Solved Hackers can bypass Microsoft Defender


XxXxX

XxXxX

Just a Computer User
Pro User
VIP
Local time
9:12 AM
Posts
2,154
Location
The Shires
OS
Debian 13 KDE .. Windows 11 Home

Hackers can bypass Microsoft Defender to install ransomware on PCs by exploiting a legitimate driver, hackers can load their own malicious driver to bypass Microsoft Defender.​

Click to expand...

www.pcworld.com

Hackers can bypass Microsoft Defender to install ransomware on PCs

By exploiting a legitimate driver, hackers can load their own malicious driver to bypass Microsoft Defender.
www.pcworld.com www.pcworld.com

be careful out there.
best of luck, Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
Looks to be an Intel issue.

This is done by exploiting a vulnerable driver called rwdrv.sys, which is a legitimate driver used by an Intel CPU tuning tool called ThrottleStop.
Click to expand...
 

My Computer My Computer

At a glance

Windows 11 Pro
OS
Windows 11 Pro
Some ransonware operators actually release a ranking of EDR tools and ease to bypass. Rankings go from S (hard) to LOL you can guess. Defender is consistenly in the LOL ranking.

1754588942037.webp
 

My Computer My Computer

At a glance

Linux Mint
OS
Linux Mint
Computer type
Laptop
Manufacturer/Model
System76 Lemur Pro
KevTech said:
Looks to be an Intel issue.
Click to expand...
ThrottleStop is a well-known CPU tuning tool from TechPowerUp. It's generally considered safe, but as always 3rd-party drivers are prone to vulnerabilities.

MS can address the problem in two different ways:
  • Ban it outright in Defender by a definitions update
  • Ban the driver in the next CU by updating the SiPolicy_Enforced.p7b (Vulnerable Drivers Blocklist)
Since the existing driver has a specific SHA1/SHA256 hash, MS can permit a safer driver version once they've proven the hole has been fixed. MS bans a ton of ASUS utilities for the same reason, terrible kernel driver security.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro 25H2Intel Core i9 13900KCorsair Dominator Platinum 64gb 5600MT/s DDR5...Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-...
    OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    Intel Core i9 13900K
    Motherboard
    Asus ProArt Z790 Creator WiFi - Bios 3107
    Memory
    Corsair Dominator Platinum 64gb 5600MT/s DDR5 Dual Channel
    Graphics Card(s)
    Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-X 24GB
    Sound Card
    External DAC: Cambridge Audio DACMagic200M - Headphone Amp: Topping L50
    Monitor(s) Displays
    Panasonic MX950 Mini LED 55" TV 120hz
    Screen Resolution
    3840 x 2160 120hz
    Hard Drives
    Samsung 980 Pro 2TB (OS)
    Samsung 980 Pro 1TB (Files)
    Lexar NZ790 4TB
    LaCie d2 Professional 6TB external - USB 3.1
    Seagate Expansion 16TB external - USB 3.2
    Seagate One Touch 18TB external HD - USB 3.0
    PSU
    Corsair RM1200x Shift
    Case
    Corsair RGB Smart Case 5000x (white)
    Cooling
    Corsair iCue H150i Elite Capellix XT
    Keyboard
    Incase Ergonomic USB (Microsoft clone)
    Mouse
    Logitech MX Master 3S
    Internet Speed
    Fibre 900/500 Mbps
    Browser
    Microsoft Edge Chromium
    Antivirus
    Bitdefender Total Security
    Other Info
    AMD Radeon Software & Drivers 26.1.1
    Hasleo Backup Suite
    Dashlane password manager
    Kensington Verimark fingerprint reader
    Logitech Brio 4K webcam
    Orico 10-port powered USB 3.0 hub

