Things Windows Defender should learn...

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi.

I think there are some things Windows Defender has to learn:
- how to allow host file changes: My VPN software always does some changes
to the host file. I can only include or exclude the host file from real time
scanning. There is no way to allow some known changes which will happen again
and again...
- how to allow changes startup-items commit... I have some programs in the
startup folder (links). Each time I startup I get some notification about
changes there. If I try to add them to the exclude list under tools/options,
the application (not the link) is added...

Any ideas?


Thanks,



Thomas Pagel
 
Thomas said:
Hi.

I think there are some things Windows Defender has to learn:
- how to allow host file changes: My VPN software always does some
changes to the host file. I can only include or exclude the host file
from real time scanning. There is no way to allow some known changes
which will happen again and again...
- how to allow changes startup-items commit... I have some programs
in the startup folder (links). Each time I startup I get some
notification about changes there. If I try to add them to the exclude
list under tools/options, the application (not the link) is added...

Any ideas?


Thanks,



Thomas Pagel
Click to expand...

Have you tried adding Hosts to the exclusion list (tools, options, scroll
down to advanced options, add the path to hosts in the box). That should
stop your being notified of a change that you then have to allow. There will
still be logs in event viewer, and of course you would not be notified if
malware changed your hosts file (except in event viewer).

Note: I haven't tried it with hosts file, but have several apps in the
exclude list that WD treats as not yet allocated, and it works for them.
 
....there is a checkbox where I can disable checking of host file updates...
But that's what I mean... I only can enable or disable it, I can't add a list
of "allowed" changes... I'm not 100% sure but I think that older versions (MS
Anti Spyware) was able to to that... Also you could add items from the
realtime scan to the allow list... What I see is when you get too many
messages you'll start to confirm them automatically without checking what's
really on the list... That happend to me and I don't want anybody else to get
into this risk...


Thomas Pagel
 
Back
Top