Microsoft because it does not allow Defender to be disabled

As we mentioned in previous publication Microsoft has removed the ability to disable Microsoft Defender from the Windows 10 Registry.

Since Windows Vista, users could completely disable Microsoft Defender and potentially any other software by using "Turn off Microsoft Defender Antivirus" in the group policy settings.

When the policy is enabled, a value is generated y “DisableAntiSpyware” and set to 1 under the key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\, as shown below.

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows Defender] "DisableAntiSpyware" = dword: 00000001

Once enabled, this key will disable "Microsoft Defender Antivirus and third-party antivirus software and applications."

At documentation of DisableAntiSpyware, Microsoft states that the DisableAntiSpyware value will be ignored and will not now for disabling anti-virus software.

Microsoft also states that if a user removes the installed antivirus solution, Windows Defender will automatically activate to protect him / her.

"Consumers can choose to run another AV solution, but for whatever reason disabled, Microsoft Defender AV will be reactivated to ensure that there is no protection gap for the user. ”

Why

Just as Windows administrators know about the group policy settings in DisableAntiSpyware, so do developers software.

Many malicious programs (TrickBot, Novter, Clop Ransomware, Ragnarok Ransomware, and AVCrypt Ransomware) have abused this policy to try to disable antivirus protection on Windows.

With the release of Windows 10 1903, Microsoft added a new feature called Tamper protection that prevents Windows Security and Microsoft Defender settings from being changed by programs, Windows command line tools, registry changes, or group policy changes.

So if malware added the DisableAntiSpyware value to the Registry and then restarted the computer, on reboot, Tamper Protection will remove the value.

So now that Microsoft Defender is completely ignoring the value of DisableAntiSpyware, Windows 10 users have much greater protection against threats trying to disable security software using this technique.

iGuRu.gr The Best Technology Site in Greecefgns

every post, directly to your

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).