fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft Confirms Why Windows Defender Can’t Be Disabled Via Registry

Microsoft Confirms Why Windows Defender Can’t Be Disabled Via Registry

Microsoft Defender

Microsoft has confirmed that they no longer allow Microsoft Defender to be disabled via the Windows 10 Registry to support the Tamper Protection security feature.

When Windows 10 1903 was released, it introduced a new security feature called Tamper Protection that prevents Windows Security and Microsoft Defender settings from being changed outside of the Windows interface.This includes command-line tools, Registry changes, or group policies.

Microsoft Defender can no longer be disabled via the Registry

Windows users have historically been able to disable Microsoft Defender using the  ‘Turn off Microsoft Defender Antivirus’ group policy.

Turn off Microsoft Defender Antivirus group policy
Turn off Microsoft Defender Antivirus group policy

Once enabled, a ‘DisableAntiSpyware’ Registry value is created and set to 1 under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender key.

Earlier this month, we reported that Microsoft Defender would no longer honor this Registry value as it is no longer needed, and Tamper Protection protects it anyway.

“This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program.”

“Note that this setting is protected by tamper protection. Tamper protection is available in all Home and Pro editions of Windows 10 version 1903 and higher and is enabled by default,” Microsoft added to the support documentation for DisableAntiSpyware.

More to the story

Microsoft’s statements were not the whole story as extensive testing by BleepingComputer showed that even with Tamper Protection enabled, the DisableAntiSpyware Registry value still worked briefly.

When enabled, if a malware rebooted the computer, Microsoft Defender would be disabled for that particular session. On the next reboot, Tamper Protection would kick in and enable Windows Defender again.

Microsoft Defender disabled by DisableAntiSpyware value
Microsoft Defender disabled by DisableAntiSpyware value

This brief lapse of protection, though, is all that malware needs to infiltrate a Windows computer.

We have reported on numerous infections, including TrickBotNovterClop RansomwareRagnarok Ransomware, and AVCrypt Ransomware who have specifically targeted Microsoft Defender by disabling it using the ‘DisableAntiSpyware’ Registry value.

Due to this, BleepingComputer believes that Microsoft removed this policy not only as it is not needed, but also to prevent attackers from exploiting this brief hole in Tamper Protection.

Also read: How Bank Disclosure Of Customer Information Work For Security

Microsoft confirms that this is not the whole story

In an update to the Windows 10 Message Center, Microsoft has confirmed our suspicions that the DisableAntiSpyware policy is now ignored to support Tamper Protection.

Supporting tamper protection through the deprecation of DisableAntiSpyware

Microsoft Defender Antivirus tamper protection is turned on by default for all consumer Windows 10 devices. This feature protects devices from cyber attacks that try to disable built-security solutions, such as antivirus protection, in an attempt to gain access to your data, to install malware, or to otherwise exploit your data, identity, and devices. As Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program, we are removing a legacy registry setting called DisableAntiSpyware. Intended to be used by OEMs and IT admins to disable Microsoft Defender Antivirus for the purpose of deploying another antivirus product during deployment, DisableAntiSpyware is not applicable to consumer devices and will be removed beginning with Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher (see KB4052623 for details). This update will be rolled out to devices running Windows Enterprise E3 and E5 at a future date. 

With the DisableAntiSpyware policy removed, malware can no longer exploit the weakness in TamperProtection, and Microsoft Defender will only be disabled when done so via the Windows settings or when another antivirus software is installed.

Also read: 7 Simple Tips On How To Create A Good Business Card Data

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us