Błąd w Microsoft Defender pozwala na pobieranie malware

[ichito]

Interesująca dyskusja w tym temacie jest na MT i stamtąd dwie wypowiedzi Andy'ego

  #19

Bryan320 said:
    Thank you for this post i will be visiting family members homes to install another solution till this is fixed.

You will waste your time and bloat the system by installing & reinstalling security solutions.

    There are already several LOLBins in the system that can do the same and are used by malc0ders for a long time. So this new one does not increase the danger for the home users. It can be less visible in incidents available in enterprise solutions.
    This LOLBin will work with any AV as well (similarly to most LOLBins) - it does not require WD enabled.
    WD will be probably the first to secure this by Machine Learning (locally or in the cloud). It is easy because it is known what kind of file should be downloaded (WD update).

You should rather think about how to prevent/mitigate other popular LOLBins.

[Aby zobaczyć linki, zarejestruj się tutaj]

Yesterday at 3:19 PM
    #21

SearchLight said:
    In other words, should we be concerned about this "vulnerability" in WD if we are using ConfigDef at HIGH?

    And just add VS to close all the "holes" in WD?

It is not "vulnerability" in WD, but rather "vulnerability" in Windows - it will work with any AV installed. It does not also decrease the protection of ConfigureDefender HIGH settings. The number of malware that can download something via LOLBins from the remote location will not be much greater. It is as true as introducing the new kind of expensive vodka does not increase the number of drinkers (some drinkers will stop drinking the Polish vodka and start drinking MpCmdRun vodka).
Using VS will add some protection to this setup, just like without MpCmdRun.

[Aby zobaczyć linki, zarejestruj się tutaj]