  • At a glance

    Windows 11 Pro 25H2Intel® Core™ i9-13900H32GB DDR4-3200 Dual channel*Intel Iris Xᵉ Graphics G7
    Operating System
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivobook X1605VA
    CPU
    Intel® Core™ i9-13900H
    Motherboard
    Asus X1605VA bios 309
    Memory
    32GB DDR4-3200 Dual channel
    Graphics card(s)
    *Intel Iris Xᵉ Graphics G7
    Sound Card
    Realtek | Intel SST Bluetooth & USB
    Monitor(s) Displays
    16.0-inch, WUXGA 16:10 aspect ratio, IPS-level Panel
    Screen Resolution
    1920 x 1200 60hz
    Hard Drives
    512GB M.2 NVMe™ PCIe® 3.0 SSD
    Mouse
    Logitech MX Ergo Trackball
    Antivirus
    Bitdefender Total Security
    Other Info
    720p Webcam
    WiFi & USB to ethernet
neemobeer said:
Some ransonware operators actually release a ranking of EDR tools and ease to bypass. Rankings go from S (hard) to LOL you can guess. Defender is consistenly in the LOL ranking.
Click to expand...
www.neowin.net

AV-TEST confirms Windows Defender is amongst the very finest antiviruses you get in 2021

German security research institute AV-TEST has released its October 2021 Windows 10 report for anti-virus assessment. Among the programs tested here, Microsoft's Windows Defender has done very well.
www.neowin.net www.neowin.net

Defender is the only AV/MW software I use on all my systems, never had a single issue.
And we all know that neowin is not exactly pro-windows.
Anyone that uses LOL as a rating in itself is quite laughable.
 

My Computers My Computers

System One System Two

  • At a glance

    All Branches but ReleaseAMD Ryzen 7 7735HS 3200-4500 Mhz 8 cores x 232 GB DDR5Radeon Graphic / NVIDIA GeForce RTX 4060 8 GB...
    OS
    All Branches but Release
    Computer type
    Laptop
    Manufacturer/Model
    Acer Nitro ANV15-51
    CPU
    AMD Ryzen 7 7735HS 3200-4500 Mhz 8 cores x 2
    Motherboard
    Sportage_RBH
    Memory
    32 GB DDR5
    Graphics Card(s)
    Radeon Graphic / NVIDIA GeForce RTX 4060 8 GB GDDR6
    Sound Card
    AMD/Realtek(R) Audio
    Monitor(s) Displays
    Integrated Monitor (15.3"vis)
    Screen Resolution
    FHD 1920X1080 16:9 144Hz
    Hard Drives
    KINGSTON OM8SEP4512Q-AA 1TB
    Western Digital 256GB
    PSU
    19V DC 6.32 A 120 W
    Cooling
    Dual Fans
    Mouse
    MS Bluetooth
    Internet Speed
    Fiber 1GB Cox -us & 1GB Orange-fr
    Browser
    Edge Canary- Firefox Nightly-Chrome Dev-Chrome Dev
    Antivirus
    Windows Defender

  • At a glance

    Windows 11 BetaAMD A9-94208 GB of DDR4AMD Radeon R5
    Operating System
    Windows 11 Beta
    Computer type
    Laptop
    Manufacturer/Model
    Asus X751BP
    CPU
    AMD A9-9420
    Memory
    8 GB of DDR4
    Graphics card(s)
    AMD Radeon R5
    Screen Resolution
    1600x900
    Hard Drives
    Seagate 1 TB
OAT said:
Anyone that uses LOL as a rating in itself is quite laughable.
Click to expand...
In independent testing of AV software Defender generally doesn't always compete against the top 3rd party AV suites, but isn't the worst.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro 25H2Intel Core i9 13900KCorsair Dominator Platinum 64gb 5600MT/s DDR5...Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-...
    OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    Intel Core i9 13900K
    Motherboard
    Asus ProArt Z790 Creator WiFi - Bios 3107
    Memory
    Corsair Dominator Platinum 64gb 5600MT/s DDR5 Dual Channel
    Graphics Card(s)
    Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-X 24GB
    Sound Card
    External DAC: Cambridge Audio DACMagic200M - Headphone Amp: Topping L50
    Monitor(s) Displays
    Panasonic MX950 Mini LED 55" TV 120hz
    Screen Resolution
    3840 x 2160 120hz
    Hard Drives
    Samsung 980 Pro 2TB (OS)
    Samsung 980 Pro 1TB (Files)
    Lexar NZ790 4TB
    LaCie d2 Professional 6TB external - USB 3.1
    Seagate Expansion 16TB external - USB 3.2
    Seagate One Touch 18TB external HD - USB 3.0
    PSU
    Corsair RM1200x Shift
    Case
    Corsair RGB Smart Case 5000x (white)
    Cooling
    Corsair iCue H150i Elite Capellix XT
    Keyboard
    Incase Ergonomic USB (Microsoft clone)
    Mouse
    Logitech MX Master 3S
    Internet Speed
    Fibre 900/500 Mbps
    Browser
    Microsoft Edge Chromium
    Antivirus
    Bitdefender Total Security
    Other Info
    AMD Radeon Software & Drivers 26.1.1
    Hasleo Backup Suite
    Dashlane password manager
    Kensington Verimark fingerprint reader
    Logitech Brio 4K webcam
    Orico 10-port powered USB 3.0 hub

