Jump to content

Malware can no longer disable MS Defender via the Registry


Recommended Posts

According to this from Bleeping Computer, malware can no longer disable third-party security software via the registry.  Will this apply to Malwarebytes if I have the option set to not register Malwarebytes in the Windows Security Center?

https://www.bleepingcomputer.com/news/microsoft/malware-can-no-longer-disable-microsoft-defender-via-the-registry/

Thanks,
Bill

image1.jpg

Edited by BillH99999
Link to post
Share on other sites

14 minutes ago, BillH99999 said:

Will this apply to Malwarebytes if I have the option set to not register Malwarebytes in the Windows Security Center?

When set to NOT register you are keeping Defender active.

When set to register it will turn Defender off.

Quote

This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected."

 

Link to post
Share on other sites

I should have specified that I have Norton 360 installed so Defender is already off.  I run Malwarebytes in addition to Defender.  Based on other posts I've read, I turned off the settings to register in Security Center.

I was really just wondering if what Bleeping Computer says will apply to Malwarebytes if we do have Register in Security Center turned off.

Thanks
Bill

Link to post
Share on other sites

I think we have a disconnect here somewhere.  The article is about Microsoft making a change so that malware can no longer disable third party anti-malware programs by making a change in the registry.  I was hoping this meant that Malwarebytes could no longer be turned off by malware in that fashion.  I was just concerned that maybe by not registering in Security Center this might cause some kind of problem.  From reading the article, I didn't think it would, but was just checking to make sure.

Bill

Link to post
Share on other sites

  • Staff
4 hours ago, BillH99999 said:

Yes, I do have that turned on.  I also have user access turned on for shutting down MB or any protections.

Even if you didn't, anyone trying to disable any protections or to exit Malwarebytes would have to get past a UAC prompt to do so; something that malware cannot typically do (this is why most threats run in user mode rather than admin/system mode these days in modern Windows, because otherwise the user could easily thwart the attack by not authorizing the UAC prompt so instead the bad guys avoid UAC altogether by writing to common user locations and the HKCU registry key/hive).

Link to post
Share on other sites

  • Staff
22 minutes ago, BillH99999 said:

That's a good thing! 🙂

Yes, it is.  The first time I learned of exploits deliberately refusing to even try to execute/infect systems after detecting the presence of Malwarebytes, I laughed in triumph.  Many of our customers are unknowingly protected from many threats just by having Malwarebytes present on their systems (the bad guys that know their wares will be blocked and don't want to risk their malicious payloads quickly falling into the hands of Malwarebytes' Researchers will avoid trying to launch what they know will be an unsuccessful attack against well protected systems).  It works in a similar way to the passive protection provided by some anti-exploit tools, such as planting traces and drivers on the system that make it appear to be a VM (even though it is a live box) to thwart VM-aware malware that refuses to launch in a virtual machine (again, to avoid getting caught by threat researchers, as malware hunters often use VMs in their efforts to deliberately infect systems for capturing and analyzing new malware samples).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.