• by Angostura on 7/2/2024, 5:47:33 AM

    A note to the author: if you are going to include “ EDR and EPP” in the intro, please spell them out on first use

  • by FrostKiwi on 7/2/2024, 5:56:17 AM

    Great deep dive! Always wondered about the details around this topic.

    Did a bit of red teaming around the topic of reverse shells and privilege escalation and was pleasantly surprised, how much Windows Defender catches. Our IT Department recently switched away from a paid McAfee service doing end point security, which failed to detect unauthorized access in many instances.

    Also, I totally read the intro as "addressing the ERP use-case"

  • by vegadw on 7/3/2024, 1:12:54 PM

    I wish that on a positive find Defender had a "for the nerds" section that says what exactly was found. Was there a URL Regex match, like this article gives an example for? Tell me that. I get enough false positives that I want to be able to vet them myself, but that's hard to do without just trusting the source if all get is a "This has been quarantined" without telling me why beyond a broad class of types of malware.

  • by RachelF on 7/2/2024, 11:58:38 PM

    Nice big attack surface there. I wonder what's to stop someone modifying the vdx virus definition files to include something like Edge.exe or Explorer.exe?

  • by banish-m4 on 7/2/2024, 7:06:05 PM

    MDE plan 2 had problems where MS was pushing out under-tested signatures. One time, they pushed out defs that deleted all menu shortcuts for some users, leading them to believe all of their software had been uninstalled.

  • by InDubioProRubio on 7/2/2024, 12:20:19 PM

    Thaught it would mention at least the slow-down bug, that slows some systems to a crawl as soon as defender scans some folders.