by Angostura on 7/2/2024, 5:47:33 AM
by FrostKiwi on 7/2/2024, 5:56:17 AM
Great deep dive! Always wondered about the details around this topic.
Did a bit of red teaming around the topic of reverse shells and privilege escalation and was pleasantly surprised, how much Windows Defender catches. Our IT Department recently switched away from a paid McAfee service doing end point security, which failed to detect unauthorized access in many instances.
Also, I totally read the intro as "addressing the ERP use-case"
by vegadw on 7/3/2024, 1:12:54 PM
I wish that on a positive find Defender had a "for the nerds" section that says what exactly was found. Was there a URL Regex match, like this article gives an example for? Tell me that. I get enough false positives that I want to be able to vet them myself, but that's hard to do without just trusting the source if all get is a "This has been quarantined" without telling me why beyond a broad class of types of malware.
by RachelF on 7/2/2024, 11:58:38 PM
Nice big attack surface there. I wonder what's to stop someone modifying the vdx virus definition files to include something like Edge.exe or Explorer.exe?
by banish-m4 on 7/2/2024, 7:06:05 PM
MDE plan 2 had problems where MS was pushing out under-tested signatures. One time, they pushed out defs that deleted all menu shortcuts for some users, leading them to believe all of their software had been uninstalled.
by InDubioProRubio on 7/2/2024, 12:20:19 PM
Thaught it would mention at least the slow-down bug, that slows some systems to a crawl as soon as defender scans some folders.
A note to the author: if you are going to include “ EDR and EPP” in the intro, please spell them out on first use