Windows Defender Archives

Tech Optimizer

May 21, 2025

Defendnot Disarms Windows Defender by Pretending to Be a Friend

A newly developed security program called Defendnot can deceive and disable Windows Defender, even without legitimate antivirus software installed. It alters the system to appear as a genuine antivirus program, allowing hackers to neutralize Windows Defender's protective measures. Defendnot operates through an undocumented API that antivirus software uses to register with the Windows Security Center, causing Microsoft Defender to deactivate. Developed by security researcher es3n1n, Defendnot injects a DLL file into the Taskmgr.exe process, misleading Windows into believing an antivirus is present. Although created for research purposes, it can be misused by cybercriminals. Microsoft Defender recognizes Defendnot as a Trojan and quarantines it upon detection.

Tech Optimizer

May 19, 2025

This new Defendnot trojan can get Windows to disable its own antivirus software

A researcher using the pseudonym es3n1n has created a tool called Defendnot that manipulates Windows operating systems to disable Microsoft Defender, making devices vulnerable to malware. Defendnot simulates the presence of a legitimate antivirus by using an undocumented API in the Windows Security Center, convincing Windows that a valid antivirus is installed. This development raises concerns about cybersecurity, as it undermines the effectiveness of built-in antivirus protections like Windows Defender.

Tech Optimizer

May 19, 2025

Hackers can turn off Windows Defender with this sneaky new tool

A security researcher known as es3n1n has developed a program called Defendnot, which disguises itself as an antivirus application and exploits a previously undocumented Windows Security Center (WSC) API. Defendnot registers itself as a legitimate antivirus, causing Windows Defender to disable itself when it detects another antivirus, leaving users vulnerable. Microsoft has responded by enabling Defender to detect and quarantine Defendnot as 'Win32/Sabsik.FL.!ml'. This is not the first version of such a program; a previous iteration was removed due to copyright infringement.

Tech Optimizer

May 19, 2025

A spoof antivirus makes Windows Defender disable security scans

A researcher known as es3n1n explored Windows security mechanisms to bypass antivirus software validation checks in the Windows Security Center (WSC). He used tools like dnSpy and Process Monitor to analyze how legitimate antivirus solutions register with WSC. He confirmed that WSC validates the signatures of processes calling its APIs. Previously, es3n1n faced controversy when his project, no-defender, was removed from GitHub due to a DMCA takedown request from a software vendor.

Tech Optimizer

May 18, 2025

Defendnot tool pitched as ‘an even funnier way’ to disable Windows Defender

A new tool called Defendnot, developed by es3n1n, allows users to disable Windows Defender by using an undocumented Windows Security Center (WSC) API to simulate the presence of another antivirus program. This tool is a successor to the no-defender tool, which was taken down due to legal issues. Defendnot does not use third-party antivirus code and aims for a clean implementation. It disables Microsoft Defender upon activation, leaving users vulnerable to malware as it does not provide real-time scanning. Defendnot is designed to run automatically at Windows startup. Microsoft classifies Defendnot as a Trojan, raising concerns about its potential misuse by malicious actors.

Winsage

May 13, 2025

Microsoft extends Office support on Windows 10 through 2028

Windows 10 users will lose official support and security updates from Microsoft on October 14, 2025. However, users of Microsoft 365 apps on Windows 10 will receive updates and support until October 2028. Windows Defender malware definitions will also be available to Windows 10 users through at least October 2028. For perpetually licensed versions of Office, support timelines are as follows: Office 2021 will be supported until October 2026, and Office 2024 until October 2029.

Winsage

May 12, 2025

Warning — Microsoft Windows Defender Can Be Disabled By Hackers

A critical cloud security vulnerability rated 10/10 has been reported for Microsoft users, along with persistent denial of service attacks affecting Windows and warnings about password theft. A new tool called Defendnot has been released, which can disable Windows Defender, Microsoft's antivirus protection. Developed by a security researcher known as es3n1n, Defendnot simplifies the process of bypassing Windows Defender by tricking it into disabling itself. It uses undocumented application programming interfaces (APIs) to convince Windows Defender that another antivirus solution is present, without relying on third-party antivirus code. The availability of Defendnot poses a significant risk, potentially aiding malicious actors.

Tech Optimizer

May 12, 2025

Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution

Defendnot is a tool that disables Windows Defender by using the Windows Security Center (WSC) API, presenting itself as a legitimate antivirus solution. It was created by a developer named “es3n1n” and follows the removal of a previous tool called “no-defender.” The tool engages directly with WSC, which disables Windows Defender when third-party antivirus software is installed to avoid conflicts. Defendnot was developed through reverse engineering of the WSC service and involves understanding how WSC verifies processes. It registers a phantom antivirus product using COM interfaces and undocumented Windows APIs, leading Windows to disable its built-in protection. The tool requires administrative privileges to operate and adds itself to autorun to maintain its functionality after a reboot. Security experts express concern about its potential misuse by malware authors, while it also provides insights into vulnerabilities in Microsoft’s security architecture.

Tech Optimizer

May 12, 2025

Defendnot: A Tool That Disables Windows Defender by Registering as an Antivirus

Cybersecurity developers have created a tool called defendnot, which disables Windows Defender by utilizing undocumented Windows Security Center (WSC) APIs. This tool is a successor to the no-defender project, which was taken down due to DMCA challenges. The developer reverse-engineered WSC’s validation algorithms and identified Taskmgr.exe as a suitable process to host the necessary code. Defendnot persists across reboots by adding itself to Windows autorun and can be managed via a command-line interface with options to disable Windows Defender and Windows Firewall. Unlike its predecessor, defendnot does not use third-party antivirus code. Security experts warn that disabling protection mechanisms should only be done in controlled environments by knowledgeable users.

Tech Optimizer

May 11, 2025

Mac users once skipped antivirus software — here’s why that’s no longer a good idea

In 2024, 22 new Mac malware families emerged, up from 13 in 2022, indicating a rise in malware targeting macOS. Built-in security features include XProtect, which warns users about known malicious software; Gatekeeper, which prevents the installation of unsigned software; Sandboxing, which isolates applications to prevent unauthorized changes; Lockdown Mode, which restricts app functionality to protect user data; Safari protections against phishing and tracking; and password security measures that alert users about weak or compromised passwords. While Apple's built-in protections are robust, third-party antivirus software may provide additional security layers. Users are advised to practice good security habits, keep software updated, avoid unverified apps, and use a VPN on public Wi-Fi.