What the hell, windows defender?

[hat]

So, a while back I disabled windows defender via gpedit. Come to find out it's running again, and telling me my miner is a "severe" threat, despite still being disabled in gpedit. There's a few new entries related to windows defender in gpedit that didn't used to be there before. I'm guessing this happened during the big spring update. UAC keeps becoming re-enabled somehow, as well. For now I have a shitty registry key that's supposed to disable windows defender instead, hopefully it works.

Damn, Microsoft. They were pushing users to upgrade to 10 so hard, even resorting to plain trickery to get it on as many machines as possible. Now not only is it doing hardcore data mining in the background, but it's changing settings all on its own to whatever Microsoft wants. One step closer to pushing me to Ubuntu or something. I'd already be there if I didn't think it would be an arduous task learning how to computer all over again while simultaneously breaking a lot of games, which is mostly what I use this computer for...

Bill Gates needs to go back to Microsoft just so he can kick all the guys responsible for w10 squarely in the nuts. /rant

 

[Vayra86]

Well. I just ran into my first false positive with Windows Defender the other day. And the fun thing is: it doesn't tell you that it is one. It just doesn't do anything with the file. Had me looking for a while

So that's some minus points for MS here too

 

[micropage7]

sometimes update giving you more headache than before and yes defender at certain points is more annoying than other AV

 

[GreiverBlade]

no issues here ... i got some "not safe to run" pop up on soft i trust, but there was a an option to run it anyway, other than that, run smoothly and does not pester me much as did for example AVAST

 

[Old-Greg]

Just turn Defender off manually if you trust your AV suite. Simple.

 

[Bill_Bright]

No issues on the 6 systems here. None of my clients, family or neighbors have called me to complain of computer issues recently either (and they always do - especially my clients). And for the record, while most of my family and neighbors use WD, not all of my business clients do.

Also for the record, on my two main systems, including this one I am using now, I have lowered the UAC settings down from the defaults. I have never had any update change it back. So don't know what is happening with your system but if this were a widespread issue, it would be widely publicized/criticized too.

It's funny how the problem is always blamed on MS, and not the computer or the unexpected user modifications to the system.

Windows greatest "asset" is how customizable it is. Virtually each and every one of the 1.6 Billion Windows computers out there is unique, with each user customizing the UI, security, networking, installed programs and attached hardware from 1000s of different makers in millions of different configurations. And some how, MS is able support the vast majority all the time without any issues.

Windows greatest "liability" is how customizable it is.

Of course Microsoft wants everyone on W10. They are burning through 100s of millions of dollars supporting multiple, superseded and less secure operating systems when it would be much more efficient from any business perspective to be concentrating on just one.

Well. I just ran into my first false positive with Windows Defender the other day. And the fun thing is: it doesn't tell you that it is one.

What's funny is you thinking a program should know when, and then tell you it has incorrectly tagged a legitimate program/file as suspect!

 

[eidairaman1]

less secure operating system

Laughable at best.

 

[Old-Greg]

Of course Microsoft wants everyone on W10. They are burning through 100s of millions of dollars supporting multiple, superseded and less secure operating systems when it would be much more efficient from any business perspective to be concentrating on just one.

Is that you, Mr. Gates?

 

[rtwjunkie]

@Bill_Bright if you are running everything standard, you may not notice anything. But for the many people who customize, even just a few settings or features, W10 resetting those features or making something break every 6 months is a “thing.”

This endless every 6 month obsession by MS to install a new OS every 6 months is the culprit. We didn’t used to see it unless a service pack came out or we upgraded. But now each of these Named feature updates operate the same way, as a new OS install. This can and does mess with a lot of people’s settings and stability. These problems are fairly widespread and documented on forums around the internet.

I know you’re going to say they shouldn’t change settings or features, but people always have. Frequently though, it will be software that used to work now inexplicably not working. And let’s face it, even you mess with settings a little: you use Start 10, as I do, so you understand the need to tinker a little.

It is MS that seems to not understand anymore. Either that or the last couple of years they have replaced the great MS engineers of old with half-schooled wiz-kids who believe it’s no big deal to put out patches and 6 month updates that “just break shit”, “cuz hey, we can fix it later, no big deal.”

 

[Easo]

Laughable at best.

Enough, please. Windows 10 is the most secure Windows OS to date, just like 8.1 was before that, just like W7 was over Vista, etc., etc.

 

[Solaris17]

Just go into it and shut it off.

 

[rtwjunkie]

Enough, please. Windows 10 is the most secure Windows OS to date, just like 8.1 was before that, just like W7 was over Vista, etc., etc.

Very true. It may not be to everyone’s preference, but it is a lot more secure.

 

[Bill_Bright]

Laughable at best.

