Patch Lady here – Tonight I was poking around my older Surface that is running the insider version and the about section clearly now says 1809. I wen
[See the full post at: Patch Lady – what’s not in 1809]
Susan Bradley Patch Lady/Prudent patcher
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » Patch Lady – what’s not in 1809
Tags: Patch Lady Posts Win10 1809
Patch Lady here – Tonight I was poking around my older Surface that is running the insider version and the about section clearly now says 1809. I wen
[See the full post at: Patch Lady – what’s not in 1809]
Susan Bradley Patch Lady/Prudent patcher
Nah, it’s just a subset of Windows Defender Advanced Threat Protection, which normally only works with Windows 10 Enterprise. The feature does stuff like:
It’s pretty sensible for home users, but does come with the risk of breaking legitimate use cases.
Microsoft claims:
You can enable a new protection setting, Block suspicious behaviors, which brings Windows Defender Exploit Guard attack surface reduction technology to all users.
The above notably does NOT say that “Block Suspicious Behaviors” and “Attack Surface Reduction” are one and the same – but they’re clearly related.
Apparently a focus of Attack Surface Reduction is to block the automatic download/run of malware through Office. At first glance that seems like a good idea, but don’t forget that it will stand in your way if you’re legitimately trying to do something it doesn’t like – e.g., mail a .zip file – to someone. The features being blocked were added to make systems more functional, and people learned to use them.
I wonder:
Does the removal of the settable option from v1809 mean it’s now always off, or always on?
What’s different between “Block Suspicious Behaviors” and the various other well-documented anti-exploit features? Are there key additional functionalities blocked because it’s considered an “end user/home OS” vs. “business (Enterprise) OS”? I.e., is this another case where “Pro” really isn’t professional after all?
In the process of reducing the likelihood that computer-ignorant masses will propagate malware, is Microsoft making Windows incapable of doing powerful or sophisticated computing operations? This is a case where details really will matter.
I’m always concerned that something they change in the name of “security” is going to break an ability to do legitimate activities, without reasonable workarounds.
-Noel
Microsoft claims:
You can enable a new protection setting, Block suspicious behaviors, which brings Windows Defender Exploit Guard attack surface reduction technology to all users.
The above notably does NOT say that “Block Suspicious Behaviors” and “Attack Surface Reduction” are one and the same – but they’re clearly related.
Microsoft’s documentation clarifies that “Block Suspicious Behaviors” is just a friendly name for the “Windows Defender Exploit Guard attack surface reduction technology.”
What is the New “Block Suspicious Behaviors” Feature in Windows 10? (first link in Susan’s post)
Apparently a focus of Attack Surface Reduction is to block the automatic download/run of malware through Office. At first glance that seems like a good idea, but don’t forget that it will stand in your way if you’re legitimately trying to do something it doesn’t like – e.g., mail a .zip file – to someone. The features being blocked were added to make systems more functional, and people learned to use them.
Where is there any hint that “Block Suspicious Behaviors” would block an emailed .zip file?
If Block Suspicious Behaviors blocks an action you need to regularly perform, you can return here and disable it. However, the blocked behaviors are not common in normal PC usage.
What is the New “Block Suspicious Behaviors” Feature in Windows 10? (first link in Susan’s post)
I wonder:
Does the removal of the settable option from v1809 mean it’s now always off, or always on?
Off. The feature was temporarily removed, not just the on/off switch (which was off by default).
What’s different between “Block Suspicious Behaviors” and the various other well-documented anti-exploit features?
Attack Surface Reduction disables potentially dangerous features at a higher level.
What is the New “Block Suspicious Behaviors” Feature in Windows 10? (first link in Susan’s post)
Are there key additional functionalities blocked because it’s considered an “end user/home OS” vs. “business (Enterprise) OS”?
No.
I.e., is this another case where “Pro” really isn’t professional after all?
No.
In the process of reducing the likelihood that computer-ignorant masses will propagate malware, is Microsoft making Windows incapable of doing powerful or sophisticated computing operations?
No.
I’m always concerned that something they change in the name of “security” is going to break an ability to do legitimate activities, without reasonable workarounds.
The reasonable workaround is to not switch it on in the first place, or to switch it off as required.
Thanks for that info , I was wondering why ‘Block Suspicious Behaviors’ was missing from 1809.
I also found that ‘Memory Integrity’ can’t be enabled in 1809 anymore either. After putting the setting in the Windows Defender UI in 1803, it seems Microsoft have now decided to change the requirements to be able to enable HVCI. The only info I can find is below, but it doesn’t give any explanation for the mandatory requirements change (or how to check if you have UEFI MAT):
‘Enabled the “Require UEFI Memory Attributes Table” option’
Edit to remove HTML
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.
Notifications