 2018, 07:13:52 pm »

IMO, you should consider changing the title of the topic to:

"So you think Windows Defender Firewall is turned off? Wrong, unless you actually go into GPE and turn it off"
Logged
JRiverMC v33 •Windows 10 Pro 64bit •Defender Exclusions •ṈŘ 3rd party AV
•ASUS TUF gaming WiFi z590 •Thermaltake Toughpower GX2 600W
•i7-11700k @ 3.6GHz~5GHz •32GB PC4-25600 DDR4
•OS on Crucial P5 Plus M.2 PCIe Gen4 •Tv Recordings on SATA 6TB WD Red Pro
•4 OTA & 6 CableCard SiliconDust Tuners
•nVidia RTX2060 •XBR65Z9D •AVRX3700H •Fluance 7.2.2 [FH]
•SMP1000DSPѫRSS315HE-22■DIYSG Cube-12
•eD LT.500ѫeD 13ov.2■eD A3-300

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Re: So you think Windows Defender is turned off? Wrong!
« Reply #13 on: February 05, 2018, 07:16:26 pm »

I think you could just say, "Do you have a problem with antivirus software?"  ;)
Logged

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #14 on: February 05, 2018, 08:13:49 pm »

Well, you already have an Antivirus thread Jim, and it's not just Antivirus these days. In fact, it's not even just Antivirus and Firewall software. While much of the security software is related to one or the other, and more often Firewall capabilities, there is a growing suite of tools that are neither one or the other.

I could have used the title "Do you use a third party security suite on Windows 10 but still have problems with security software functions such as applications, processes, and sites being blocked when not expected?" But that is a bit long.

I don't care if technically the Defender Firewall can be turned off via Windows Policies. I don't want users stuck with a problem to only think about their Firewall or Antivirus software. I want them to think Security Software, and specifically, that Windows Defender thing that I disabled so is absolutely, definitely, NOT the problem I am describing here to you so no, I'm not going to check it or turn it off, but I want you, a fellow user, to fix it for me NOW! Because that is what some of these threads seem to be about these days.

I had hard evidence that Windows Defender was still interfering with Media Center even though I use another security suite, so I shared that evidence and expanded on it a bit.

The message is simple: In Windows 10 today, if you see any issues, assume that Windows Defender is always running.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Re: So you think Windows Defender is turned off? Wrong!
« Reply #15 on: February 05, 2018, 08:22:28 pm »

I agree with everything you've written.  I was only kidding.
Logged

RD James

  • Citizen of the Universe
  • *****
  • Posts: 1871
Re: So you think Windows Defender is turned off? Wrong!
« Reply #16 on: February 05, 2018, 08:58:37 pm »

True, even if not used it is probably a good idea for Windows to keep the Antimalware and other security components up to date, in case a user uninstalls their third-party security software. But for me that still qualifies as Windows Defender is never turned off. I am just raising awareness here.  ;)
It's updated via Windows Update. Being updated doesn't mean that Defender is running.

I would put it a little differently, such as many users are unaware of the consequences of their actions with respect to technology, until they have a problem. But essentially, yeah.
There are so many users who insist that they are right for wanting to disable any and all kinds of protections, even once you explain the reasons why they should not, that it goes beyond people being unaware of the consequences.
The response to the Meltdown/Spectre bug was yet another example of this recently. I saw hundreds of people discussing it online, saying that they refuse to update because there might be an extremely minor performance hit. (consumer workloads tend not to be affected much)

I think you could just say, "Do you have a problem with antivirus software?"  ;)
Jim, I understand that third-party antivirus programs are notorious for causing problems with Media Center, but your advice should be to direct users towards Windows Defender rather than being entirely against all anti-virus software.
It's third-party anti-virus software that causes problems. The worst I've seen Windows Defender do is increase CPU usage because it's scanning files as Media Center is accessing them.

