DefenderUI — Windows Defender is great, when turned on fully

Topic

New Reply

FREEWARE SPOTLIGHT By Deanna McElveen Microsoft’s first attempt at antivirus software was Microsoft Security Essentials (MSE), released in 2009 to Win
[See the full post at: DefenderUI — Windows Defender is great, when turned on fully]

5 users thanked author for this post.

Cybertooth, fisher75, rc primak, abbodi86, lmacri

Reply | Quote

Replies

I’ll look into this utility when I get a chance. It looks promising.

Question: Will using Malwarebytes Paid Edition prevent some of the Defender hardening tweaks from being implemented?

-- rc primak

Reply | Quote

rc primak, I think you will have to make Microsoft Defender the primary provider,

Figure 3. If this warning comes up, you need to uninstall previous antivirus software.
Deanna says uninstall, but the warning says: “or set Microsoft Defender as the primary security provider. I use Malwarebytes Free as a second opinion on demand scanner only, with Microsoft Defender as primary. If you try this DefenderUI program, please report to us what your thoughts and opinions are, thank you.

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

rc primak

Reply | Quote

rc primak wrote:

Question: Will using Malwarebytes Paid Edition prevent some of the Defender hardening tweaks from being implemented?

Hi rc primak:

I use MS Defender as my primary AV and Malwarebytes Premium for secondary/backup real-time protection (i.e., General | Windows Security Center | Always Register Malwarebytes in the Windows Security Center is OFF in my Malwarebytes settings) on my Win 10 Pro machine.

According to digmorcrusher’s 26-May-2023 post in Malwarebytes Premium and Microsoft Defender Boosted Through DefenderUI? in the Malwarebytes forum, as long as you have Malwarebytes Premium configured this way then Malwarebytes’ real-time protection should not interfere with DefenderUI. I can’t confirm if that is correct, however,  since I have not tested DefenderUI myself.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4651 * Microsoft Defender v4.18.24060.7-1.1.24060.5 * Malwarebytes Premium v5.1.6.117-1.0.1280 * Macrium Reflect Free v8.0.7783 * Firefox v128.0.3

Reply | Quote

Defender is disabled when any registered AV solution such as Malwarebytes is running. DefenderUI is intended for those wanting to use Defender as their only antivirus.

1 user thanked author for this post.

rc primak

Reply | Quote

Overwhelming complexity!

I gave up on Defender a few years ago when, after HOURS of searching, I could NOT find a concise, straightforward solution to a problem with downloading the updates.  Granted that Windows has developed into a marvelous tool for many levels of users, I have found it to be quite beyond “personal computing” since the end of Windows 7!

Scott Mills

 

Reply | Quote

I had to install the latest Antimalware Engine update for Windows Defender (early-August) through PowerShell because Susan had not yet given the all-clear for the monthly MS Updates more generally. So yes, I sometimes have issues with Defender engine updates. But the Definitions are usually done through the GUI of Windows Defender and cause me no issues.

-- rc primak

Reply | Quote

Try ConfigureDefender on github.  Its portable and open source.  Use High protection setting.

1 user thanked author for this post.

rc primak

Reply | Quote

Yes, a fine program. We have it as well:

https://www.oldergeeks.com/downloads/file.php?id=3847

1 user thanked author for this post.

rc primak

Reply | Quote

I read somewhere, a while ago, that Windows Defender only protected while using Microsoft Edge.  Is that still the case?

Reply | Quote

This is not the case and has never been the case.

2 users thanked author for this post.

rc primak, b

Reply | Quote

Hello Deanna,

I couldn’t help but notice that the slider for “Prevent malware from ever infecting this system” was turned off and not even mentioned, anywhere in your fine artilce on DEFENDERUI. What was the reason for leaving it off?

Best Regards,

audeq45

Reply | Quote

audeq45 wrote:

I couldn’t help but notice that the slider for “Prevent malware from ever infecting this system” was turned off and not even mentioned

Hi audeq45:

From Deanna McElveen comments below Figure 10 of her newsletter article, which shows that “Prevent malware from ever infecting this system” switch as the final setting on the Home page:

“The last entry is an attempt at humor. Clicking it will take you to VoodooSoft’s paid protection product.”

