General discussion

  • Creator
    Topic
  • #3955713

    Tips on increasing the defense and ability of Microsoft Defender

    by kencom999 ·

    Details of my idea of the script:
    1. Taskkill

    2. Remove Temp, appdata temp (malware loves to hide in those places), manually specify the path of the malware (eg. 414.exe in appdata/roaming)

    3.flushdns, route -f etc… to disconnect then connect to wifi and clear wifi cache

    4. use set-mppreference to restore Windows Defender’s mppreferences to default or even higher security (like add ASR rules, or cloudblocklevel 6), to remove the exclusions the malware added, also use Powershell to edit group policy and registry since the malware already changed them

    5. Remove windows features the user won’t use

    6. see what can be done for Schedule task, and services in the script

    7. Start a full scan

    8. Possibly install Malwarebytes to scan then uninstall it after finishing, as some unthinkable damage may still be done to Microsoft Defender

    9. use sfc /scannow, DISM restore health, chkdsk to restore system files deleted or infected by the malware

    10. Microsoft Defender Offline Scan

    Possible things to discuss:
    What other things a malware would do to Windows Defender?
    Where malware like to hide?

    I don’t like but you may give suggestions like “adding admin password”, but its annoying and user has his freedom to download anything he wants, also if he is determined to install the software it doesn’t really help. Hope the discussion focus more on “what to do after Windows is Infected, and what the malware can do)

    Feel free to give any ideas you can think of!

    Link removed by moderator

    • This topic was modified 2 years, 3 months ago by Avatar photobirdmantd.

You are posting a reply to: Tips on increasing the defense and ability of Microsoft Defender

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Comments

Viewing 0 reply threads