  • At a glance

    Windows 11 Pro 25H2Intel® Core™ i9-13900H32GB DDR4-3200 Dual channel*Intel Iris Xᵉ Graphics G7
    Operating System
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivobook X1605VA
    CPU
    Intel® Core™ i9-13900H
    Motherboard
    Asus X1605VA bios 309
    Memory
    32GB DDR4-3200 Dual channel
    Graphics card(s)
    *Intel Iris Xᵉ Graphics G7
    Sound Card
    Realtek | Intel SST Bluetooth & USB
    Monitor(s) Displays
    16.0-inch, WUXGA 16:10 aspect ratio, IPS-level Panel
    Screen Resolution
    1920 x 1200 60hz
    Hard Drives
    512GB M.2 NVMe™ PCIe® 3.0 SSD
    Mouse
    Logitech MX Ergo Trackball
    Antivirus
    Bitdefender Total Security
    Other Info
    720p Webcam
    WiFi & USB to ethernet
  • Like
Reactions: OAT
There are at least 10 ways to bypass defender even with it enabled and running. The rating from from actual ransomware operators 🤷‍♂️.

Saying nothing bad ever happened with just running Defender or any other detection/protection software doesn't guarantee protection. Plenty of opportunity for false negatives.
 

My Computer My Computer

At a glance

Linux Mint
OS
Linux Mint
Computer type
Laptop
Manufacturer/Model
System76 Lemur Pro
Marcus Vinicus said:
In independent testing of AV software Defender generally doesn't always compete against the top 3rd party AV suites, but isn't the worst.
Click to expand...
There is no magic formula though as the user has his part to play as well, whether the AV is correctly set or the sites visited are questionable.
Plus there is the cost associated with 3rd party AV, especially with renewable subscriptions.
Whatever the case may be, I think Defender is still a solid product and there is no doubt its competitors are among the first to cry wolf.
 

My Computers My Computers

System One System Two

  • At a glance

    All Branches but ReleaseAMD Ryzen 7 7735HS 3200-4500 Mhz 8 cores x 232 GB DDR5Radeon Graphic / NVIDIA GeForce RTX 4060 8 GB...
    OS
    All Branches but Release
    Computer type
    Laptop
    Manufacturer/Model
    Acer Nitro ANV15-51
    CPU
    AMD Ryzen 7 7735HS 3200-4500 Mhz 8 cores x 2
    Motherboard
    Sportage_RBH
    Memory
    32 GB DDR5
    Graphics Card(s)
    Radeon Graphic / NVIDIA GeForce RTX 4060 8 GB GDDR6
    Sound Card
    AMD/Realtek(R) Audio
    Monitor(s) Displays
    Integrated Monitor (15.3"vis)
    Screen Resolution
    FHD 1920X1080 16:9 144Hz
    Hard Drives
    KINGSTON OM8SEP4512Q-AA 1TB
    Western Digital 256GB
    PSU
    19V DC 6.32 A 120 W
    Cooling
    Dual Fans
    Mouse
    MS Bluetooth
    Internet Speed
    Fiber 1GB Cox -us & 1GB Orange-fr
    Browser
    Edge Canary- Firefox Nightly-Chrome Dev-Chrome Dev
    Antivirus
    Windows Defender

