Windows Defender

Pierluigi Paganini September 05, 2022
Windows Defender identified Chromium, Electron apps as Hive Ransomware

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware. Multiple users reported […]

Pierluigi Paganini August 02, 2022
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender

An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […]

Pierluigi Paganini January 14, 2022
Threat actors can bypass malware detection due to Microsoft Defender weakness

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from […]

Pierluigi Paganini October 30, 2018
Windows Defender is the first antivirus solution that can run in a sandbox

Windows Defender, the Windows built-in anti-malware tool, implemented the ability to run in a secure sandbox mode. The mechanisms allow detonating an application in a safe environment that is isolated from the operating system and other applications. This means that even if the application is compromised it will not affect the overall system if it […]

Pierluigi Paganini September 28, 2017
‘Illusion Gap’ attack method bypasses Windows Defender and executes malware

Researchers have developed an attack method dubbed Illusion Gap for bypassing Windows Defender that will allow avoiding antivirus detection. Researchers from security firm CyberArk have devised a new technique dubbed ‘Illusion Gap’ that allows attackers to bypass Windows Defender. The technique leverages on the fact that Windows Defender detection can be bypassed by tricking the antivirus into […]

Pierluigi Paganini June 26, 2017
Google Hacker found a new way to bypass Microsoft Windows Defender

The Google Project Zero expert Tavis Ormandy has found a flaw in Windows Defender that allow attackers to bypass the Microsoft anti-virus tool. The popular Google Project Zero hacker Tavis Ormandy has discovered a new bug in Windows Defender that allow attackers to circumvent the Microsoft anti-virus tool. Ormandy publicly disclosed the news of the vulnerability in […]