Microsoft Defender Security Flaw: Malware Can Evade Detection

The most prevalent period for viruses and malware was probably between Windows XP and Windows 7. Back then, antivirus software had to be installed first, and it was almost unthinkable to expose your computer to virus threats.

But that changed in 2015 when Microsoft released Windows 10 with its own antivirus software. After years of upgrades and iterations, Microsoft Defender, which many people previously disdained, has become very powerful, so that the computer does not have to install additional antivirus software.

Since Windows 10, Microsoft Defender's presence has grown stronger and stronger, and AV-TEST even named it as one of the best antivirus software in 2021. However, there are some different voices among users, especially recently a serious vulnerability has also been revealed.

Microsoft Defender has a serious security vulnerability

The principles of viruses or system vulnerabilities usually involve very specialized and esoteric knowledge, which is difficult for most lay people to understand, but this exploded vulnerability is an exception, it is really shallow and easy to understand.

All security software will provide users with such a function, that is, the location of the "monitoring exclusion", the user can manually specify the hard disk of certain file directories are not monitored by antivirus software, because in reality, some normal software by antivirus software repeatedly false positives, false kills, mistakenly delete key files, resulting in some software does not work properly is quite common.

Therefore, this "monitoring exclusion" function is objectively necessary, so a variety of antivirus software has been provided, if you encounter this situation, the user can simply add the software directory to the "monitoring exclusion", Microsoft's antivirus software Microsoft Defender is the same.

However, everything has its advantages and disadvantages, this feature may also be used by some viruses (malware). Hackers do not have to rack their brains to think about how to strengthen the virus, just find a way to add them to the antivirus software "monitoring exclusion" area, then the virus or malware can completely avoid detection.

Some users may think that adding "monitoring exclusion" must be done manually by the user's own mouse, the virus should not be able to do. In fact, this can be achieved with code, so the idea of this virus (malware) is to do everything possible to add itself to Microsoft Defender's "monitoring exclusion".

Once successful, the hacker can store and execute any malware from the excluded file directory without fear of detection. In real-world testing, malware executed from this directory runs unhindered on Windows systems, without any hindrance and without triggering Microsoft Defender alerts.

Security experts tested with a sample of the Conti malware, and when it was executed from a common file directory (which was not added to Monitor Exclusions), Microsoft Defender immediately launched and blocked the malware, which was excellent. However, if the Conti malware is placed in an excluded folder and run again, Microsoft Defender shows no warning and takes no action, and the malware can do whatever it wants.

The vulnerability has not been resolved in Windows 10

It is reported that the vulnerability has now existed for at least eight years and can affect Windows 10 21H1 and Windows 10 21H2, while Windows 11 is fortunately unaffected and has a higher level of security.

In fact, Microsoft has been aware of this vulnerability, but it has not really been solved over the years and has not yet officially responded. The company's main goal is to provide a complete solution to the problem, so that it can be used as a tool to help you to get the most out of your computer.