Microsoft Defender, the security suite which guards the Windows operating system has received an important update which will prevent software and programs to disable it via the Windows Registry. To this date this functionality was present in the application’s core and was used by viruses to overcome it.
Windows Registry Can No Longer Be Abused to Stop Microsoft Defender
Microsoft has removed a function of the Microsoft Defender which allowed malware and hackers to overcome its defenses. To this date this was possible through Windows Registry editing, if certain values were edited. Now Microsoft has decided that this has been used far more for nefarious purposes than by administrators in certain situations. Microsoft Windows user could have disabled the functionality of the security suite by using a group policy setting called Turn off Microsoft Defender Antivirus. Without going through the usual menu items, the operating system automatically created a value called DisableAntiSpyware which corresponded to the current state of this setting. When this key is enabled the security programs which are installed will be disabled – this also includes any user-installed programs.
As of the KB 4052623 update this value is deemed as legacy and will be ignored thereby blocking malware and hackers who have abused this way of disabling security on compromised computers. By default in the newest versions of the Microsoft Windows operating system tamper protection is enabled by default which will strengthen overall security.
Another setting which is implemented in the newer operating system installations is the automatic security startup — if a user removes their userland security program Windows Defender will automatically start in order to provide protection against viruses.
Time will tell what measures will malware developers in order to discover new methods of steal installation. Microsoft believes that these changes will greatly reduce the chances of having a virus deployed on a given system which runs the latest version of the operating system and has updated Defender definitions.