Differences

This shows you the differences between two versions of the page.

--- windows:rigutils:windows_tuning:antivirustest.bat [2019/01/19 19:27]
wikiadmin
+++ windows:rigutils:windows_tuning:antivirustest.bat [2019/02/18 10:41] (current)
wikiadmin
@@ Line 39: / Line 39: @@
 After finishing the above text an idea came to my mind: Hey, let's try to fool Windows Defender by a simple trick - copy mstha.exe with a different name... And it turns out that this method works perfectly! So [[windows:rigutils:windows_tuning:antivirustest.bat|AntiVirusTest.bat]] was born. Get a copy of it and run from [[:windows:rigutils:windows_tuning:cmd_rigutils.exe|cmd.exe]] shell.
-To my mind, such a Windows Defender bypass method is clearly a bug (not critical, but bug), feel free to submit it to [[https://www.microsoft.com/en-us/msrc/bounty|MS bug bounty program]] and share with me your reward 8-)
+To my mind, such a Windows Defender bypass method is clearly a bug (not critical, but bug), feel free to submit it to [[https://www.microsoft.com/en-us/msrc/bounty|MS bug bounty program]] and share your reward with me 8-)
 Seriously speaking, this trick may stop working in future. But luckily, Windows Defender has an [[https://support.microsoft.com/en-us/help/4028485/windows-10-add-an-exclusion-to-windows-security|exclusions list]] for trusted files and folders. If you ever got a message from Defender that //mshta.exe// pose a security risk to your system and block it from execution then you have to (re)enable it. After adding //mstha.exe// to the whitelist (see instruction below) of Windows Defender you may once again test your setup with [[windows:rigutils:windows_tuning:antivirustest.bat|AntiVirusTest.bat]]
@@ Line 47: / Line 47: @@
 === Instruction ===
-**STEP 1.** Launch command prompt.
+**STEP 1.** Launch command prompt via [[windows:rigutils:windows_tuning:cmd_rigutils.bat|cmd_rigutils.bat]]
-See [[windows:rigutils:windows_tuning:cmd_rigutils.bat|cmd_rigutils.bat]]
 **STEP 2.** Run //AntiVirusTest.bat//
@@ Line 54: / Line 53: @@
 <WRAP half column>
-. Type ''AntiVirusTest.bat'' (case of letters doesn't matter)
+~~#SA~~. Type ''AntiVirusTest.bat'' (case of letters doesn't matter)
-. Press ''Enter''
- <color #ffffff>.</color>
+~~#SA~~. Press ''Enter''
- <WRAP center round tip 90%>
+<WRAP center round tip 90%>
 You may start typing ''Anti'' and then press the ''Tab'' key on your keyboard. //cmd.exe// will search for commands in current directory starting with //Anti// and expand it to it's full name automatically.
 </WRAP>
+~~#SA~~. Confirm your action in this User Account Control dialog by clicking the ''Yes'' button. We will [[windows:tuning:disable_uac|disable]] this annoying ''User Account Control'' messages later.
-. Confirm your action in this User Account Control dialog by clicking the ''Yes'' button. We will [[windows:tuning:disable_uac|disable]] this annoying ''User Account Control'' messages later.
+~~#SA~~. If you see a popup windows with the message ''Hello, this is admin speaking!'' then it means that //AntiVirusTest// passed successfully and you don't have to do anything special about Windows Defender at the moment. Just click ''OK'' and that's it.
-. If you see a popup windows with the message ''Hello, this is admin speaking!'' then it means that //AntiVirusTest// passed successfully and you don't have to do anything special about Windows Defender at the moment. Just click ''OK'' and that's it.
 If you see something different please continue to the next [[#step3|Step 3 "Troubleshooting"]]

Detach Close

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.

Differences

This topic does not exist yet