Windows Defender Archives

Winsage

July 3, 2025

Windows Update: Unwanted side effects occurred

Microsoft has acknowledged issues with the latest Windows 11 updates, particularly affecting the update preview released last Friday. Users have reported firewall error messages and some computers failing to boot after applying the updates. The Windows Release Health Notes indicate that these firewall errors, specifically event number 2042 related to Windows Defender Firewall, can be ignored as they do not indicate a malfunction. The issue is linked to a function under development and primarily impacts Windows 11 24H2, with a resolution planned for a future update. Additionally, users of older Fujitsu Esprimo PCs have reported startup problems after installing the June security updates, with affected devices displaying a black screen. Investigations suggest these issues may be related to a DBX update affecting bootloaders when Smart Boot is enabled. Users have speculated that outdated BIOS may be a factor, and instructions for updating firmware have been shared, although they are not user-friendly. Microsoft has not confirmed the startup issues with Fujitsu PCs and is not currently working on a specific solution.

Winsage

June 26, 2025

Researchers Demonstrate Windows Registry Manipulation via C++ Program

Cybersecurity researchers have developed a C++ program that demonstrates how attackers manipulate the Windows Registry to establish persistence, evade security measures, and alter system behavior. The Windows Registry is a database for system, application, and user settings, making it a target for malware. Key tactics include: - Persistence: Malware adds entries to auto-start locations to survive system reboots. - Evasion: Attackers modify security-related keys to circumvent defenses. - Privilege Escalation: Weak permissions on service keys can allow redirection of execution paths. The C++ program uses Windows API functions to create or modify registry keys, simulating real-world malware tactics. Key functions include: - RegCreateKeyEx: Opens or creates a registry key. - RegSetValueEx: Writes a value into the specified key. Red teamers use such code to simulate threats, focusing on persistence, configuration tampering, and payload storage. Blue teams can mitigate risks through monitoring, restricting permissions, and endpoint detection. The demonstration emphasizes the importance of ethical testing practices and the need for proactive registry monitoring and least-privilege access controls in cybersecurity.

Winsage

June 24, 2025

Windows 10 users can get extended security updates for 1,000 Microsoft Rewards points

Microsoft is ending support for Windows 10 on October 14, 2025, and is offering a one-year subscription to Windows 10 Extended Security Updates (ESUs) for a fee. Users can also redeem 1,000 Microsoft Rewards points for an ESU. The ESU will provide essential bug fixes, security updates, and technical support until October 13, 2026. Microsoft will continue to deliver security updates for MS 365 applications and Windows Defender until October 2028. Enrollment in the ESU program can be done through notifications and the Windows Settings menu, with a rollout to the general public starting in July and reaching widespread availability by mid-August. Windows 11, released in 2021, has received positive feedback and aims to address user concerns regarding usability and aesthetics.

Tech Optimizer

June 4, 2025

Do I need an antivirus and a VPN?

Reliance on antivirus software for device protection is common, but certain threats, especially ransomware, can bypass even the best solutions. Cybercriminals have shifted tactics from encrypting data for ransom to exfiltrating sensitive information and threatening to leak it. The availability of ransomware kits and the use of AI by attackers have made cybercrime more accessible and targeted. Remote work environments increase vulnerabilities, as hackers exploit unsecured networks and personal devices. Antivirus software can help protect against malware and viruses, but built-in solutions often lack comprehensive security. A high-quality antivirus program can enhance protection through advanced features and AI. A Virtual Private Network (VPN) encrypts data and secures internet traffic, making it a valuable tool for cybersecurity. Implementing a VPN is cost-effective compared to potential data breach costs. Using both a VPN and antivirus software is essential for comprehensive coverage, as they address different security aspects. Businesses may need advanced endpoint protection solutions for heightened security, which continuously scans for suspicious behavior and integrates multiple security features. Despite these tools, proper personal practices and cybersecurity awareness are crucial to minimize vulnerabilities and human error, which is a leading cause of cyberattacks.

