Hey, everyone, welcome back to the course. So in this video, we're gonna go over, uh, doing a configuration change in Windows Defender and trying to copy and paste essentially a potentially malicious file. It's really just an execute herbal for a password cracking tool called Cain and Abel. But we're trying. We're gonna try to copy it from one folder to another and essentially see if Windows Defender picks it up.
So with the configuration change,
we'll see what happens. And then we may have to make some adjustments to actually identify the file. First things first, we're gonna go ahead and make sure that the Windows Defender gooey is actually installed on this particular machine. So here, inside a power shell, we're just gonna run the get Windows feature. We're going to specify the name. And of course, it's gonna be the Windows defender gooey. So we're gonna run this command and see if the gooey is actually installed.
Alright, so we see that the Windows defender gooey is installed, which is what we expect for this particular environment. Now we're gonna see if the wind defend services running so we'll do the get service, command and power shell and wind defend. And so we see that, yes, the wind defense service is running, so we're all set. Now, let's go ahead and launch Windows Defender.
Once we launch it, we'll get this little pop up here. We're just gonna close that out real quick, and then we wanna go ahead to our settings and we're gonna add an exclusion for a particular folder. So this folder is gonna be undersea users, administrator documents, and then the folder name is security tools.
So let's go ahead and select at exclusion
going to exclude the float folder, and then we just simply navigate to that location.
All right, We select security tools,
and then we can go ahead and exclude that folder.
What that basically means is that if we run a scan with Windows Defender, anything in that folder is not going to be scanned.
All right, so now we're just gonna copy and paste that file I mentioned into our security tools folder. So we're just gonna grab that can enable execute herbal. We're gonna paste it in their Typically, if Windows Defender was scanning this folder, it would pick up on that and say, Wait a minute. That looks potentially dangerous.
But since we went ahead and out of that exclusion is not picking up under security tools folder.
So if we run a quick scan here with Windows Defender,
you'll notice that we won't find that file. It's not gonna scan that folder again because we have the exclusion. So if we just run a quick scan here is not gonna pick up on that file.
And as you see, the results are Hey, everything's fine on your computer. Now we know that there is a potentially moves just file on the computer because we put it there. So let's go back to settings here and now. We're gonna go ahead and remove that exclusion that we had on that particular folder. So we'll go here to exclusions,
and we're just gonna select on that exclusion we have and Cindy simply select the remove option there.
So now if we come back to our Windows defender and actually running custom scan just on that folder area itself just to save us a little bit of time, so we're gonna navigate to see we'll go to users.
Well, then go to administrator will go to our Documents folder, and then we'll also select the Security Tools folder, and we'll just say, Okay, and that will go ahead. Scan. Basically the parent folder there, which is administrator and the other folders as well,
should only take a few seconds here, and we should get a results back. And you see here now because we took away that exclusion. It's detecting that potentially harmful file
on our system. So if you go down to show details, you'll see that there is the execute, a bill that we're trying to copy and paste.
And we have an option to remove that because, hey, it's a potentially a hacking tool, which we know it is a hacking tool because it's a password cracker. So in this video, just want to give you a brief demonstration of configuration and Windows defender. So if we put exclusions in place, it may not scan those particular areas, and that is an option for potentially malicious software to get in.
This is a potential tasks that you may have as a system administrator