Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Windows Defender exclusions reek of malware
#1
https://blog.avira.com/windows-defender-...f-malware/           Windows Defender exclusions reek of malware
 Windows Defender exclusions reek of malware
Lyle Frink October 2, 2018, Security & Privacy0 Comments
The vast majority of exclusions made to Windows Defender antivirus have been made by malware, according to research from the Avira Protection Services.

“We currently receive more than 10k unique windows defender exclusions entries per day and 95% of them are clearly designed for malware,” said Mikel Echevarria Lizarraga, senior virus analyst with Avira Protection Services.

Exclusions to an antivirus app – virtually all security apps, not just Window’s Defender – are designed to make life easier for the end user by exempting specified areas or files from repeated control. Once the exclusions have been made, those files and paths will be always ignored by the antivirus. This speeds up some operations and cuts the potential risk from a false positive alert. It also opens the door to some types of malware.

“I don’t believe any antivirus vendors are free from these types of attacks, but it may take a more complicated approach by the hacker to be successful,” said Lizarraga. “The primary problem with Windows Defender is that it and Windows OS are such big targets, hackers are specifically targeting them.”

Malware/adware families such as Wajam and Zdengo have specifically focused on their ability to introduce exclusions into Windows Defender. By adding an exclusion, they are able to more successfully distribute a stream of infected and suspicious ads to the infected devices without being detected.

“In general, Windows Defender is really transparent to the user, but only a few people will ever open the Windows Defender interface and discover those malicious exclusions,” he explained.

The Avira Approach
The Avira team analyzed data extracted from Window’s-driven machines which had been cleaned by Avira Antivirus. These were devices where Avira Antivirus had automatically sensed some abnormality and/or malware infection, reported it, and subsequently cleaned up the suspect issues. In particular, the team monitored the registry keys and subkeys from “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions”, the registry path where all the Windows Defender exclusions can be found.

https://blog.avira.com/wp-content/upload...png?x69254
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Lazarus hackers use Windows Update to deploy malware Mohammad.Poorya 0 848 01-28-2022 , 05:33 AM
Last Post: Mohammad.Poorya
  New malware DarkWatchman uses Windows Registry to evade detection mrtrout 0 1,082 12-25-2021 , 12:23 AM
Last Post: mrtrout
  Malware authors take advantage of the rush to try Windows 11 mrtrout 0 728 08-16-2021 , 09:11 PM
Last Post: mrtrout
  Password-Stealing Windows Malware has been Discovered mrtrout 0 748 07-24-2021 , 02:32 AM
Last Post: mrtrout
  Windows Defender is boosting its response to malware attacks dhruv2193 0 828 01-20-2021 , 06:29 AM
Last Post: dhruv2193

Forum Jump:


Users browsing this thread: 1 Guest(s)