I’m not amused.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4651 * Firefox v128.0.3 * Microsoft Defender v4.18.24060.7-1.1.24060.5 * Malwarebytes Premium v5.1.7.121-1.0.1293 * Macrium Reflect Free v8.0.7783 * Microsoft Office Home and Business 2019 C2R Version 2406 / Build 17726.20126

Reply | Quote

I wrote this under Figure 10:

The last entry is an attempt at humor. Clicking it will take you to VoodooSoft’s paid protection product.

1 user thanked author for this post.

rc primak

Reply | Quote

I have never been able to figure out a way to exclude a directory from active scanning while allowing it to be scanned by a manual or scheduled scan.  Using a third party scanner simply to scan that one directory is a frustration for me with Microsoft Defender.  I have tried using MpCmdRun.exe with no joy.  One of its options is -CheckExclusion which made me think that it would only check for exclusions when this option existed but that is not the case.  Is there a way to exclude from active scanning yet include in manual and scheduled scans?

Reply | Quote

That is a very good question. Defender does not allow scanning of an excluded directory as far as I can tell from the test I just did. I will let you know if I find a workaround.

1 user thanked author for this post.

rc primak

Reply | Quote

Thanks Deanna.

On my previous laptop I had used Malwarebyte to do on-demand scans of the excluded directories but was annoyed that task manager always showed something associated with Malwarebytes running in the background even though it was used for on-demand only.  Is there a portable AV tool for on-demand scans that is effective but does not use system resources for no reason?

Reply | Quote

Peobody wrote:

On my previous laptop I had used Malwarebyte to do on-demand scans of the excluded directories but was annoyed that task manager always showed something associated with Malwarebytes running in the background even though it was used for on-demand only.

Hi Peobody:

I haven’t used Malwarebytes Free for a few years but AFAIK if Settings | General | Windows Startup | Launch Malwarebytes in the Background When Windows Starts is OFF as shown below then Malwarebytes Free should not load into memory until you manually launch the program.

I currently use Malwarebytes Premium and start the real-time protection automatically at Windows startup, and when Malwarebytes is running in the background I can also right-click the system tray icon and choose “Quit Malwarebytes” and all Malwarebytes-related processes like Malwarebytes.exe and MBAMService.exe will unload from memory. If you launch Malwarebytes Free to run an on-demand scan then clicking that “Quit Malwarebytes” option in the system tray should work the same way.

Has the latest Malwarebytes Free v5.x added a new feature that requires a process like MBAMService.exe to always load at boot-up (e.g., background updating of virus definitions), or is it possible you were using the 14-day trial of Premium features like real-time protection when you first installed Malwarebytes Free?
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4651 * Firefox v128.0.3 * Microsoft Defender v4.18.24060.7-1.1.24060.5 * Malwarebytes Premium v5.1.7.121-1.0.1293 * Macrium Reflect Free v8.0.7783

1 user thanked author for this post.

rc primak

Reply | Quote

On my previous laptop I had used Malwarebyte to do on-demand scans of the excluded directories but was annoyed that task manager always showed something associated with Malwarebytes running in the background even though it was used for on-demand only.

In current and beta versions of Malwarebytes Free, the program has a component which sits in your System Tray until you right-click on it and select “Quit” and confirm you REALLY want to quit. I think they say it’s some sort of extra protection, but all I’ve ever seen it do is nag me to upgrade to their paid version.

If you use their Browser Guard, this may also have components running in the background, since many Chromium based browsers, including Edge, keep some processes running in the background, even after you close the browser window(s).

-- rc primak

1 user thanked author for this post.

