|
Post by alpha128 on May 11, 2017 10:40:16 GMT
Here's a nightmare scenario that came true. As Woody Leonhard explains: So problem solved, right? WRONG!You see, many third party anti-virus programs disable Microsoft's Windows Defender, making it impossible to download the critical patch. In my case, I'm running Avast! and Windows Defender hadn't been updated since September 2016. Thankfully, there's another article that explains how to re-enable Defender so you can install the patch: www.computerworld.com/article/3196124/windows-pcs/third-party-antivirus-programs-interfere-with-windows-defender-critical-patch.htmlSo the complete update procedure is: 1.) Edit the registry to allow Defender to run as described in the article 2.) Start the Defender service 3.) Run Defender 4.) Download updates 5.) Exit Defender 6.) Stop the Defender service 7.) Set the registry key back to its original value Not too bad once you know what to do.
|
|
|
Post by mslo79 on May 11, 2017 20:14:35 GMT
Yeah, i noticed that on a recent tech site i visit to. but it was patched recently through Windows Update this past Tuesday.
personally one reason i like Windows Defender over other anti-virus programs is it's more transparent so it does not interfere with things and is light on resources etc as i figure that paired with something like Voodooshield/RansomFree (both free and light on resources) i should be able to keep my chances of any serious virus infection to a minimum. so while other anti-virus programs might have better virus detection rates than Windows Defender (i have not looked but i imagine that's the case) i should be fine especially given Voodooshield pretty much blocks everything from running that you did not specifically allow as it's pretty much my primary wall of defense against viruses etc.
but yeah, as you already know, it's pretty standard for Windows Defender to be disabled if your running other anti-virus programs as i heard it's a bad idea to two two anti-virus programs at the same time. but the two programs i mentioned above (Voodooshield/RansomFree) don't mess with your anti-virus as Voodooshield is pretty much a anti-executable program(it just assumes everything you did not allow is bad and blocks it automatically. i typically disable Voodooshield during Windows Updates just to help ensure it does not interfere with anything Windows is installing etc) and RansomFree is specifically designed to block Ransomware (which getting hit with any ransomware would be much worse then your typical virus infection since you will pretty much lose all of your files on hard drives etc connected to the computer.) which i imagine a lot of typical anti-virus programs won't be as good at specifically blocking ransomware like RansomFree is since RansomFree does not rely on definition updates to detect ransomware but instead detects ransomware based on how it infects systems in general as they claim it can block all or nearly all types of ransomware. even if RansomFree only blocked say 95% of ransomware that would still drastically lower your chances of a ransomware infection and that's assuming something managed to get by Voodooshield which is quite unlikely.
but anyways, back to the Windows Defender critical patch thing... i have not looked into the details but can someone be infected if Windows Defender is disabled? ; because if they cannot be infected then they don't have much to worry about especially because lets say they got a alternative anti-virus installed, which means Windows Defender is disabled currently, and decide say a few months from now to go back to Windows Defender by uninstalling your current anti-virus program and at that point Windows Updates will eventually load the update so that flaw is patched automatically.
|
|
|
Post by alpha128 on May 11, 2017 23:16:39 GMT
back to the Windows Defender critical patch thing... i have not looked into the details but can someone be infected if Windows Defender is disabled? ; because if they cannot be infected then they don't have much to worry about especially because lets say they got a alternative anti-virus installed, which means Windows Defender is disabled currently, and decide say a few months from now to go back to Windows Defender by uninstalling your current anti-virus program and at that point Windows Updates will eventually load the update so that flaw is patched automatically. There was some discussion about that on the AskWoody Lounge, but no clear answer. I approached this like the city of Hanover where, earlier this week, 50,000 Evacuated In Germany To Defuse World War II Bombs. Just like Hanover, I did not want to run the risk of having an "undefused bomb" sitting around.
|
|
|
Post by mslo79 on May 12, 2017 0:53:31 GMT
alpha128I see. so you tend to play the more cautious/extra safe approach. but i can't blame you as once it's patched then we ain't got to even worry about whether it can be exploited or not if it's disabled. but just just hope it can't be exploited if it's disabled otherwise there will be a fair portion of the public vulnerable. p.s. but damn, that would suck finding bombs still active and having to evacuate more than a half mile radius to play it safe for them to be defused and even said in the article with time they become more dangerous as components break down within them. but just just hope being they did not detonate back in the day in WW2 when they were dropped that they won't go off as that could be a disaster if stuff like that is capable of taking out up to a half mile radius or so.
|
|
|
Post by alpha128 on May 12, 2017 1:33:12 GMT
I see. so you tend to play the more cautious/extra safe approach. but i can't blame you as once it's patched then we ain't got to even worry about whether it can be exploited or not if it's disabled. but just just hope it can't be exploited if it's disabled otherwise there will be a fair portion of the public vulnerable. In this case the vulnerability was described as "the worst Windows remote code exec in recent memory… crazy bad." So yes, I played it extra safe.
