Link to home
Create AccountLog in
Avatar of jana
janaFlag for United States of America

asked on

Recommendations on 'Windows Defender security features' against other non-MS products

We have Windows 10 Pro and just got alerted on installing "Feature update to Windows 10, version 1709".  Reviewing "what's new" we noticed an area that says "Windows security features have been rebranded as Windows Defender security features".  

We don't use Windows Defender, never did since its inception to Windows.  Instead we use 3 products: Comodo Internet Security Premium (whch has Firewall and an Antivirus), Spy-Bot "Search & Destroy" and SUPERAntiSpyware.

With this new 1709 version "rebranded", should we consider uninstalling our security products and activate the rebranded Windows Defender security features?

Please advice
SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Defender now holds functions similar to EMET, but these need to be turned on and managed through GPOs.
That would depend upon the environment and what you say may be true for large environments.  I have the functions running as default.
You think so? What did you configure, nothing apart from the defaults?
Just left it as default and for the most part when I had EMET running I tried to use defaults as well
Look into what's configurable. You cannot compare your state now to what EMET gave you - it's all off.
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of btan
btan

Exploit guards does not have full suite of EMET 5.5 apparently
CERT specifically pointed to Control Flow Guard (CFG) protections lacking in Windows 10, which protect against application memory corruption vulnerabilities.

Microsoft is now pointing its customers who can't use Control Flow Guard toward using Windows Defender Exploit Guard (WDEG) instead.

Since Windows Defender Exploit Guard is becoming part of Windows Defender ATP product, organizations currently relying on EMET may have to look toward Windows 10 E5 plans to get the support that was previously offered by EMET.
https://redmondmag.com/articles/2017/08/14/microsoft-to-block-emet-in-windows-10.aspx
Microsoft indicated it added "a new PowerShell module that converts existing EMET XML settings files into Windows 10 mitigation policies for WDEG [Windows Defender Exploit Guard]." The new PowerShell module, called "ProcessMitigations," is for organizations that have already customized their EMET policies and want to export them when they move to using Windows Defender Exploit Guard.
On my machine (not Domain or governed by Domain GPO's) some Exploit protections are ON and some are OFF.

Control Flow Guard is ON, DEP is ON, Bottom-up ASLR (randomization) is ON, Force Randomization is OFF. SEHOP is ON, Heap Integrity is ON.

So Default on a non-Domain machine does indeed turn some settings ON but certainly not all settings.
@ btan ATP is used to provide more insight when there is a breach or malware activity/outbreak and helps find out who did what. There are also plans to take remediation actions in coming updates (not saying version because it is an ever-evolving service).
The exploit protections are providing info to ATP via the ATP Service of Windows 10 but they aren't working because of it. You need a special subscription to enable ATP, it would be a crippled security measure for the O/S if they did that (MS).
So Exploit Protections do work standalone also without needing another service to govern them.
This information can be found in the relevant technet pages for Exploit Protection of Windows 10, you will see that it states for the detailed reporting the ATP subscription is needed.
Thank you and good luck with your choice of A/V.
Thank you! I hope you will succeed in your choices for endpoint security.
Thanks George for sharing. I knew about it which is why at Enterprise level, it is further more important to prevent and detect breachbas early as possible. It is a matter of "when" and not "if". Much appreciated your kind thoughts.
You're welcome btan, thank you for your kind words!