Cybertooth

Reply | Quote

I was definitely using Malwarebytes Free and not a trial version.  It was an old version though.  The setup file I have in my downloads was v1.75 from 2013.  An unknown is whether this is just an installer that retrieves and installs the current version.  Whatever version I had running, it contained the option to not load at startup, which was enabled.  It also updated its definitions almost every time I used it so I don’t think it was an updater running in the background.  I did always close it from the system tray once I was done.  I may just try it again knowing that MBAMService.exe is its updater.  I can live with that running.

1 user thanked author for this post.

rc primak

Reply | Quote

I just installed Malwarebytes and can’t find a way around being forced to accept the 14 day trial of Premium.  Worse though is that once you hit that dialog your options are to either accepts it, or to use task manager to kill it.    The download was via this Download Now button.

I understand the “free” is never free, but to state “Virus scanner and free antivirus for Windows” then force the use of a trial premium product rubs me the wrong way.  An option for the trial would have been acceptable.  I’m hopeful someone will suggest an alternative.

Reply | Quote

Peobody wrote:

I just installed Malwarebytes and can’t find a way around being forced to accept the 14 day trial of Premium….

Hi Peobody:

I’m not sure how to disable the 14-day trial anymore since the instructions at Deactivate Premium Trial in Malwarebytes for Windows v4 are no longer valid for MB Free v5.x. If you click the icon in the top-right corner of the interface and choose “My Subscription” (or possibly “About Malwarebytes”) do you see something like a “Deactivate Trial” button? From my Malwarebytes Premium interface:

If that doesn’t help just be sure the setting at Settings | General | Windows Security Center | Always Register Malwarebytes in the Windows Security Center is OFF as shown in the image in my post # 2691644. This will ensure your antivirus (MS Defender or a third-party AV like Bitdefender, McAfee, etc.) will continue to protect your system as your primary AV while Malwarebytes is running in real-time protection mode.

Unfortunately, I don’t know of any other on-demand malware scanner that compares to Malwarebytes Free. ESET’s Free Online Scanner at https://www.eset.com/int/home/online-scanner/ is another reputable product but it can only be used for a one-time scan.
————————————-

P.S. – Just out of curiosity, do you remember if you selected the “Maybe Later” option to choose Malwarebytes Free during the initial setup when the setup wizard asked if you wanted to activate a subscription? See Step # 8 of the Malwarebytes Desktop Security Quick Start Guide if you aren’t sure which prompt I’m referring to.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4651 * Firefox v128.0.3 * Microsoft Defender v4.18.24060.7-1.1.24060.5 * Malwarebytes Premium v5.1.7.121-1.0.1293 * Macrium Reflect Free v8.0.7783

2 users thanked author for this post.

Peobody, Cybertooth

Reply | Quote

@lmacri, the “one-time scan” labeling on the ESET page may be imprecise. Unless the most recent version of the ESET Online Scanner has changed, once we download the .exe file we can run it any number of times, whenever we wish. (I run mine once a week.)

Of course, the program is not resident in memory and it doesn’t run on a schedule, so we have to manually launch it every single time we want to use it; maybe that’s what they mean by a “one-time scan” but the wording could be clearer.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

rc primak, lmacri

Reply | Quote

Malwarebytes Free 5.x beta does have clean installers. I use the one from MajorGeeks. Because 5.x is still in beta, you have to manually update the program, as well as the definitions. The mainstream Malwarebytes 4.x is much more automatic.

The User Interface has changed a lot since earlier versions, and finding the Your Account flyout is much more difficult now. But the option to downgrade to the free version is still there, no matter which installer you initially used. It’s just hiding.

-- rc primak

Reply | Quote

rc primak wrote:

Malwarebytes Free 5.x beta does have clean installers. I use the one from MajorGeeks. Because 5.x is still in beta, you have to manually update the program, as well as the definitions. The mainstream Malwarebytes 4.x is much more automatic.

Hi rc primack:

I was automatically upgraded from Malwarebytes Premium v4.6.12.323-1.0.2309 to v5.1.3.110-1.0.1219 back in April 2024 (see my 20-Apr-2024 topic Unexpected Upgrade to Malwarebytes v5.1.3 – Initial Impressions in the Malwarebytes forum) and AFAIK Malwarebytes v5.x is no longer in BETA.

