'Hidden' update button

  • Thread starter Thread starter Guest
  • Start date Start date
Some answers for you, Alan:

Those zillions of Defender checkpoints still aren't completely understood by
us, but we've made a bunch of changes in house that should fix them for our
next set of bits...we're going to only do one checkpoint a day (the released
bits max is one/hour), and they should ONLY be snapped before cleaning
threats, right now they're snapped when taking any action on unknowns or
threats, and we're still not sure how scanning is creating checkpoints. So
those are lame, and we're going to change them. We have a KB on how to turn
the darn things off from WD, I can't find it right now, I'll look it up.

The bad guys have written a bunch of tools so when patch Tuesday rolls
around, they can quickly write exploits for whatever just got fixed. So
we're tending to see exploits come out for many vulnerabilities only _after_
the patch is issued. And then we're in a race to update everybody before
the bad guys get to unpatched machines. It's a darn tough problem to solve,
too - of course not having the vulnerability in the first place is the best
fix. :)

Regards,
Joe
 
will these changes go into definitions on our beta 2? (especially the system
restore ones?) and can you let us know when we will see them so we can give
you feedback and tell you if there is now a difference? and please find the
KB so some of us who do not want to do a registry change can do it via a
patch?

Also is it possible because we are in beta you can post when definitions are
updated exactly what is in them so again we can give you feedback on them?

thanks
Robin
 
Joe Faulhaber said:
Some answers for you, Alan:

Those zillions of Defender checkpoints still aren't completely understood by
us, but we've made a bunch of changes in house that should fix them for our
next set of bits...we're going to only do one checkpoint a day (the released
bits max is one/hour), and they should ONLY be snapped before cleaning
threats, right now they're snapped when taking any action on unknowns or
threats, and we're still not sure how scanning is creating checkpoints. So
those are lame, and we're going to change them. We have a KB on how to turn
the darn things off from WD, I can't find it right now, I'll look it up.
Click to expand...

That's excellent, and urgently needed news. I don't know what a KB is, but I
hope it's not that registry edit, is it? I can't do that. But if there is
some other way to turn them off (other than disabling RTP) I'd love to know
how. (What is a KB please, someone?)
The bad guys have written a bunch of tools so when patch Tuesday rolls
around, they can quickly write exploits for whatever just got fixed. So
we're tending to see exploits come out for many vulnerabilities only _after_
the patch is issued. And then we're in a race to update everybody before
the bad guys get to unpatched machines. It's a darn tough problem to solve,
too - of course not having the vulnerability in the first place is the best
fix. :)
Click to expand...

Perfect explanation. Even I could understand it. Thanks.
 
kb is normally a patch/security update
you will see a update like KB810202 (that is not real just an example)
robin
 
Ah! Thanks robin and andre. So a patch is made usually in response to an item
in the MS Knowledge base... hence the KB code for the patch? But an entry in
the knowledge base may not necessarily lead to a patch?

Well then yes, we definitely want one of those if it's n update patch,
please, but not if it's just that old registry fix again! Can't handle that.
 
Joe--has that KB article been released publically? I'd be interested to see
it, because the steps are somewhat involved because of the security around
Windows Defender's keys. I've got my own version which I've posted a few
times, based on Steve Dodson's initial post, but I don't like it much.
 
Back
Top