Windows Defender found a perennial hole
Miscellaneous / / January 17, 2022
Microsoft Defender or "Windows Defender" like many others antiviruses, allows you to exclude certain paths from the scan list - local folders and network locations. This is useful, for example, when developing software or installing programs that are mistakenly considered to be malware.
SentinelOne cybersecurity expert Antonio Kocomazzi, figured outthat the list of such paths is stored in an unprotected format. Access to it is open to all local users: they can find out which files, folders, extensions and processes are ignored by Microsoft Defender. To do this, just open the Windows console and enter the reg query command, and specify the name of the corresponding branch in the operating system registry as a parameter.
Getting access to a specific user's account in corporate networks is a solvable task, experts say. Many networks have already been compromised, and cybercriminals are just waiting for the right moment to get as much valuable information as possible. Then it's a matter of technique: it is enough to place malware in unprotected directories and start the attack.
It is already known that a vulnerability in Microsoft Defender Antivirus exists about eight years old. It affects the latest versions of the system, for example, Windows 10 21H1 and Windows 10 21H2 - after two regular major updates that developers release every six months.
Cyber Security Specialist Nathan McNulty noted, what in Windows 11 there is no such problem. But in Windows 10, the exclusion list can also be obtained from the system registry entry tree, which stores group policy settings. This is more sensitive information than the settings for a specific user - it is distributed to groups of computers on the network.
To protect yourself, you need to make sure that your system has not been hacked and does not contain malware. After that, it is worth tightening your security settings and reviewing the list of paths excluded from Microsoft Defender scanning.
Read also🧐
- How to disable Windows Defender
- How to turn off annoying Windows 10 Defender notifications
- Windows Defender crash clutters system drive with useless files
For 10 years in IT, I tried a lot: I worked as a system administrator and tester, I wrote in a dozen different languages programming, led the computer department of the editorial office of a printed newspaper and led news feeds high-tech portals. I can patch KDE2 for FreeBSD - and tell you in detail about all the nuances of this process. I dream about homemade R2-D2 and space flight.