Keylogging malware protection built into Windows 10 and Windows 11



 Windows IT Pro Blog:

Devices running Windows 11 and Windows 10 have built-in protection against malware and malicious software with Microsoft Defender Antivirus. Microsoft Defender Antivirus can detect and block keyloggers, screen scrapers, and other types of malware threats that can track, steal, or damage data on devices.

What is keylogger malware and screen scraper malware?​

Keyloggers, also known as keystroke loggers, can record keystrokes, screenshots, and clipboard data. While screen scrapers are malicious programs that surreptitiously take screenshots and/or record videos of what is on your device’s screen, this kind of malware capability can exist independently without keylogging abilities. In both cases, stolen data is sent to an attacker over the network.

What is Microsoft Defender Antivirus and what does it do?​

Microsoft Defender Antivirus comes with all versions of Windows 11 and Windows 10, and it is the next-generation protection component of Microsoft Defender for Endpoint, which offers additional capabilities such as endpoint detection and response and automated investigation and remediation. Microsoft Defender Antivirus uses machine learning, artificial intelligence, and the cloud-based Microsoft Intelligent Security Graph to block malware at first sight and in milliseconds. It also analyzes the behaviors and process trees of threats and can stop fileless malware and human-operated attacks.

How does protection work?​

Let’s dive into more details about how we help prevent malware keyloggers from getting on the system in the first place. Protection from malware, which is turned on by default in Windows 11 and Windows 10, starts the moment you power on your device. Windows uses Secure Boot, Trusted Boot, and Measured Boot to verify the firmware, bootloader, kernel, drivers, and anti-malware software before loading them. These technologies help prevent malware from tampering with the boot sequence and compromising the device before Microsoft Defender Antivirus software starts up.

Once started, Microsoft Defender Antivirus takes advantage of multiple detection engines to block malware at first sight. The behavioral blocking and containment in Microsoft Defender for Endpoint can identify fileless malware and stop threats, even after threats start executing.

What if Microsoft Defender Antivirus isn't used?​

Users can consider enhancing security on unmanaged personal devices with Copilot+ PCs, which, as Secured-core PCs, bring advanced security to commercial and consumer devices. Secured-core PCs have hardware-backed security features enabled by default without any action required by the user, as well as Microsoft Security Baseline (a group of settings implemented by Microsoft based on security experts' feedback). In addition to the layers of protection in Windows 11, Secured-core PCs provide advanced firmware safeguards and dynamic root-of-trust for measurement to help provide protection from chip to cloud. Learn more about the new Windows 11 security features.

What if malware is not detected and it tries to disable Microsoft Defender Antivirus?​

Tamper protection, which is included in Windows 11 and Windows 10 and is on by default, safeguards some security settings—such as virus and threat protection—from being turned off or modified by malware, which helps protect against keyloggers.

What if a user who has admin rights on their machine turns off real-time scanning?​

Microsoft Defender SmartScreen can block malware downloads before they get on the system even if Microsoft Defender Antivirus real-time scanning is turned off. Additional detection engines from Microsoft Defender for Endpoint can still find keyloggers.

How do I know there is keylogger protection when I’ve never seen a detection?​

To show how Microsoft Defender for Endpoint detections and blocks, below we provide three keylogging examples in which two Windows 11 and Windows 10 built-in protections are disabled. These protections are:
  • Microsoft Defender Antivirus, which scans for malware on disk and in memory.
  • Microsoft Defender Smartscreen, which helps block malware downloads, including downloads by third-party browsers and email clients.
In the examples below, the screenshots show three different keyloggers being detected by Microsoft Defender for Endpoint.

Keylogger example 1

In addition to keylogging, this keylogger performed some exploration activities, also referred to as recon activities. Both activity types were detected.

large


Keylogger example 2

In this example, a keylogger spawned other files. Microsoft Defender for Endpoint was able to detect suspicious behavior.

large


Keylogger example 3

Here, the keylogger was prevented from running the first time. Even when the keylogger was explicitly allowed to run via the end user (with admin rights) approving the execution, the keylogger was unable to capture keystrokes and screenshots due to other prevention mechanisms.

large


The image below shows the detection of the three keyloggers we tested above. Although real-time protection was disabled earlier, Microsoft Defender Antivirus is shown as a detection source because enhanced detection and response (EDR) in Microsoft Defender for Endpoint can request that Microsoft Defender Antivirus scan files. Learn more at Endpoint detection and response in block mode.

large


Built-in protection in Windows 11 and Windows 10 helps protect against malware keyloggers by preventing them from getting into the system and running. For even better protection, consider using Microsoft Defender for Endpoint also. When both the built-in protection and Microsoft Defender for Endpoint are used together, you get better protection that's coordinated across Microsoft products and services.

For more information, download the Windows 11 security guide PDF and see 13 reasons to use Microsoft Defender Antivirus with Microsoft Defender for Endpoint.


 Source:

 
Is "RECALL" included under the... "keylogging malware" umbrella? :D
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.3037 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
The gist of this seems to be that Defender isn't totally disabled if you install a 3rd party antivirus. On both 10 and 11.

Is that correct?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Pro
    Memory
    16GB
  • Operating System
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad
    Memory
    32GB
The gist of this seems to be that Defender isn't totally disabled if you install a 3rd party antivirus. On both 10 and 11.

Is that correct?


Yes, that's correct.


You also have this option...

Image1.png
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.3037 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

Latest Support Threads

Back
Top Bottom