The latest full offline installer for the stable release of MB v5.x, if required, is available at https://downloads.malwarebytes.com/file/mb5_offline.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4780 * Firefox v129.0.1 * Microsoft Defender v4.18.24070.5-1.1.24070.3 * Malwarebytes Premium v5.1.8.123-1.0.5007 * Macrium Reflect Free v8.0.7783

Reply | Quote

I was automatically upgraded from Malwarebytes Premium

You have the paid Premium version. That is up to Version 5. I am referring to the Free Version, which still has Version 5 classified as Beta. In the Malwarebytes Forums Version 5’s latest releases are also listed as Beta releases. Most of us here were discussing the free Version.

(Please also note that my name does not have a “c” in it.)

-- rc primak

Reply | Quote

rc primak wrote:

I am referring to the Free Version, which still has Version 5 classified as Beta. In the Malwarebytes Forums Version 5’s latest releases are also listed as Beta releases.

Hi rc primak:

Sorry, which release notes are you referring to that show that that Malwarebytes Free v5.x is still in BETA? I know there are Malwarebytes v5.x BETA releases notes in the forum at https://forums.malwarebytes.com/forum/70-beta-testing-program/, but those are intended for Malwarebytes v5.x Free and Premium users who opt in to the beta-release channel to test early releases of Malwarebytes 5.x. If they don’t want to be a BETA tester Malwarebytes Free (and Premium) v5.x users can leave the option at General | Beta Updates disabled (the default setting) and they will remain on the stable release channel.

I might be wrong, but AFAIK the official 18-Feb-2024 announcement at Announcing Malwarebytes 5.0 applies to both Free and Premium editions, the MBSetup.exe installation manager for Malwarebytes Free at https://www.malwarebytes.com/mwb-download now installs Malwarebytes v5.x as the recommended version (assuming your system meets the minimum system requirements), and employee H4V0C’s release notes for the stable release of Malwarebytes v5.x at https://forums.malwarebytes.com/topic/308492-malwarebytes-5/ are intended for both Free and Premium users. As I noted in post # 2692423, the Free and Premium editions both share the same user interface – the only difference is that Free users will notice that some “advanced” features like real-time protection will be disabled unless they activate a Premium license in the interface under My Subscription.

Malwarebytes even seems to be trying to blur the distinction between Free and Premium in Malwarebytes v5.x now that management of other optional paid services like Malwarebytes VPN and Malwarebytes Identity Protection are integrated into the Malwarebytes v5.x interface. For example, the version 5.x interface no longer displays the words “Premium”, “Trial”, or “Free” in the title bar, which has led to some confusion – see Terri569’s 23-Aug-2024 How do I know I have Premium? in the Malwarebytes forum.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4780 * Firefox v129.0.2 * Microsoft Defender v4.18.24070.5-1.1.24070.3 * Malwarebytes Premium v5.1.9.124-1.0.5014 * Macrium Reflect Free v8.0.7783

Reply | Quote

Peobody,

When the trial expires it automatically reverts to the free version.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

2 users thanked author for this post.

rc primak, Peobody

Reply | Quote

lmacri wrote:

P.S. – Just out of curiosity, do you remember if you selected the “Maybe Later” option to choose Malwarebytes Free during the initial setup when the setup wizard asked if you wanted to activate a subscription?

I selected it.  The only option in the resulting dialog is “Start Trial”.  I kill it at that point so have never let it set itself up to run.

Thanks for the other advice.  I think I am going to have to bite the bullet and let it run for 14 days to see what happens.

Reply | Quote

lmacri wrote:

If you click the icon in the top-right corner of the interface and choose “My Subscription” (or possibly “About Malwarebytes”) do you see something like a “Deactivate Trial” button?

