By
Delia
/ Last
update
February 15, 2022
Microsoft makes defender better since the second half of 2021
Microsoft is confident in its own Windows Defender, which has been highly recognized recently. Defender received exceptionally high rankings and scores in AV-TEST December 2021 and October 2021, but it was rated worse in AV-Comparatives and fell quite short of some alternatives like McAfee.
Despite the difference in scores between the two rankings, one thing is consistent in both assessments - Windows Defender's scores get better in the second half of 2021, indicating that Microsoft is making good and significant progress in this area, and it continues to improve as we move into 2022.
It's more difficult for malware to bypass scans via excluded folder
As addressed in prior articles, there is a major security vulnerability in Defender where excluded folders and directories were visible to everyone and easily accessible from the registry address "HKLM\Software\Microsoft\Windows Defender\Exclusions". This makes it easy for hackers to sneak a malicious payload into one of your excluded folders to completely bypass Windows Defender's scans.
Fortunately, Microsoft has noticed the problem and seems to be working on improving it. A security researcher named CISOwithHoodie recently said on Twitter that Microsoft has recently made a very important change to Windows Defender's exclusions licensing. After this change, only people with administrator privileges will be able to see which folders and files are set as excluded items for scanning. If you query the registry with a command to find the excluded items, an error message will appear stating that access is denied.
CERT's vulnerability analyst Will Dorman also confirmed in a Twitter post that registry-based policy changes are now protected as well. So far it is not known at what point Microsoft will provide the update, the general speculation is that it will be introduced in the recent February Tuesday update.