Yeah right. Any one suggesting older versions are more secure are laughably misinformed, at best.

Is that you, Mr. Gates?

Nope. Just some one with a little common business sense.

It is much easier and cheaper to operate from a one page menu where you can concentrate on creating the best few dishes possible with the freshest ingredients than it is from a menu of many pages.

@Bill_Bright if you are running everything standard, you may not notice anything. But for the many people who customize, even just a few settings or features, W10 resetting those features or making something break every 6 months is a “thing.”

A thing, yes. But not near as big a thing as many here make it out to be.

If the same few users keep having problems with the same few computers, and 100s of millions of users don't have problems, is that really a "big" thing? Sure, it is for those users and I fully understand that and appreciate their plight. But to then suggest W10 and all of Microsoft is "tricky", deceitful, always breaking, and a bunch of spying bums. No, that is not right.

I am more like you than different with my own systems. They all have modifications from the defaults - right off the bat, as you correctly noted, with Start10 installed on my two main systems.

I know you’re going to say they shouldn’t change settings or features, but people always have.

I agree. As I said, the ability to do that is Windows greatest asset. It is what propelled "Wintel" systems soaring above and beyond the proprietary and locked down Apple Macs.

It (with the ATX form factor standard) is also what allowed the home builder to pick and choose from just about any manufacturer (except Apple) parts and build a computer and ensure they will all be compatible. That's HUGE. And I am grateful for it fed and sheltered my family for years.

I also change my UAC settings. I hate and quickly disable Cortana. I have my clocks display seconds, and have more "tweaks". I think WinAeroTweaker is a great program - if used carefully.

Things I don't ever change however, is page file/virtual memory settings. Contrary to what some seem to believe, most users are not smarter than the developers at MS. I cannot say the same for their marketing people, or some of the executive decisions being made, but the developers really do know what they are doing. Especially when it comes to memory management. Too bad biases (which I admit may come from legitimate complaints about past products and questionable MS policies) are getting in the way of realities today.

 

[FordGT90Concept]

Installing major updates like the April update will reset pretty much all Windows features including Windows Defender.

 

[Vayra86]

What's funny is you thinking a program should know when, and then tell you it has incorrectly tagged a legitimate program/file as suspect!

The program should definitely tell me it is quarantining a file when I am explicitly saying 'COPY THIS HERE PLEASE'. That's not funny, its common sense, mister. Such common sense in fact that every antivirus in existence ever has done this for as long as I can remember. Windows Defender doesn't do anything. It just doesn't execute my orders. No feedback, no popup, no notification sound, no nothing. I am left in the dark, with an application that won't start.

And if you think about it, this example is what signifies Microsoft's way of working with Windows 10. They are starting to act all Apple on me and if there is anything I despise it is precisely that. Don't think FOR me. Think WITH me and when in doubt please DO ASK. What's happening now and what many people run into is Microsoft considering itself smarter than the user. And while they are (I remember you echoing my post a few days back along those lines), simply hiding functionality out of that arrogance is never a good thing. That's the Apple way. Apple literally tells its userbase every day 'here, click this icon and we will start telling you what's good for you, turn your brain off pls'

Its a real trend. And it started with Metro UI and Windows 8.

 

[Bill_Bright]

The program should definitely tell me it is quarantining a file when I am explicitly saying 'COPY THIS HERE PLEASE'.

Quarantining? That is not at all what you said before. You said,

It just doesn't do anything with the file.

What's happening now and what many people run into is Microsoft considering itself smarter than the user.

It is smarter. Unless you (speaking to the crowd) have years of formal programming training and even longer in formal hand professional experience, plus exabytes and decades of empirical data to draw upon, you are not smarter than Microsoft.

I do agree with your Apple analogy. And as a tinkerer and control freak myself, it does bother me too.

But as a technician with 40 plus years experience fixing computers, I can unequivocally state that, when it comes to modern versions of Windows, the vast majority of problems with the operating systems are self induced! But who gets the blame? Microsoft! Who gets the blame when bad guys perpetrate offenses on our systems? Not the bad guys! Microsoft does.

So Microsoft would much rather get bashed for making the system less flexible, then getting blamed for things that are not their fault. And from a technician's point of view, and from a business point of view (and I own my own IT consulting/custom PC business), I agree with Microsoft on this one.

 

[Vayra86]

Quarantining? That is not at all what you said before. You said,

It is smart. Unless you (speaking to the crowd) have years of formal programming training and even longer in formal hand professional experience, plus exabytes and decades of empirical data to draw upon, you are not smarter than Microsoft.

I do agree with your Apple analogy. And as a tinkerer and control freak myself, it does bother me too.