  • At a glance

    Windows 11 BetaAMD A9-94208 GB of DDR4AMD Radeon R5
    Operating System
    Windows 11 Beta
    Computer type
    Laptop
    Manufacturer/Model
    Asus X751BP
    CPU
    AMD A9-9420
    Memory
    8 GB of DDR4
    Graphics card(s)
    AMD Radeon R5
    Screen Resolution
    1600x900
    Hard Drives
    Seagate 1 TB
neemobeer said:
Saying nothing bad ever happened with just running Defender or any other detection/protection software doesn't guarantee protection. Plenty of opportunity for false negatives.
Click to expand...
Nothing in the AV software world guarantees protection, you are right indeed.
I'll carry on taking my chances and stick to Defender; it has served me well, and costs nothing.

winaero.com

Microsoft Pays Security Researchers Record $17 Million to Find Vulnerabilities

Microsoft has awarded a record $17 million to 344 security researchers across 59 countries through its Bounty Program, the highest total in the program’s
winaero.com
 
Last edited:

My Computers My Computers

System One System Two

  • At a glance

    All Branches but ReleaseAMD Ryzen 7 7735HS 3200-4500 Mhz 8 cores x 232 GB DDR5Radeon Graphic / NVIDIA GeForce RTX 4060 8 GB...
    OS
    All Branches but Release
    Computer type
    Laptop
    Manufacturer/Model
    Acer Nitro ANV15-51
    CPU
    AMD Ryzen 7 7735HS 3200-4500 Mhz 8 cores x 2
    Motherboard
    Sportage_RBH
    Memory
    32 GB DDR5
    Graphics Card(s)
    Radeon Graphic / NVIDIA GeForce RTX 4060 8 GB GDDR6
    Sound Card
    AMD/Realtek(R) Audio
    Monitor(s) Displays
    Integrated Monitor (15.3"vis)
    Screen Resolution
    FHD 1920X1080 16:9 144Hz
    Hard Drives
    KINGSTON OM8SEP4512Q-AA 1TB
    Western Digital 256GB
    PSU
    19V DC 6.32 A 120 W
    Cooling
    Dual Fans
    Mouse
    MS Bluetooth
    Internet Speed
    Fiber 1GB Cox -us & 1GB Orange-fr
    Browser
    Edge Canary- Firefox Nightly-Chrome Dev-Chrome Dev
    Antivirus
    Windows Defender

  • At a glance

    Windows 11 BetaAMD A9-94208 GB of DDR4AMD Radeon R5
    Operating System
    Windows 11 Beta
    Computer type
    Laptop
    Manufacturer/Model
    Asus X751BP
    CPU
    AMD A9-9420
    Memory
    8 GB of DDR4
    Graphics card(s)
    AMD Radeon R5
    Screen Resolution
    1600x900
    Hard Drives
    Seagate 1 TB

My Computer My Computer

At a glance

WinDOS 25H2Intel & AMDSO-DIMM SK Hynix 15.8 GB Dual-Channel DDR4-26...nVidia RTX 2060 6GB Mobile GPU (TU106M)
OS
WinDOS 25H2
Computer type
Laptop
CPU
Intel & AMD
Memory
SO-DIMM SK Hynix 15.8 GB Dual-Channel DDR4-2666 (2 x 8 GB) 1329MHz (19-19-19-43)
Graphics Card(s)
nVidia RTX 2060 6GB Mobile GPU (TU106M)
Sound Card
Onbord Realtek ALC1220
Screen Resolution
1920 x 1080
Hard Drives
1x Samsung PM981 NVMe PCIe M.2 512GB / 1x Seagate Expansion ST1000LM035 1TB

