As one of the leading security solutions, Microsoft’s Windows Defender must ensure that users are protected. It cannot be exposed to problems or have known and ready-to-exploit flaws.
So, because of this situation, Microsoft decided to deal with a well-identified problem. It did it silently and now it is no longer possible to know and bypass the list of exclusions that Windows Defender offers to users.
A known Microsoft issue
Windows Defender has been present in Windows for some time now and is probably the most used solution on this system. With many protection capabilities, it assures users that their systems are problem-free.
One of the most recent problems allowed anyone to see the exclusion list of this antivirus. This allowed potentially dangerous files to be placed there and thus escape the analysis and protection applied and expected.
Did Microsoft finally change the default behavior of Windows Defender?
It appears that exclusions can now only be viewed with admin rights (instead of all users). DC: @GossiTheDog pic.twitter.com/lWFdOMqXsK- CISOwithHoodie (@SecGuru_OTX) February 10, 2022
Windows Defender is thus more secure
Microsoft has now decided to remove this flaw and thus deal with an issue it had in Windows Defender. dealt with this situation very quietly and without prior notice to users. This situation arose with the installation of February's Patch Tuesday, but there are those who have it in mind in isolation.
What you see now is completely different from what was there before. Users without permissions can no longer see the exclusion list and which folders are excluded from Windows Defender scanning, thus increasing the protection offered by Microsoft.
Yes, confirmed on mine as well. After applying the February 22 patch, everyone's SID was removed from the ACL. Tested on Win10 20H2.
— Antonio Cocomazzi (@splinter_code) February 10, 2022
Security thus returns to the most used system
The message now for those who consult this list is that they do not have permission to do so. The Windows Defender interface itself also presents this indication, displaying a message alerting you to the lack of permissions to view this page.
This is an excellent change that Microsoft has prepared. This resolved a security issue affecting Windows Defender and provided more protection for users. He did it quietly, probably so that everyone could apply the change and thus be protected.
-