And that giant topic on here the other day about "taming Windows Defender [anti-virus]" is not providing users with helpful advice.
As discussed in that topic, the recommendations were excessive and far more permissive than they need to be. You can exclude Media Center from being scanned by Defender Anti-Virus with two rules, not the 20+ recommended there.
 
I don't care if technically the Defender Firewall can be turned off via Windows Policies.
[...]
The message is simple: In Windows 10 today, if you see any issues, assume that Windows Defender is always running.
You're clearly pushing an agenda here, rather than handing out advice.
What you've said in this topic really amounts to: 'I thought Norton 360 had disabled Windows Defender Firewall, but it was still running.'
When presented with instructions for disabling it, your response is 'I don't care, it's still running!'
Logged

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #17 on: February 05, 2018, 10:33:48 pm »

You're clearly pushing an agenda here, rather than handing out advice.

I'm not pushing any agenda, other than trying to raise awareness of what Microsoft and Defender are doing, despite users believing it is disabled. That is only because I once again saw the evidence, and it reminded me of how many threads I had seen where people claimed Defender was off, and couldn't be the issue. But it was. Usually the Firewall. It is rather frustrating that people won't try looking into issues with their security because "they have it all under control", only to take a look on the tenth request and either disappear without comment or say, "Oh yeah. I've fixed it now" as if they never heard the advice.

But I hear what you are saying, that the Windows Defender Suite is now a good solution, does a great job, and is reliable. Fine. Is that an agenda? Defender and Windows Firewall certainly did not use to be a good solution, so I am taking a bit to convince.



What you've said in this topic really amounts to: 'I thought Norton 360 had disabled Windows Defender Firewall, but it was still running.'

More;
"I use Norton 360 and I don't expect Defender to still require my attention and the setting of rules for my applications to work."

Or;
"There is a gap in the Microsoft implementation of support for third-party Security Suites that can allow Windows Defender components to take action even though they have not been set up to act as the active Security Suite."

No doubt when Microsoft made it impossible for Norton to start first before other applications, the compromise was that Defender Firewall would run until Norton 360 was allowed to run and asserted itself as the security software on my PC. Based on the logic used here, that Defender runs until a third party App asserts control, I have to assume that Defender Antivirus also runs for a short period at boot time. What if Defender Antivirus decided in that short time that Media Server contained a virus and either quarantined or deleted it? That could certainly happen and may have happened to some users recently when the MC Digital Signatures changed recently. There were a few comments about MC not working or installing fully after the upgrade to MC23, but then magically working after MC was installed a second time. That sounds like a security software issue, where a component was prevented from installing, or removed on reboot.

BTW, that is probably why it is a good idea to set exclusions in Defender Antivirus; because it will run briefly before any other security suite, and in that time it may take some unwanted action. I agree with you that the thread on Defender went too far, and a couple of simple exclusions would be enough. I recommended three myself, with a couple of options, and those were just for the Firewall. Really, no exclusions should be required. In Norton 360 the only Antivirus exclusion I have is for "\System Volume Information\", and that was added automatically.

Plus it is not just the Firewall and Antivirus I am talking about. It appears to me that even with Windows Defender Firewall turned off, Windows Defender SmartScreen is still active. I just turned off all three Windows Defender Firewall Profiles using the "Windows Defender Firewall with Advanced Security" Management Console, confirmed that in the "Windows Defender Security Center" and then made changes to the Windows Defender SmartScreen settings. It all still seemed active.

When presented with instructions for disabling it, your response is 'I don't care, it's still running!'

Well, because of the change I mentioned above about the timing of starting Norton 360, turning off Defender Firewall could actually have consequences if my boot sector was ever compromised, for example. So I don't really care if it is still running. More security is better, as long as it doesn't have significant downsides.