OK, I went ahead a let it finish startup, and yes, a “Deactivate Trial” button is there.  Clicking it deactivates all of the premium features.  I did a test scan and then closed it, which then reminded me of its annoyance of continuing to run in the background until it was quit via the system tray.  An additional annoyance is that quitting it requires entry of an admin password.

2 users thanked author for this post.

rc primak, lmacri

Reply | Quote

There is a setting to “not start when Windows starts.” Look for it.

1 user thanked author for this post.

rc primak

Reply | Quote

Peobody wrote:

An additional annoyance is that quitting it requires entry of an admin password.

Hi Peobody:

That’s odd. I don’t see a request for a password when I select “Quit Malwarebytes” from the system tray icon.

Is it possible you enabled Settings | Protection | Tamper Protection | Limit Who Can Change Your Malwarebytes Settings (disabled by default) and created an Administrator password to prevent other users sharing your computer from making changes to your Malwarebytes settings or accidentally stopping and/or uninstalling Malwarebytes?

If so, be aware that this “Tamper Protection” is different from the self-protection setting at Settings | General | Windows Startup | Enable Self-Protection Mode (enabled by default) that is normally turned ON to prevent malware from disabling or damaging Malwarebytes.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4651 * Firefox v128.0.3 * Microsoft Defender v4.18.24060.7-1.1.24060.5 * Malwarebytes Premium v5.1.7.121-1.0.1293 * Macrium Reflect Free v8.0.7783

1 user thanked author for this post.

Cybertooth

Reply | Quote

I had found that setting and confirmed that Malwarebytes is not started on Windows started.  My issue is that it does not shut down when closed following an on-demand scan regardless of whether that scan was triggered by a Malwarebytes shortcut or its right-click context menu item.

Reply | Quote

My Tamper Protection | Limit Who Can Change Your Malwarebytes Settings option is not enabled.  I simply receive the “Do you want to allow this app to make changes to your device” dialog whenever I “Quit Malwarebytes” from the system tray.

Reply | Quote

Peobody wrote:

I simply receive the “Do you want to allow this app to make changes to your device” dialog whenever I “Quit Malwarebytes” from the system tray.

Hi Peobody:

That notification is not a generated by Malwarebytes. It’s a standard warning from the User Account Control (UAC) feature of your Windows OS. AFAIK there is no setting in Malwarebytes that will allow you to bypass UAC warnings.

I would advise against it, but the MS support article User Account Control Settings includes instructions on how to adjust the UAC notification level, which ranges from Always Notify to Never Notify. The default for Win 10 is “Notify me only when programs try to make changes to my computer”.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4651 * Firefox v128.0.3 * Microsoft Defender v4.18.24060.7-1.1.24060.5 * Malwarebytes Premium v5.1.7.121-1.0.1293 * Macrium Reflect Free v8.0.7783

1 user thanked author for this post.

rc primak

Reply | Quote

Peobody wrote:

My issue is that it does not shut down when closed following an on-demand scan regardless of whether that scan was triggered by a Malwarebytes shortcut or its right-click context menu item.

I’ve had that issue for some time, probably a couple of years, it’s possible that
it remains active as it’s supposed to be checking that an alt. antimalware, usually Defender, is present and active (though as I’ve just updated it to 5.1.7.121 from, I think v4, I no longer see where that was mentioned – ‘Critical’ was the top sub-heading it used to be under).

Dashboard > Trusted Advisor (This PC upper right > View details) > Critical Issues > Additional antivirus protection is turned on…

Yes, V5 continues the tradition of having to actively kill the process after closing it via Alt+F4, top left corner of the UI.

1 user thanked author for this post.

rc primak

Reply | Quote

lmacri wrote:

That notification is not a generated by Malwarebytes. It’s a standard warning from the User Account Control (UAC) feature of your Windows OS. AFAIK there is no setting in Malwarebytes that will allow you to bypass UAC warnings. I would advise against it, but the MS support article User Account Control Settings includes instructions on how to adjust the UAC notification level, which ranges from Always Notify to Never Notify. The default for Win 10 is “Notify me only when programs try to make changes to my computer”.

