CYBER NEWS

Microsoft Defender Can No Longer Be Disabled via the Registry

Microsoft Defender, the security suite which guards the Windows operating system has received an important update which will prevent software and programs to disable it via the Windows Registry. To this date this functionality was present in the application’s core and was used by viruses to overcome it.




Windows Registry Can No Longer Be Abused to Stop Microsoft Defender

Microsoft has removed a function of the Microsoft Defender which allowed malware and hackers to overcome its defenses. To this date this was possible through Windows Registry editing, if certain values were edited. Now Microsoft has decided that this has been used far more for nefarious purposes than by administrators in certain situations. Microsoft Windows user could have disabled the functionality of the security suite by using a group policy setting called Turn off Microsoft Defender Antivirus. Without going through the usual menu items, the operating system automatically created a value called DisableAntiSpyware which corresponded to the current state of this setting. When this key is enabled the security programs which are installed will be disabled – this also includes any user-installed programs.

As of the KB 4052623 update this value is deemed as legacy and will be ignored thereby blocking malware and hackers who have abused this way of disabling security on compromised computers. By default in the newest versions of the Microsoft Windows operating system tamper protection is enabled by default which will strengthen overall security.

Related:
The patch is an out-of-band emergency update which fixes privilege escalation vulnerabilities - CVE-2020-1530 and CVE-2020-1537.
CVE-2020-1530: Microsoft Releases Emergency Security Updates

Another setting which is implemented in the newer operating system installations is the automatic security startup — if a user removes their userland security program Windows Defender will automatically start in order to provide protection against viruses.

Time will tell what measures will malware developers in order to discover new methods of steal installation. Microsoft believes that these changes will greatly reduce the chances of having a virus deployed on a given system which runs the latest version of the operating system and has updated Defender definitions.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...