Microsoft has changed the default behavior of Windows Defender. Apparently, the list of exclusions can now only be viewed by users with administrator rights, and not by everyone. A vulnerability that allowed an attacker to bypass the built-in antivirus check and inject malicious software was discovered back in 2014.
A Danish security expert, known on Twitter as @SecGuru_OTX, drew attention to the fact that the software giant quietly eliminated the vulnerability by releasing a patch. It affected all versions of Windows 10.
Has Microsoft finally changed the default behavior of Windows Defender?
It seems that exclusions can now only be viewed with Administrator rights (instead of by all users). cc: @GossiTheDog pic.twitter.com/lWFdOMqXsK— CISOwithHoodie (@SecGuru_OTX) February 10, 2022
The crux of the problem was that Windows 10 has a registry key HKLM\Software\Microsoft\Windows Defender\ExclusionsA containing a list of folders, files, extensions, and processes that Microsoft Defender does not scan. Due to the fact that the Everyone group had access to it, any user could view and change settings, regardless of the rights in the operating system.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
