Microsoft quietly made at least two changes aimed at Windows
Defender, which is the default antivirus tool on Windows 10.
Recently, it was discovered that
Microsoft is no longer allowing consumers to disable Windows
Defender antivirus tool via the Windows Registry. Microsoft
originally remained tight-lighted on the changes made to
Windows 10’s antivirus tool, but the company has now shared
more details on the whole controversy.
Previously, users have been able to disable native security
service on Windows 10 by either editing Registry or Group
Policy. This changed when Microsoft shipped August 2020
security update version 4.18.2007.8 to retire
“DisableAntiSpyware” Registry value that allowed users to
permanently disable Windows Defender.
Microsoft says the setting has been “discontinued and will be
ignored on client devices,” but there are at least two valid
reasons behind this move, according to a new support document.
The software giant says it has retired the popular
DisableAntiSpyware value because it no longer makes any sense
in the latest version of Defender.
Windows Defender is already designed to turn off automatically
whenever users try to install another antivirus product, so it
doesn’t really make sense to disable Windows 10’s built-in
protection tool manually, according to Microsoft.
“The impact of the DisableAntiSpyware removal is limited to
Windows 10 versions prior to 1903 using Microsoft Defender
Antivirus. This change does not impact third party antivirus
connections to the Windows Security app. Those will still work
as expected,” Microsoft noted.
‘DisableAntiSpyware’ was originally designed only for IT pros
and admins to disable the antivirus engine whenever they need
to install their own security product.
Indirectly, Microsoft has also confirmed that the decision to
discontinue this Registry hack will ensure Tamper Protection is
as secure as possible.
Tamper Protection is a feature that basically prevents any
attempts to tweak Windows Defender’s default settings outside
your control. However, Tamper Protection could be bypassed by
some malware programs that are designed to abuse
“DisableAntiSpyware” in Registry Editor.
By retiring this Registry hack, Microsoft will also prevent
attackers from turning off Windows Defender or Tamper
Windows Defender can now download files (for real)
A report suggests
that Windows 10’s built-in antivirus software ‘Windows
Defender’ has been updated with a new feature that will allow
anyone to download files from the internet.
Windows Defender now comes with a new command-line feature
called “MpCmdRun.exe”, otherwise known as Microsoft Antimalware
Service Command Line Utility.
Apparently, Microsoft Antimalware Service Command Line Utility
integration in Windows Defender-powered command-line could be
used to download any file from the internet, including malware.
However, this is unlikely to be a major security flaw as files
are still checked by Windows Defender after you finish the
download using the command-line tool.