But I am telling users that it is still running, even if they use a third party Security Suite, even if it only runs for a short time at boot time, so consider that when you see issues with MC. That is all.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

flac.rules

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1268
Re: So you think Windows Defender is turned off? Wrong!
« Reply #18 on: February 06, 2018, 01:11:39 am »

It's updated via Windows Update. Being updated doesn't mean that Defender is running.
There are so many users who insist that they are right for wanting to disable any and all kinds of protections, even once you explain the reasons why they should not, that it goes beyond people being unaware of the consequences.
The response to the Meltdown/Spectre bug was yet another example of this recently. I saw hundreds of people discussing it online, saying that they refuse to update because there might be an extremely minor performance hit. (consumer workloads tend not to be affected much)
Jim, I understand that third-party antivirus programs are notorious for causing problems with Media Center, but your advice should be to direct users towards Windows Defender rather than being entirely against all anti-virus software.
It's third-party anti-virus software that causes problems. The worst I've seen Windows Defender do is increase CPU usage because it's scanning files as Media Center is accessing them.

You mean the update with fixed a security hole  that seems to be not very relevant for the regular user, that screwed up a lot of machines, and that even intel recommends you wait with installing? Doesn't seem like the best example.

The worst you have seen it do maybe, a lot of people has seen worse.

I am so tired of the "we know better than you" attitude MS has in win10. They often don't, and even if they do, so what? Let people do stupid stuff if they insist. I think more people would run windows defender if they actually let you turn off the real time scan, without turning it on again, against the will of the user. Stuff like this has its cost as well, countless hours of work has been lost due to MS policies.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Re: So you think Windows Defender is turned off? Wrong!
« Reply #19 on: February 06, 2018, 07:58:33 am »

Jim, I understand that third-party antivirus programs are notorious for causing problems with Media Center, but your advice should be to direct users towards Windows Defender rather than being entirely against all anti-virus software.
It's third-party anti-virus software that causes problems. The worst I've seen Windows Defender do is increase CPU usage because it's scanning files as Media Center is accessing them.
I'm not against antivirus software.  I am against the many problems they cause.  None are completely innocent.

I ask people to uninstall their AV if I think it might be another AV problem they're reporting.  Uninstalling it is a very fast way to rule out AV as the source.

I wish I could better diagnose these kinds of problems, but when we start to see things like the program freezing on exit, I need to be able to rule out AV.
Logged

RD James

  • Citizen of the Universe
  • *****
  • Posts: 1871
Re: So you think Windows Defender is turned off? Wrong!
« Reply #20 on: February 06, 2018, 09:46:40 am »

You mean the update with fixed a security hole  that seems to be not very relevant for the regular user, that screwed up a lot of machines, and that even intel recommends you wait with installing? Doesn't seem like the best example.
You're confusing separate issues.
Meltdown is a significant problem which allows any program running on your PC - which includes things like Javascript running in a web browser - to read the entire contents of memory.
So you could visit a website running a malicious advert, and it could read the contents of your system's memory - which includes things like passwords stored in the browser's password manager or login credentials to any of the sites you have open; e.g. a banking site.
 
The Spectre fix, which required BIOS updates containing new microcode updates from Intel, is bad.
Intel pushed out bad code that had not been properly tested, and it's causing stability issues for older processors.
The good news is that Spectre is not currently a major concern for consumers like Meltdown was - not right now at least - but is still a potential risk for people using cloud-hosted services on shared machines.
 
Additionally, Microsoft's update could cause boot issues on older AMD processors using certain motherboards. That has since been fixed.

I am so tired of the "we know better than you" attitude MS has in win10. They often don't, and even if they do, so what? Let people do stupid stuff if they insist. I think more people would run windows defender if they actually let you turn off the real time scan, without turning it on again, against the will of the user. Stuff like this has its cost as well, countless hours of work has been lost due to MS policies.
For the people who actually have a reason to disable these features, you can do so via the Group Policy Editor/registry.
Anyone who has to be told how to do these things via an online forum is not one of those people, and it's very bad advice to be giving out.
Logged

flac.rules

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1268
Re: So you think Windows Defender is turned off? Wrong!
« Reply #21 on: February 06, 2018, 11:51:43 am »

You're confusing separate issues.
Meltdown is a significant problem which allows any program running on your PC - which includes things like Javascript running in a web browser - to read the entire contents of memory.
So you could visit a website running a malicious advert, and it could read the contents of your system's memory - which includes things like passwords stored in the browser's password manager or login credentials to any of the sites you have open; e.g. a banking site.
 
