All modern Windows PCs come with Microsoft Defender built in. For the unaware, this tool is Windows’ native antivirus.
Over time, it has matured into a reliable security tool capable of blocking a wide range of threats. However, a tool called Defendnot can shut down Microsoft Defender completely, without exploiting a bug or using malware. It simply convinces Windows that another antivirus is already running.
The implications are serious. This tool does not break into the system or use advanced code injection. It uses Windows features the way they were designed to be used. And that makes the problem harder to detect and harder to fix.
Windows software on a PC (Kurt “CyberGuy” Knutsson)
The tool works by pretending to be an antivirus
Windows is built to avoid running multiple antivirus products at once. When a third-party antivirus registers itself, Windows disables Microsoft Defender to prevent conflicts. Defendnot exploits this system using an undocumented API that security software uses to communicate with the Windows Security Center.
The tool registers a fake antivirus that appears legitimate to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating inside this signed process, Defendnot avoids signature checks and permission blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without warning or confirmation.
WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLE
No security alert is shown to the user. No visible changes are made to indicate that the system is unprotected. Unless someone checks manually, the machine remains open to attacks with no real-time protection running.
The tool also includes options to set a custom antivirus name, enable logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the user logs in.
Windows software on a laptop (Kurt “CyberGuy” Knutsson)
WINDOWS DEFENDER VS ANTIVIRUS SOFTWARE: FREE PROTECTION FALLS SHORT
From GitHub takedown to a fresh build
Defendnot is based on an earlier project called No-Defender. That project used code from an actual antivirus product to fake registration. It gained attention quickly and was removed after a copyright complaint from the vendor whose code had been reused. The developer…
Click Here to Read the Full Original Article at FOX News : Tech…