|
|
|
Post by alpha128 on Jun 27, 2017 2:29:09 GMT
|
|
Grayovac
New Member
@grayovac
Posts: 4
Likes: 1
|
Post by Grayovac on Jun 27, 2017 15:40:10 GMT
I'm still running Avast v11 (the program version is from 2015, but the virus definitions are up-to-date), and I was able to manually update Windows Defender (WD) without having to do a registry edit. However, until I did this, WD was woefully out-of-date (by several years!). So I'm not sure if Avast is to blame for that problem, or if I need to check other settings, but at least I was able to update WD today with no hassle.
|
|
|
Post by mslo79 on Jun 28, 2017 0:14:08 GMT
I'm still running Avast v11 (the program version is from 2015, but the virus definitions are up-to-date), and I was able to manually update Windows Defender (WD) without having to do a registry edit. However, until I did this, WD was woefully out-of-date (by several years!). So I'm not sure if Avast is to blame for that problem, or if I need to check other settings, but at least I was able to update WD today with no hassle. In general it's not a good idea to run two anti-virus programs like that at once. my advice... either run Windows Defender or something else. personally i like Windows Defender as it's decent enough and what's nice about it is it's light on resources and does not interfere with things like other anti-virus programs might. i run Windows Defender in combination with Voodooshield (basically a anti-executable program) and RansomFree (strictly blocks Ransomware as it does not look for specific strains of Ransomware but blocks Ransomware based on the way it behaves which they say it basically blocks all Ransomware(or next to everything)).
|
|
|
Post by alpha128 on Jun 28, 2017 1:01:40 GMT
I'm still running Avast v11 (the program version is from 2015, but the virus definitions are up-to-date), and I was able to manually update Windows Defender (WD) without having to do a registry edit. However, until I did this, WD was woefully out-of-date (by several years!). So I'm not sure if Avast is to blame for that problem, or if I need to check other settings, but at least I was able to update WD today with no hassle. The latest version of Avast is 17.4.2294 (build 17.4.3282.0). At some point Avast decided to disable Windows Defender on machines running Avast, not sure if that's what happened in your case.
|
|
|
Post by alpha128 on Apr 5, 2018 23:31:24 GMT
|
|
|
Post by mslo79 on Apr 6, 2018 8:53:16 GMT
SIDE NOTE: I no longer bother with RansomFree or Voodooshield as Windows 10's built in 'controlled folder access' tend to be 'good enough' protection from ransomware and while Voodooshield can still have some benefits I just prefer the less stuff running on my PC mindset in general as less likely for something to act up and I am pretty careful on what I run on my PC anyways. so short of something being able to infect your computer by just visiting a website (or the like) chances are I won't get infected. but anyways to get back to the topic... Looks like it's already in the newest Windows 10 (build 17133.1) as I just checked mine and it's "Engine Version: 1.1.14700.5"...
|
|
|
Post by alpha128 on Apr 6, 2018 11:21:57 GMT
I just checked mine and it's "Engine Version: 1.1.14700.5" Windows Defender is normally disabled on my Windows 7 system. I turn it on and update it only when events like this happen. I updated my Windows Defender on April 4th, the same day as Woody's blog entry, and ended up downloading the vulnerable version. I tried again last night, and that time I got version 1.1.14700.5.
|
|
|
Post by mslo79 on Apr 6, 2018 15:48:56 GMT
alpha128since it appears your running another anti-virus besides the built-in Windows Defender... if your going to do that, it would probably be a good idea, if your not already doing it, to temporarily disable your current anti-virus real time protection then enable Windows Defender, update it, then disable it again and then re-enable your real time protection in your current anti-virus. even on Woody's website, he said... "In theory, you should be receiving the new version today or tomorrow." ; so apparently you got the 'tomorrow' option I know that quote was from June 2017 but ill just make some quick comments... I am sure it's typical for Windows Defender to get disabled when you install another Anti-virus program. in fact, I am pretty sure that's what you want to have happen because from what I have heard it's generally a bad idea to run two anti-virus programs (like ones that actively detect viruses etc as you use your computer) at the same time as it can cause conflicts etc. but lets say you uninstall your other anti-virus program, Windows Defender should be re-enabled automatically I think.
|
|
|
Post by alpha128 on Apr 6, 2018 22:24:42 GMT
@m-slovak79
I still run Avast! as my antivirus. Windows Defender was enabled just long enough for me to get the updates. As soon as that was done, I closed the Defender program, stopped the Defender service, and then disabled it again via the Windows registry.
|
|