A newly developed security program, known as Defendnot, has emerged as a sophisticated tool capable of deceiving and disabling Windows Defender, the built-in antivirus solution for Windows operating systems. This manipulation occurs even in the absence of any legitimate antivirus software installation, as Defendnot cleverly alters the system to present itself as a genuine antivirus program. Consequently, hackers can effectively neutralize Windows Defender’s protective measures.
Hackers can now disable Windows Defender with Defendnot
The underlying mechanism of Defendnot operates through an undocumented API utilized by antivirus software to identify itself to the Windows Security Center (WSC). Typically, when an antivirus program registers with the WSC, Microsoft Defender automatically deactivates to avoid any potential conflicts.
Developed by security researcher es3n1n, this tool follows a previous creation known as no-defender, which aimed for a similar outcome using the code from a third-party antivirus. The initial tech garnered significant attention but was subsequently removed from GitHub under the DMCA after a complaint from the concerned company. In response, es3n1n crafted Defendnot entirely from scratch, circumventing any copyright complications.
Defendnot operates by injecting a specially prepared DLL file into the Taskmgr.exe process. This process, being signed by Microsoft, is deemed trustworthy, thus facilitating the fake antivirus registration. As a result, Windows is misled into believing that an antivirus is present, leading to the deactivation of Defender. Consequently, the system continues to function without any active protection, leaving users vulnerable.
es3n1n developed Defendnot for research purposes, but attackers can misuse it
While es3n1n designed Defendnot primarily for research purposes, it is crucial to acknowledge the potential for misuse by malicious actors. Cybercriminals are continually devising various methods to compromise user data, and this tool poses a significant threat to the integrity of users’ security systems and their private information.
Fortunately, Microsoft Defender has recognized Defendnot as a Trojan, thanks to its advanced machine learning algorithms, and promptly quarantines it upon detection. This proactive measure aims to safeguard users from the risks associated with this deceptive tool.