But as a technician with 40 plus years experience fixing computers, I can unequivocally state that, when it comes to modern versions of Windows, the vast majority of problems with the operating systems are self induced! But who gets the blame? Microsoft! Who gets the blame when bad guys perpetrate offenses on our systems? Not the bad guys! Microsoft does.

So Microsoft would much rather get bashed for making the system less flexible, then getting blamed for things that are not their fault. And from a technician's point of view, and from a business point of view (and I own my own IT consulting/custom PC business), I agree with Microsoft on this one.

We're on the same page then

 

[Bill_Bright]

For years, we have been used to having our way with Windows. And for a relatively few (IE; the more experienced), that was fine. But for the vast majority, they often dinked their systems to death (often on the advice of those relatively few), then blamed Microsoft.

It is human nature to be disappointed when something free, or some previous nicety is suddenly taken away. But when for the greater good it is a good thing.

I think it important for all us to understand that the market trend is for more and more computer users to migrate to handheld devices for all their computing needs. The days of the hands-on enthusiasts are nearly gone. They have been gone for a long time for me. I started back in the day when updating the BIOS required replacing the PROM with a new one from the motherboard factory. We then were pleased when we actually got to "flash" the BIOS using high intensity UV lights to blank out the old program, then you programmed in manually the new! Now you just run a little program and its done. I started back in the day when overclocking involved cutting circuit runs on motherboards (hoping you got the right one) and soldering in jumpers to change voltages. Now, you just run a little program and its done.

So I know it is a matter of perspective, but the days of total flexibility are over with Windows - and much of that blame must be put on the bad guys. If you want total flexibility, go Linux. If your favorite program does not run on Linux, don't blame Microsoft.

 

[R-T-B]

No issues on the 6 systems here. None of my clients, family or neighbors have called me to complain of computer issues recently either (and they always do - especially my clients). And for the record, while most of my family and neighbors use WD, not all of my business clients do.

Pretty sure none of them are miners who actively disable Defender/AV in general though Bill...

 

[John Naylor]

Well. I just ran into my first false positive with Windows Defender the other day. And the fun thing is: it doesn't tell you that it is one. It just doesn't do anything with the file. Had me looking for a while

So that's some minus points for MS here too

https://www.av-test.org/en/antiviru...-2017/microsoft-windows-defender-4.12-174847/

28 False Positives in last 2 tests

 

[hat]

Installing major updates like the April update will reset pretty much all Windows features including Windows Defender.

Correct. This leaves me wondering if the update superseded gpedit settings, because these updates tend to reset a bunch of shit, or if the update broke/ignored that gpedit setting because there was some change to Windows Defender which doesn't respect gpedit changes.

Pretty sure none of them are miners who actively disable Defender/AV in general though Bill...

Right. I'm a pretty careful user, and know how to avoid getting viruses. That's not to say I'm invulnerable or something unexpected might not happen sometime, but for me, it's more convenient to disable antivirus software than it is to have one running that constantly thinks my miner is a virus...

@Bill_Bright My problem with Microsoft is that I just want my computer to function the way I want it to. If I change settings, disable stuff, or even make changes Microsoft may think aren't particularly wise, such as disabling Defender, not using another antivirus software, and disabling UAC, I should be able to expect that it will function the same way tomorrow and 10 years from now, provided I don't make any changes myself.

 

[Bill_Bright]

Pretty sure none of them are miners who actively disable Defender/AV in general though Bill...

Miners? Pretty sure no one claimed their miner program was disabling Windows Defender.

The fact WD is tagging a miner program merely suggests the miner program is doing something in an unusual, thus suspicious way. Should WD know that particular miner program is legit? Probably. Do you expect WD (or any security program) to automatically know every single legitimate program out there - even every time they are updated? I don't.

BTW, are you reporting that miner program to Microsoft as legit? If not, then you are part of the problem.

If I change settings, disable stuff, or even make changes Microsoft may think aren't particularly wise, such as disabling Defender, not using another antivirus software, and disabling UAC, I should be able to expect that it will function the same way tomorrow and 10 years from now, provided I don't make any changes myself.

I agree with that. But it just does always work that way with computers in general.

My ISP sent out an update to my cable box/DVR. Suddenly all my scheduled programs had to be rescheduled. Half of my installed programs on this Windows computer I have to tell the installer I want it installed on D drive, not C. That's not Windows fault.

When there are major changes to a program, I can see where defaults may be reset.

As for UAC, as I said above, mine have never been changed back. Other changes I make stick.

As for enabling WD when you have disabled it AND you have no AV installed, I think MS is erring on the right side of that one - not you.

 

[therealmeep]

Never had an issue with defender tagging mining programs, been mining for a few years and used probably 10-12 different programs, none of them have been tagged by defender on win 7 or 10.

 

[hat]

Miners? Pretty sure no one claimed their miner program was disabling Windows Defender.

