Windows Defender Configuration Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 41 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Hey everyone. Welcome back to the course.
00:00
In this video, we're going to go
00:00
over doing a configuration change in
00:00
Windows Defender and trying to copy and
00:00
paste essentially a potentially malicious file.
00:00
It's really just an executable for
00:00
a password cracking tool called Cain and Abel.
00:00
But we're going to try to copy it from one folder to
00:00
another and essentially see
00:00
if Windows Defender picks it up.
00:00
With the configuration change,
00:00
we'll see what happens and then we may have to make
00:00
some adjustments to actually identify the file.
00:00
First things first, we're going
00:00
to go ahead and make sure that
00:00
the Windows Defender GUI is actually
00:00
installed on this particular machine.
00:00
Here inside a PowerShell,
00:00
we're just going to run the Get-WindowsFeature.
00:00
We're going to specify the name,
00:00
and of course it's going to be the Windows Defender GUI.
00:00
We're going to run this command and
00:00
see if the GUI is actually installed.
00:00
We see that the Windows Defender GUI is installed,
00:00
which is what we expect for this particular environment.
00:00
Now we're going to see if
00:00
the WinDefend service is running.
00:00
We'll do the Get-Service command
00:00
and PowerShell and WinDefend.
00:00
We see that yes, the WinDefend service is running.
00:00
We're all set now, let's go
00:00
ahead and launch Windows Defender.
00:00
Once we launched, it will get this little pop-up here.
00:00
We're just going to close that out real quick.
00:00
Then we want to go ahead to
00:00
our Settings and we're going to add
00:00
an exclusion for a particular folder.
00:00
This folder is going to be under C,
00:00
Users, Administrator, Documents,
00:00
and then the folder name is Security Tools.
00:00
Let's go ahead and select "Add exclusion".
00:00
We're going to exclude the folder.
00:00
Then we just simply navigate to that location.
00:00
We select security tools and
00:00
then we can go ahead and exclude that folder.
00:00
What that basically means
00:00
is that if we run a scan with Windows Defender,
00:00
anything in that folder is not going to be scanned.
00:00
Now we're just going to copy and paste that file I
00:00
mentioned into our Security Tools folder.
00:00
We're just going to grab that Cain and Abel
00:00
executable, we're going to paste it in there.
00:00
Typically, if Windows Defender was scanning this folder,
00:00
it would pick up on that and say, "Wait a minute,
00:00
that looks potentially dangerous."
00:00
But since we went ahead and added that exclusion,
00:00
it's not picking up under security tools folder.
00:00
If we run a quick scan here with Windows Defender,
00:00
you'll notice that we won't find that file,
00:00
that it's not going to scan that folder
00:00
again because we have the exclusion.
00:00
If we just run a quick scan here,
00:00
it's not going to pick up on that file.
00:00
As you see, the results are,
00:00
hey, everything's fine on your computer.
00:00
Now we know that there is
00:00
a potentially malicious file
00:00
on the computer because we put it there.
00:00
Let's go back to Settings
00:00
here and now we're going to go ahead and
00:00
remove that exclusion that we
00:00
had on that particular folder.
00:00
I'm going to go up here to Exclusions.
00:00
We're just going to select on that Exclusion.
00:00
Simply select the Remove option there.
00:00
Now if we come back
00:00
to our Windows Defender and actually run
00:00
a custom scan just on that folder area itself,
00:00
just to save us a little bit of time.
00:00
We're going to navigate through C,
00:00
we'll go to Users, we'll then go to Administrator,
00:00
we'll go to our Documents folder and then
00:00
we'll also select the Security Tools folder.
00:00
We'll just say "Okay" and that'll go ahead and scan
00:00
basically the parent folder there,
00:00
which is Administrator and the other folders as well.
00:00
Should only take a few seconds here
00:00
and we should get our results back.
00:00
You see here now, because we took away that exclusion,
00:00
it's detecting
00:00
that potentially harmful file on our system.
00:00
If we go down to Show Details,
00:00
you'll see that there is
00:00
the executable that we were trying to
00:00
copy and paste and we
00:00
have an option to remove that because hey,
00:00
it's a potentially a hacking tool;
00:00
which we know it is acting tool
00:00
because it's a password cracker.
00:00
In this video, just wanted to give you
00:00
a brief demonstration of
00:00
configuration in Windows Defender.
00:00
If we put exclusions in place,
00:00
it may not scan those particular areas
00:00
and that is an option for
00:00
potentially malicious software to get in.
00:00
This is a potential task that you
00:00
may have as a system administrator.
Up Next