Jump to content

Malware can no longer disable MS Defender via the Registry


Recommended Posts

According to this from Bleeping Computer, malware can no longer disable third-party security software via the registry.  Will this apply to Malwarebytes if I have the option set to not register Malwarebytes in the Windows Security Center?

https://www.bleepingcomputer.com/news/microsoft/malware-can-no-longer-disable-microsoft-defender-via-the-registry/

Thanks,
Bill

image1.jpg

Edited by BillH99999
Link to post
Share on other sites
14 minutes ago, BillH99999 said:

Will this apply to Malwarebytes if I have the option set to not register Malwarebytes in the Windows Security Center?

When set to NOT register you are keeping Defender active.

When set to register it will turn Defender off.

Quote

This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected."

 

Link to post
Share on other sites

I should have specified that I have Norton 360 installed so Defender is already off.  I run Malwarebytes in addition to Defender.  Based on other posts I've read, I turned off the settings to register in Security Center.

I was really just wondering if what Bleeping Computer says will apply to Malwarebytes if we do have Register in Security Center turned off.

Thanks
Bill

Link to post
Share on other sites

All major 3rd party AV programs will still have the ability to turn off Defender when installed. And when uninstalled and if everything works like it is supposed to Defender will reactivate. No change there.

Edited by Porthos
Link to post
Share on other sites

I think we have a disconnect here somewhere.  The article is about Microsoft making a change so that malware can no longer disable third party anti-malware programs by making a change in the registry.  I was hoping this meant that Malwarebytes could no longer be turned off by malware in that fashion.  I was just concerned that maybe by not registering in Security Center this might cause some kind of problem.  From reading the article, I didn't think it would, but was just checking to make sure.

Bill

Link to post
Share on other sites
1 hour ago, BillH99999 said:

I was hoping this meant that Malwarebytes could no longer be turned off by malware in that fashion. 

Malwarebytes has its own self protection feature.

Link to post
Share on other sites

Yes, I do have that turned on.  I also have user access turned on for shutting down MB or any protections.

I'm sure that is good enough.  Just curious on the Microsoft change.

Bill

Link to post
Share on other sites
4 hours ago, BillH99999 said:

Yes, I do have that turned on.  I also have user access turned on for shutting down MB or any protections.

Even if you didn't, anyone trying to disable any protections or to exit Malwarebytes would have to get past a UAC prompt to do so; something that malware cannot typically do (this is why most threats run in user mode rather than admin/system mode these days in modern Windows, because otherwise the user could easily thwart the attack by not authorizing the UAC prompt so instead the bad guys avoid UAC altogether by writing to common user locations and the HKCU registry key/hive).

Link to post
Share on other sites

You're welcome :)

It's very tricky for the bad guys to terminate Malwarebytes these days, so more often than not they just don't try.  Instead, they hope that either their malware won't be detected, or they hope the user won't have software like Malwarebytes protecting their system.

Link to post
Share on other sites
22 minutes ago, BillH99999 said:

That's a good thing! 🙂

Yes, it is.  The first time I learned of exploits deliberately refusing to even try to execute/infect systems after detecting the presence of Malwarebytes, I laughed in triumph.  Many of our customers are unknowingly protected from many threats just by having Malwarebytes present on their systems (the bad guys that know their wares will be blocked and don't want to risk their malicious payloads quickly falling into the hands of Malwarebytes' Researchers will avoid trying to launch what they know will be an unsuccessful attack against well protected systems).  It works in a similar way to the passive protection provided by some anti-exploit tools, such as planting traces and drivers on the system that make it appear to be a VM (even though it is a live box) to thwart VM-aware malware that refuses to launch in a virtual machine (again, to avoid getting caught by threat researchers, as malware hunters often use VMs in their efforts to deliberately infect systems for capturing and analyzing new malware samples).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.