Understood.  The issue though is why the heck the process of quitting Malwarebytes triggers the UAC warning.  The root of the problem may be that an on-demand scan is disabling Microsoft Defender which then must be enabled once Malwarebytes shuts down.  If this is the case then I think Malwarebytes on-demand scanning is very poorly implemented.  There is not reason for it to affect the system.  It should scan the target, report, act as instructed, then fully close on request of the windows user who started it to do the scan.

FWIW, I posted on the Malwarebytes support forum and the reply received so far confirms that the behavior is as intended.  I’ll have to decide whether I can live with it.

Reply | Quote

Peobody wrote:

FWIW, I posted on the Malwarebytes support forum and the reply received so far confirms that the behavior is as intended.

Hi Peobody:

Malwarebytes employee AdvancedSetup also stated on 01-Aug-2024 in your topic Need help with two frustrations with Malwarebytes that you can avoid the UAC warning when you close Malwarebytes by starting Malwarebytes with Administrator rights.

For example, if you start Malwarebytes from a desktop shortcut then:

• Right-click the shortcut and choose Properties from the pop-up context menu.
• Click the Advanced button on the Shortcut tab.
• Enable Run as Administrator and click OK.

———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4651 * Firefox v128.0.3 * Microsoft Defender v4.18.24060.7-1.1.24060.5 * Malwarebytes Premium v5.1.7.121-1.0.1293 * Macrium Reflect Free v8.0.7783

3 users thanked author for this post.

rc primak, Cybertooth, satrow

Reply | Quote

Running as admin requires entry of an admin password same as UAC does on close.  The inconvenience is the same, it’s just on different ends of the process.  Besides, I almost always have a file explorer open so convenient way for me to start the scans is with the “Scan with Malwarebytes” context menu item.  I don’t know of a way to have that run as admin.

My original question severely hijacked this discussion for which I apologize.  I think I have an understanding of my options with Malwarebytes so we can end this.

Reply | Quote

Re. quitting Malwarebytes Free:

Before we return this thread to its normal and upright position, let me point out that running any antivirus on-demand scan as Limited User defeats some of the purpose of running the scan. To get the most effective scan results, you must be running the scan with full Admin rights. This is best guaranteed by only running these scans while logged into an Admin. Account. In this scenario, no password is needed to dismiss a UAC prompt.

-- rc primak

1 user thanked author for this post.

Cybertooth

Reply | Quote

Deanna,

I had this conversation with the folks at VoodooShield about a bug(?) I ended up with in the DefenderGuard part of DefendrUI.  I thought you should know.  (This is a copy/paste of the emails, so their reply is first.)

Thank you for letting us know!  We are going to completely rework that feature soon anyway and ensure that it works the way it is supposed to.  Thanks again!

 

From: dutchovenhat
Sent: Tuesday, August 6, 2024 3:42 PM
To: support@defenderui.com
Subject: Re: DefenderGuard fails to honor Auto Reactivation Settings

 

A followup, I don’t think I have rebooted since setting up the Auto Reactivation delay, if that matters.

I just thought you ought to know that in DefenderUI v1.22 (metadata shows v1.0.0.0) that DefenderGuard is failing to honor the auto Reactivation settings.  Instead of the longer delay I set, it reactivated in 5 minutes.
I did see in DefenderGuard information that the feature is still in development.

I have occasion up to several times a week to disable Defender for up to an hour at a time, and then reactivate it.  I liked the Auto Reactivation feature in case I forget to restart it.

I am running Windows 10 Pro 22H2 Build 19045.4651 on an MSI B550 Gaming Edge Wifi motherboard w/ an AMD Ryzen 5 3600 6-core processor, 32GB DDR4 RAM.
Antimalware Client Version 4.18.24060.7, Engine Version 1.1.24060.5, Antivirus Version 1.415.532.0, Antispyware Version 1.415.532.0.
NVMe Samsung 970 (0025_385A_2140_5594) SSD.

If you need more system information, please ask.

Reply | Quote