We help IT Professionals succeed at work.

Recommendations on 'Windows Defender security features' against other non-MS products

jana
jana asked
on
341 Views
Last Modified: 2017-11-19
We have Windows 10 Pro and just got alerted on installing "Feature update to Windows 10, version 1709".  Reviewing "what's new" we noticed an area that says "Windows security features have been rebranded as Windows Defender security features".  

We don't use Windows Defender, never did since its inception to Windows.  Instead we use 3 products: Comodo Internet Security Premium (whch has Firewall and an Antivirus), Spy-Bot "Search & Destroy" and SUPERAntiSpyware.

With this new 1709 version "rebranded", should we consider uninstalling our security products and activate the rebranded Windows Defender security features?

Please advice
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Defender now holds functions similar to EMET, but these need to be turned on and managed through GPOs.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
That would depend upon the environment and what you say may be true for large environments.  I have the functions running as default.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You think so? What did you configure, nothing apart from the defaults?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Just left it as default and for the most part when I had EMET running I tried to use defaults as well
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Look into what's configurable. You cannot compare your state now to what EMET gave you - it's all off.
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard
IT Pro Consultant - IT Systems Administrator
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Exploit guards does not have full suite of EMET 5.5 apparently
CERT specifically pointed to Control Flow Guard (CFG) protections lacking in Windows 10, which protect against application memory corruption vulnerabilities.

Microsoft is now pointing its customers who can't use Control Flow Guard toward using Windows Defender Exploit Guard (WDEG) instead.

Since Windows Defender Exploit Guard is becoming part of Windows Defender ATP product, organizations currently relying on EMET may have to look toward Windows 10 E5 plans to get the support that was previously offered by EMET.
https://redmondmag.com/articles/2017/08/14/microsoft-to-block-emet-in-windows-10.aspx
Microsoft indicated it added "a new PowerShell module that converts existing EMET XML settings files into Windows 10 mitigation policies for WDEG [Windows Defender Exploit Guard]." The new PowerShell module, called "ProcessMitigations," is for organizations that have already customized their EMET policies and want to export them when they move to using Windows Defender Exploit Guard.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
On my machine (not Domain or governed by Domain GPO's) some Exploit protections are ON and some are OFF.

Control Flow Guard is ON, DEP is ON, Bottom-up ASLR (randomization) is ON, Force Randomization is OFF. SEHOP is ON, Heap Integrity is ON.

So Default on a non-Domain machine does indeed turn some settings ON but certainly not all settings.
George SimosIT Pro Consultant - IT Systems Administrator
CERTIFIED EXPERT

Commented:
@ btan ATP is used to provide more insight when there is a breach or malware activity/outbreak and helps find out who did what. There are also plans to take remediation actions in coming updates (not saying version because it is an ever-evolving service).
The exploit protections are providing info to ATP via the ATP Service of Windows 10 but they aren't working because of it. You need a special subscription to enable ATP, it would be a crippled security measure for the O/S if they did that (MS).
So Exploit Protections do work standalone also without needing another service to govern them.
This information can be found in the relevant technet pages for Exploit Protection of Windows 10, you will see that it states for the detailed reporting the ATP subscription is needed.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Thank you and good luck with your choice of A/V.
George SimosIT Pro Consultant - IT Systems Administrator
CERTIFIED EXPERT

Commented:
Thank you! I hope you will succeed in your choices for endpoint security.
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Thanks George for sharing. I knew about it which is why at Enterprise level, it is further more important to prevent and detect breachbas early as possible. It is a matter of "when" and not "if". Much appreciated your kind thoughts.
George SimosIT Pro Consultant - IT Systems Administrator
CERTIFIED EXPERT

Commented:
You're welcome btan, thank you for your kind words!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions