Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – Defender makes a change

    Posted on March 9th, 2018 at 01:23 Susan Bradley Comment on the AskWoody Lounge

    So earlier I was helping on a thread in the forum about some issues with failing defender updates on Small Business Server 2011 platforms. [For anyone who is interested, SBS 2011 was once a featured small business platform that provide file server and email services for small businesses – this was pre-cloud, you know].  The symptoms that was reported that defender updates were failing.  Well first I was scratching my head because Defender wasn’t installed by default on Server platforms back then. While Server 2016 now ships with Windows Defender enabled, Server 2008 R2 – of which SBS 2011 was based – didn’t have Defender installed.  I realized after doing some searching and confirming with the people in the forum that Defender COULD get on Server 2008 R2 if one enabled the Desktop Experience role.  And that role would be wanted if you wanted to run disk cleanup on Server 2008 R2 (note you also get this on Server 2008 R2 by copying  some files to get it to work as well).

    So the question came up as to what exactly changed in Windows defender to suddenly make the definition updates fail on Server 2008 r2 whereas before it once worked?  And then in the dark recesses of my mind it hit me.  Yes.  Defender HAD made a big change.  And quite recently in fact, thus triggering this failure.

    As noted back in January,

    Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal.

    AH HA, that explains the recent change.

    If you happen to be a Small Business Server 2011 admin and notice that defender updates are failing, I would honestly just disable the service and then look for a third party antivirus to install on your server, as I stated in the forum, and I truly mean no disrespect, SBS 2011 is in extended support and defender was not meant in that era to be installed on Server 2008 R2.  Getting a fix would not be what I expect from Microsoft’s support policies for this product.

    For the rest of us on windows 7, 8.1 and 10, be aware that effective March 1, 2018, if you happen to be running Windows defender on Windows 10 or Microsoft Security Essentials, any software that tries to trick you will be detected and removed.

    As defined by Microsoft:

    Software that coerces users may display the following characteristics, among others:

    • Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.
    • Suggests that no other actions will correct the reported errors or issues
    • Requires the user to act within a limited period of time to get the purported issue resolved

    So look for more alerts on your system as these software programs get detected.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Patch Lady – Defender makes a change

    This topic contains 6 replies, has 6 voices, and was last updated by  PerthMike 3 months, 1 week ago.

    • Author
      Posts
    • #173906 Reply

      Susan Bradley
      AskWoody MVP

      So earlier I was helping on a thread in the forum about some issues with failing defender updates on Small Business Server 2011 platforms. [For anyone
      [See the full post at: Patch Lady – Defender makes a change]

      Susan Bradley Patch Lady

      1 user thanked author for this post.
    • #173913 Reply

      Ascaris
      AskWoody MVP

      Just a quick note regarding this excerpt:

      For the rest of us on windows 7, 8.1 and 10, be aware that effective March 1, 2018, if you happen to be running Windows defender on Windows 10 or Microsoft Security Essentials, any software that tries to trick you will be detected and removed.

      Windows 8.1 also uses Defender as the full-on antimalware, not MSE.

      1 user thanked author for this post.
    • #174075 Reply

      amraybt
      AskWoody Lounger

      https://www.microsoft.com/en-us/wdsi/antimalware-support/malware-and-unwanted-software-evaluation-criteria

      Unwanted behavior: lack of choice

      Under this new protection will MSE/Defender be removing Windows 10 OS from PCs that were forced onto 1709? 😉

      Jokes aside those evaluation criteria seem quite vague and broad. It also appears that “unwanted software” will be removed without first notifying the user. Plenty of software come with bundles or ads for their other products, such as Auslogics Disk Defrag. I fear many false positives getting detected and suddenly removed without user knowledge. Malwarebytes doesn’t like Auslogics and classifies some reg keys or dlls as PUPs, but at least I can tell it to ignore those and not take action.

      I use Defender on 8.1. Last week I started using Avast on 7 but after 4-5 days I ran into an issue and had to uninstall Avast (may have to explain/inquire in a separate topic when I get the chance), so for now I’m using MSE on 7 but want to get away from MSE and WD eventually.

      Ideally users would have the option to enable/disable these new anti-“unwanted software” protections separately from the core real-time protection against malware, rootkits, etc., but I’m not sure if that’s feasible.

      -- Lifelong member of Group B, currently on Group W sidelines --
      Win 7 Pro x64 desktop (Haswell CPU, AMD GPU)
      Win 8.1 Home/Basic x64 laptop (Haswell CPU, Nvidia GPU)

      • This reply was modified 3 months, 1 week ago by  amraybt.
      • This reply was modified 3 months, 1 week ago by  amraybt.
      • This reply was modified 3 months, 1 week ago by  amraybt.
      • This reply was modified 3 months, 1 week ago by  amraybt.
      • This reply was modified 3 months, 1 week ago by  amraybt.
      2 users thanked author for this post.
      • #174217 Reply

        Cascadian
        AskWoody Lounger

        The irony is running a bit deep. I’m not sure my boots are high enough, may need waders. All the glass at Microsoft must be clear, their Windows do not reflect their own image back for them to recognize where they do the same coercive tactics.

        2 users thanked author for this post.
    • #174099 Reply

      anonymous

      Like I said before, as long as Windows Defender turns itself off and stays in the closet when third-party antiviruses are installed, I am happy.

      Kaspersky does display notifications asking you to pay to renew your license when it’s about to expire, though. Wouldn’t it be simply ironically amusing (and really, really devastating and problematic) if Windows Defender deleted Kaspersky for that? Would that be a breach of anti-competition laws? (I’m no lawyer)

      Once again, Microsoft going about their ridiculous scheme to tell users that “We know what’s best for you so just use our products and you don’t need to use anything else”. Um, yeah, no.

    • #174122 Reply

      anonymous

      I have Windows Home Server 2011 which is based on Server 2008 R2 and have Windows Defender on the machine.  I didn’t install it but its there and is updating.  It would not set the reg key, so I had to do that manually to get Windows Updates to keep working.

    • #174804 Reply

      PerthMike
      AskWoody Lounger

      “Software that tries to trick you”? Oh, so it’ll also block any forced upgrades? (Yes, I’m being facetious, but obviously nobody at Microsoft the irony patch installed in their brains.)

      No matter where you go, there you are.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – Defender makes a change

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: