Tips on increasing the defense and ability of Microsoft Defender
Details of my idea of the script:
2. Remove Temp, appdata temp (malware loves to hide in those places), manually specify the path of the malware (eg. 414.exe in appdata/roaming)
3.flushdns, route -f etc… to disconnect then connect to wifi and clear wifi cache
4. use set-mppreference to restore Windows Defender’s mppreferences to default or even higher security (like add ASR rules, or cloudblocklevel 6), to remove the exclusions the malware added, also use Powershell to edit group policy and registry since the malware already changed them
5. Remove windows features the user won’t use
6. see what can be done for Schedule task, and services in the script
7. Start a full scan
8. Possibly install Malwarebytes to scan then uninstall it after finishing, as some unthinkable damage may still be done to Microsoft Defender
9. use sfc /scannow, DISM restore health, chkdsk to restore system files deleted or infected by the malware
10. Microsoft Defender Offline Scan
Possible things to discuss:
What other things a malware would do to Windows Defender?
Where malware like to hide?
I don’t like but you may give suggestions like “adding admin password”, but its annoying and user has his freedom to download anything he wants, also if he is determined to install the software it doesn’t really help. Hope the discussion focus more on “what to do after Windows is Infected, and what the malware can do)
Feel free to give any ideas you can think of!
Link removed by moderator