Windows Defender Configuration Demo

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Introduction to IT & Cybersecurity

Course

Time

1 hour 41 minutes

Difficulty

Beginner

Video Transcription

00:00

>> Hey everyone. Welcome back to the course.

00:00

In this video, we're going to go

00:00

over doing a configuration change in

00:00

Windows Defender and trying to copy and

00:00

paste essentially a potentially malicious file.

00:00

It's really just an executable for

00:00

a password cracking tool called Cain and Abel.

00:00

But we're going to try to copy it from one folder to

00:00

another and essentially see

00:00

if Windows Defender picks it up.

00:00

With the configuration change,

00:00

we'll see what happens and then we may have to make

00:00

some adjustments to actually identify the file.

00:00

First things first, we're going

00:00

to go ahead and make sure that

00:00

the Windows Defender GUI is actually

00:00

installed on this particular machine.

00:00

Here inside a PowerShell,

00:00

we're just going to run the Get-WindowsFeature.

00:00

We're going to specify the name,

00:00

and of course it's going to be the Windows Defender GUI.

00:00

We're going to run this command and

00:00

see if the GUI is actually installed.

00:00

We see that the Windows Defender GUI is installed,

00:00

which is what we expect for this particular environment.

00:00

Now we're going to see if

00:00

the WinDefend service is running.

00:00

We'll do the Get-Service command

00:00

and PowerShell and WinDefend.

00:00

We see that yes, the WinDefend service is running.

00:00

We're all set now, let's go

00:00

ahead and launch Windows Defender.

00:00

Once we launched, it will get this little pop-up here.

00:00

We're just going to close that out real quick.

00:00

Then we want to go ahead to

00:00

our Settings and we're going to add

00:00

an exclusion for a particular folder.

00:00

This folder is going to be under C,

00:00

Users, Administrator, Documents,

00:00

and then the folder name is Security Tools.

00:00

Let's go ahead and select "Add exclusion".

00:00

We're going to exclude the folder.

00:00

Then we just simply navigate to that location.

00:00

We select security tools and

00:00

then we can go ahead and exclude that folder.

00:00

What that basically means

00:00

is that if we run a scan with Windows Defender,

00:00

anything in that folder is not going to be scanned.

00:00

Now we're just going to copy and paste that file I

00:00

mentioned into our Security Tools folder.

00:00

We're just going to grab that Cain and Abel

00:00

executable, we're going to paste it in there.

00:00

Typically, if Windows Defender was scanning this folder,

00:00

it would pick up on that and say, "Wait a minute,

00:00

that looks potentially dangerous."

00:00

But since we went ahead and added that exclusion,

00:00

it's not picking up under security tools folder.

00:00

If we run a quick scan here with Windows Defender,

00:00

you'll notice that we won't find that file,

00:00

that it's not going to scan that folder

00:00

again because we have the exclusion.

00:00

If we just run a quick scan here,

00:00

it's not going to pick up on that file.

00:00

As you see, the results are,

00:00

hey, everything's fine on your computer.

00:00

Now we know that there is

00:00

a potentially malicious file

00:00

on the computer because we put it there.

00:00

Let's go back to Settings

00:00

here and now we're going to go ahead and

00:00

remove that exclusion that we

00:00

had on that particular folder.

00:00

I'm going to go up here to Exclusions.

00:00

We're just going to select on that Exclusion.

00:00

Simply select the Remove option there.

00:00

Now if we come back

00:00

to our Windows Defender and actually run

00:00

a custom scan just on that folder area itself,

00:00

just to save us a little bit of time.

00:00

We're going to navigate through C,

00:00

we'll go to Users, we'll then go to Administrator,

00:00

we'll go to our Documents folder and then

00:00

we'll also select the Security Tools folder.

00:00

We'll just say "Okay" and that'll go ahead and scan

00:00

basically the parent folder there,

00:00

which is Administrator and the other folders as well.

00:00

Should only take a few seconds here

00:00

and we should get our results back.

00:00

You see here now, because we took away that exclusion,

00:00

it's detecting

00:00

that potentially harmful file on our system.

00:00

If we go down to Show Details,

00:00

you'll see that there is

00:00

the executable that we were trying to

00:00

copy and paste and we

00:00

have an option to remove that because hey,

00:00

it's a potentially a hacking tool;

00:00

which we know it is acting tool

00:00

because it's a password cracker.

00:00

In this video, just wanted to give you

00:00

a brief demonstration of

00:00

configuration in Windows Defender.

00:00

If we put exclusions in place,

00:00

it may not scan those particular areas

00:00

and that is an option for

00:00

potentially malicious software to get in.

00:00

This is a potential task that you

00:00

may have as a system administrator.

Up Next

Introduction to Becoming a Network Administrator

Wireshark Demo

Introduction to Becoming an Incident Responder

10m

PCAP Analysis with Wireshark Demo

Introduction to Becoming a Penetration Tester

11m

View All

Instructed By

Ken Underhill

Senior Instructor