Windows Defender has removed the ability to download files

Microsoft has removed the ability to download files through Windows Defender after it turned out how it could be used by intruders to download malware to a computer.

Last week, we reported that Microsoft quietly added the ability to download files through Windows Defender for some unknown reason.

When this was discovered, the cyber security community expressed concern that Microsoft would allow Defender to be used by attackers as LOLBIN.

LOLBINs, or living-off-the-land binaries, are legitimate operating system files that can be compromised for malicious purposes.

To download a file, users had to run a Microsoft Antimalware command line utility (MpCmdRun.exe) with the -DownloadFile command, as shown below.

MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]

In tests conducted by security researchers, I was able to download any files (even ransomware_, to their systems.

Windows Defender can quickly detect malware, but other security software will not detect the download made by Microsoft security application.

  Microsoft Defender: may download malware

With yesterday's release of the Windows Defender Antimalware Client in version 4.18.2009.2-0, it seems that Microsoft has changed the capabilities of MpCmdRun.exe.

Microsoft has virtually removed the ability to download files through the command line utility MpCmdRun.exe.

So if you try to download a file using MpCmdRun.exe you will encounter an error stating "CmdTool: Invalid command line argument."
Also the -DownloadFile command line setting has been removed from the help screen.

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

8 + 2 =  

Previous Story

Microsoft SecretManagement Preview 3

Next Story

Windows 10 October 2020 or 20H2 Release Preview