Winsage

May 29, 2025

Securing Windows Endpoints in 2025 Enterprise Environments

In 2025, 61% of organizations worldwide have adopted Zero Trust initiatives, up from 24% in 2021. Microsoft's Zero Trust framework centralizes security policy enforcement through the cloud, with integrated solutions like Microsoft Defender for Endpoint. AI is now a critical component of endpoint security, enabling systems to detect irregularities and autonomously isolate compromised devices. Microsoft introduced Quick Machine Recovery (QMR) to allow IT administrators to fix unbootable PCs remotely. Windows Server 2025 features enhanced security measures, including advanced algorithms and a customized security baseline with over 350 preconfigured settings. Additionally, 75% of organizations are consolidating security vendors, favoring comprehensive platforms like SentinelOne Singularity and Microsoft Defender XDR. Windows Defender Application Control (WDAC) has been enhanced to better regulate application usage, with Microsoft promoting its adoption over AppLocker.

Tech Optimizer

May 29, 2025

How to turn off antivirus

Antivirus software is crucial for digital security, providing protection against malware threats. Users may need to disable antivirus temporarily for reasons such as system resource consumption, particularly during resource-intensive tasks like gaming, or to bypass false positives when installing applications. Disabling antivirus software poses risks, especially when browsing the internet, as even legitimate sites can be compromised. Precautions to take when disabling antivirus include disconnecting from the internet, avoiding USB drives, using trusted networks, closing non-essential applications, verifying the legitimacy of downloaded files, and limiting browsing to secure websites. Users should promptly re-enable their antivirus after completing necessary tasks.

Winsage

May 24, 2025

Microsoft Tells Nearly All Windows Users—You Must Reboot Your PC

This month's KB5058497 update for Windows 11 24H2 introduces the first 'hotpatch' update, allowing installation without a reboot, but it is only available for Windows 11 24H2 Enterprise users. There is no timeline for extending this feature to Pro and Home users. To use hotpatch updates, users must have a Microsoft subscription that includes Windows 11 Enterprise E3, E5, or F3, Windows 11 Education A3 or A5, or a Windows 365 Enterprise subscription, along with devices running Windows 11 Enterprise version 24H2 (Build 26100.2033 or later), an x64 CPU, Microsoft Intune for deployment management, and Virtualization-based Security (VBS) enabled. Users of Windows 11 24H2 or older versions must reboot their systems to apply new security updates, except for specific patches for Windows Defender, while every third update will still require a reboot. KB5058497 is scheduled to be released between May and June 2025 during the 'no restart' period, and it has been reported to install seamlessly without prompting for a reboot. Users of Windows 11 Home and Pro still face the traditional monthly reboot requirement for updates.

Winsage

May 23, 2025

Hackers can disable Windows Defender

A new tool called Defendnot can disable Windows Defender by masquerading as a legitimate antivirus program, exploiting a feature of Windows that allows only one antivirus solution to operate at a time. When Defendnot is installed, Windows automatically disables Defender, leaving systems vulnerable to cyber threats.

Winsage

May 22, 2025

Hackers can disable Windows Defender

A new tool called Defendnot can disable Windows Defender by masquerading as another antivirus program, exploiting a limitation of the Windows operating system that prevents multiple antivirus solutions from running simultaneously. When Defendnot is installed, Windows automatically disables Defender, leaving systems vulnerable. Cybersecurity experts recommend using robust antivirus solutions like TotalAV for additional security.

Tech Optimizer

May 21, 2025

Defendnot Disarms Windows Defender by Pretending to Be a Friend

A newly developed security program called Defendnot can deceive and disable Windows Defender, even without legitimate antivirus software installed. It alters the system to appear as a genuine antivirus program, allowing hackers to neutralize Windows Defender's protective measures. Defendnot operates through an undocumented API that antivirus software uses to register with the Windows Security Center, causing Microsoft Defender to deactivate. Developed by security researcher es3n1n, Defendnot injects a DLL file into the Taskmgr.exe process, misleading Windows into believing an antivirus is present. Although created for research purposes, it can be misused by cybercriminals. Microsoft Defender recognizes Defendnot as a Trojan and quarantines it upon detection.