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro 25H2Intel Core i9 13900KCorsair Dominator Platinum 64gb 5600MT/s DDR5...Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-...
    OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    Intel Core i9 13900K
    Motherboard
    Asus ProArt Z790 Creator WiFi - Bios 3107
    Memory
    Corsair Dominator Platinum 64gb 5600MT/s DDR5 Dual Channel
    Graphics Card(s)
    Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-X 24GB
    Sound Card
    External DAC: Cambridge Audio DACMagic200M - Headphone Amp: Topping L50
    Monitor(s) Displays
    Panasonic MX950 Mini LED 55" TV 120hz
    Screen Resolution
    3840 x 2160 120hz
    Hard Drives
    Samsung 980 Pro 2TB (OS)
    Samsung 980 Pro 1TB (Files)
    Lexar NZ790 4TB
    LaCie d2 Professional 6TB external - USB 3.1
    Seagate Expansion 16TB external - USB 3.2
    Seagate One Touch 18TB external HD - USB 3.0
    PSU
    Corsair RM1200x Shift
    Case
    Corsair RGB Smart Case 5000x (white)
    Cooling
    Corsair iCue H150i Elite Capellix XT
    Keyboard
    Incase Ergonomic USB (Microsoft clone)
    Mouse
    Logitech MX Master 3S
    Internet Speed
    Fibre 900/500 Mbps
    Browser
    Microsoft Edge Chromium
    Antivirus
    Bitdefender Total Security
    Other Info
    AMD Radeon Software & Drivers 26.1.1
    Hasleo Backup Suite
    Dashlane password manager
    Kensington Verimark fingerprint reader
    Logitech Brio 4K webcam
    Orico 10-port powered USB 3.0 hub

  • At a glance

    Windows 11 Pro 25H2Intel® Core™ i9-13900H32GB DDR4-3200 Dual channel*Intel Iris Xᵉ Graphics G7
    Operating System
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivobook X1605VA
    CPU
    Intel® Core™ i9-13900H
    Motherboard
    Asus X1605VA bios 309
    Memory
    32GB DDR4-3200 Dual channel
    Graphics card(s)
    *Intel Iris Xᵉ Graphics G7
    Sound Card
    Realtek | Intel SST Bluetooth & USB
    Monitor(s) Displays
    16.0-inch, WUXGA 16:10 aspect ratio, IPS-level Panel
    Screen Resolution
    1920 x 1200 60hz
    Hard Drives
    512GB M.2 NVMe™ PCIe® 3.0 SSD
    Mouse
    Logitech MX Ergo Trackball
    Antivirus
    Bitdefender Total Security
    Other Info
    720p Webcam
    WiFi & USB to ethernet
Clickbait. Word! ;-)
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2 26200.7840Intel Core i3-8145U16GB
OS
Windows 11 Pro 25H2 26200.7840
Computer type
Laptop
Manufacturer/Model
Lenovo IdeaPad L340
CPU
Intel Core i3-8145U
Memory
16GB
Hard Drives
500 GB M2 1 TB HDD
Internet Speed
400 MB
Browser
Chrome | Edge
Antivirus
Microsoft Defender | Block unknown executables | Various ASR rules enabled | Smart App Control
Just as a reminder for the casual reader: You're only vulnerable if you installed the ThrottleUp tool, and haven't uninstalled it. Otherwise, this vulnerability doesn't affect you.

PC World's headline is trying scare far too many users.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Here's the original article: GRITREP: Observed Malicious Driver Use Associated with Akira SonicWall Campaign

By the time this report was published, I think many AV vendors had already flagged the drivers:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

The article did mention:
  • The Akira ransomware group probably used the above driver (and one other) in combination with SonicWall VPN exploitation.
  • The drivers are tagged as "Bring Your Own Vulnerable Driver," meaning the attacker actually brought, installed, and registered the driver.
I don't have SonicWall appliances or VPN installed on my home network (🤣), so I am not worried. By the time this article came out to worry me, Windows Defender probably flagged the above driver anyway.

ps: Saying that a malware can bypass Microsoft security doesn't say much; if it doesn't, how is it going to infect Windows?
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
  • Like
Reactions: OAT
You must log in or register to reply here.

Similar threads

Solved Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP
Replies
16
Views
1K
john1955
john1955
Solved Hackers can hide AI prompt injection attacks in resized images
Replies
0
Views
463
Borg 386
Borg 386
  • Article Article
Expanding Privacy protection in Microsoft Defender for Individuals
Replies
0
Views
1K
Brink
Brink
Bypass Microsoft Account during setup.
Replies
1
Views
9K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom