Microsoft quietly made at least two changes aimed at Windows Defender, which is the default antivirus tool on Windows 10.
Recently, it was discovered that Microsoft is no longer allowing consumers to disable Windows Defender antivirus tool via the Windows Registry. Microsoft originally remained tight-lighted on the changes made to Windows 10’s antivirus tool, but the company has now shared more details on the whole controversy.
Previously, users have been able to disable native security service on Windows 10 by either editing Registry or Group Policy. This changed when Microsoft shipped August 2020 security update version 4.18.2007.8 to retire “DisableAntiSpyware” Registry value that allowed users to permanently disable Windows Defender.
Microsoft says the setting has been “discontinued and will be ignored on client devices,” but there are at least two valid reasons behind this move, according to a new support document.
The software giant says it has retired the popular DisableAntiSpyware value because it no longer makes any sense in the latest version of Defender.
Windows Defender is already designed to turn off automatically whenever users try to install another antivirus product, so it doesn’t really make sense to disable Windows 10’s built-in protection tool manually, according to Microsoft.
“The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus. This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected,” Microsoft noted.
‘DisableAntiSpyware’ was originally designed only for IT pros and admins to disable the antivirus engine whenever they need to install their own security product.
Indirectly, Microsoft has also confirmed that the decision to discontinue this Registry hack will ensure Tamper Protection is as secure as possible.
Tamper Protection is a feature that basically prevents any attempts to tweak Windows Defender’s default settings outside your control. However, Tamper Protection could be bypassed by some malware programs that are designed to abuse “DisableAntiSpyware” in Registry Editor.
By retiring this Registry hack, Microsoft will also prevent attackers from turning off Windows Defender or Tamper Protection.
Windows Defender can now download files (for real)
A report suggests that Windows 10’s built-in antivirus software ‘Windows Defender’ has been updated with a new feature that will allow anyone to download files from the internet.
Windows Defender now comes with a new command-line feature called “MpCmdRun.exe”, otherwise known as Microsoft Antimalware Service Command Line Utility.
Apparently, Microsoft Antimalware Service Command Line Utility integration in Windows Defender-powered command-line could be used to download any file from the internet, including malware.
However, this is unlikely to be a major security flaw as files are still checked by Windows Defender after you finish the download using the command-line tool.