The fact WD is tagging a miner program merely suggests the miner program is doing something in an unusual, thus suspicious way. Should WD know that particular miner program is legit? Probably. Do you expect WD (or any security program) to automatically know every single legitimate program out there - even every time they are updated? I don't.

BTW, are you reporting that miner program to Microsoft as legit? If not, then you are part of the problem.

I agree with that. But it just does always work that way with computers in general.

My ISP sent out an update to my cable box/DVR. Suddenly all my scheduled programs had to be rescheduled. Half of my installed programs on this Windows computer I have to tell the installer I want it installed on D drive, not C. That's not Windows fault.

When there are major changes to a program, I can see where defaults may be reset.

As for UAC, as I said above, mine have never been changed back. Other changes I make stick.

As for enabling WD when you have disabled it AND you have no AV installed, I think MS is erring on the right side of that one - not you.

No, never claimed my miner disabled WD, nor did RTB suggest that. He was saying probably none of your machines have mining applications installed, and you have purposely disabled WD on them.

I wouldn't mind reporting my miner as a legit trusted program, but I've never heard of that before. That said, most, if not all, antivirus solutions are now treating all mining software in general as viruses, mostly due to their widespread illegitimate use as of late, such as ads or entire websites designed to siphon your computer's resources to mine for them in the background, without the user knowing. AV developers started to block mining programs because of that, but for those of us who use them in a legitimate way, it becomes a bit of a pain in the ass. But there it is again, works for the many, creates an issue for the few. This is a bit of a different situation than Windows just rolling over your own configuration, though...

As for your installer, I see no problem with that. Every program has a default location to be installed, and there's usually a way to change that. I have to tell Steam to install my games to D when I download a new game, because Steam itself resides on C, but most games go to D. That's fine. It happens once, goes where it's supposed to, and stays there. Now, if I told Steam to install 7 Days to Die to D, and then it goes there, and then a week later the game picks itself up and goes to C instead, then there might also be a threat titled "What the hell, Steam?".

As for UAC, I can't comment much on what happened there. It's one of the first things I do when setting up a fresh installation of Windows, because I don't want the UAC prompt coming up a million times per day because I decided to run ccleaner or something. I suspect it was changed when the spring update was installed, so I changed it back, and then it seemed to have reset itself again. It's off now, so we'll see what happens.

As for re-enabling WD when I have disabled it, and having no other AV installed... is Microsoft right for that? No. Is it generally a good idea to run a computer with no AV software? No, but then again, not to say I'm invulnerable, but I'm not your average user. More to the point, I specifically made a change in the group policy editor to disable it completely, and Microsoft still found a way to re-enable it. Bottom line is, regardless of what Microsoft thinks I should do, or what my settings should look like, it's my business what I do with my computer. If I don't want to run an AV software, that's my business, and Microsoft shouldn't be mucking around with my computer because they know better than I do. You can do a lot of things in life, with or without a computer, that may not be a good idea, but that doesn't give anybody the right to stop you or go around messing with your stuff. Maybe a little warning, but beyond that, no.

To that last point, at every reboot, Windows also nags me about also having Windows Firewall disabled. It's a little pop-up window in the bottom right that goes away whenever I click on the little x, and then it doesn't bother me again until I reboot again. That much, I'm fine with. If Microsoft also included a message in the same window about WD being disabled, I'd be okay with that too, moreso if there was a way to completely disable that pop-up (there may or may not be, I haven't looked), and moreso than that if it was made immediately obvious, such as a check box for a "don't show me this again" option. Somehow, even after the update, Windows Firewall remains disabled, yet WD came back, despite group policy settings. I'm okay with the naggy popup because it doesn't automatically change anything (especially silently without my knowledge). I'm not okay with WD reviving itself because I specifically disabled it, and now it's back.

Never had an issue with defender tagging mining programs, been mining for a few years and used probably 10-12 different programs, none of them have been tagged by defender on win 7 or 10.

I haven't had an issue with it either, until I ran a full scan. It was only then that WD found them and said they were viruses... which makes me question how good WD is as an AV solution in the first place. What if there were actual viruses? They've been running for quite some time now, and WD hadn't picked up on it until I ran a full scan. They're right there fully loading both my video cards and my CPU all the time.

This is why I like the free edition of MBAM. I do use that much to scan things I download before I install/run them. It's much like having somebody inspect packages that arrive in the mail under my supervision to see if they like them or not, rather than having somebody living in my house, and they keep removing my TV every day because they don't like it.

 

[R-T-B]

If not, then you are part of the problem.

Many have, myself included. It is ignored because miners are often bundled with malware.

My report got a nice "won't fix/not an issue" tag.

Which is fine for 99% of consumers honestly. The issue is Windows Defender not STAYING OFF.