The Spectre fix, which required BIOS updates containing new microcode updates from Intel, is bad.
Intel pushed out bad code that had not been properly tested, and it's causing stability issues for older processors.
The good news is that Spectre is not currently a major concern for consumers like Meltdown was - not right now at least - but is still a potential risk for people using cloud-hosted services on shared machines.
 
Additionally, Microsoft's update could cause boot issues on older AMD processors using certain motherboards. That has since been fixed.
For the people who actually have a reason to disable these features, you can do so via the Group Policy Editor/registry.
Anyone who has to be told how to do these things via an online forum is not one of those people, and it's very bad advice to be giving out.

Am i? What separate issues am i confusing? Spectre and meltdown? You mentioned both. Its a great example of how waiting with the update probably was the best choice.

Yeah, if MS actually respected the changes you do in gpedit in a meaningful way, instead of changing it with feature updates, or you have to turn it off several places in a non-intuitive way. And that is if you have the pro version. MS is acting arrogant, and I don't understand why so many people support this arrogance, let people do it if they want, and they can take the consequences, instead of somebody insisting they know better.
Logged

millst

  • Galactic Citizen
  • ****
  • Posts: 256
Re: So you think Windows Defender is turned off? Wrong!
« Reply #22 on: February 07, 2018, 11:07:27 am »

Although, I agree MS is being heavy handed...it's not as simple as let stupid people be stupid, because these things don't just impact the stupid people e.g. some botnet taking down half the Internet

-tm
Logged

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #23 on: July 15, 2019, 07:04:19 pm »

An update. Windows 10 version 1803 (OS Build 17134.885)

I have been tracking down an issue with Apps not connecting to a MC Server on my Workstation from my Android phone since yesterday. I won't go into details here, other than to say that I am still using Norton (Internet Security now) Firewall and Antivirus.

One of the things I noticed was that Norton had a Firewall rule allowing Windows Defender Smartscreen access. So I blocked that, because Defender is turned off in my PC, and Norton handles all that, right? See first image.

I then tried to install the latest version of MC and received the message shown in the second image. Windows Defender Smartscreen can't access the internet, because I have blocked it.

Windows Defender is never off.

Even after the PC has booted and been running for some time, components of it are still running.
Yes, you can turn off Windows Defender Smartscreen separately to the Firewall and Antivirus functions.
Using a third-party security solution should be easier than this.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10968
Re: So you think Windows Defender is turned off? Wrong!
« Reply #24 on: July 16, 2019, 03:44:56 am »

There are a dozen things under the "Windows Defender" brand, really. Smart Screen is really a stand-alone thing that validates unknown executables when you run them, its not directly related to the Windows Defender Antivirus, other then in name.

You can turn off smart screen, but it has a seperate option from Windows Defender.
Logged
~ nevcairiel
~ Author of LAV Filters

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #25 on: July 16, 2019, 05:21:10 pm »

Yeah I know. I have turned it off for now.

I am just annoyed as on Monday my phone connection to one of my MC Servers stopped working, in the middle of the day, after using it with multiple Apps and Panel. Worked one moment. Wouldn't connect the next. It was looking like Windows Defender Firewall was the culprit, operating under Norton Firewall. But now I'm not so sure. I'm still trying to find the cause, when I have time. I may document that when I resolve it. Or perhaps to get help. Not here.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: So you think Windows Defender is turned off? Wrong!
« Reply #26 on: June 28, 2020, 07:03:24 pm »

So I had turned off Smart Screen. It seems that the Microsoft Edge upgrade, or something else, decided it needed to be turned on again. Sigh.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner
Pages: [1]   Go Up