[TIP] A "new" Microsoft Defender is showing up on my home PCs

[Metanis]

This "new" version of Microsoft Defender was discussed here:

Microsoft Defender for Windows is getting a massive overhaul

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-windows-is-getting-a-massive-overhaul/

www.technibble.com

I guess I missed the news that this is now being pushed to ALL Microsoft 365 users by default and without their permission. This is different than the traditional Windows Security app we all know and love.

My wife called me over to her computer this morning. She had an email from this new Microsoft Defender about a Security Risk that had been allowed on her PC. (Yes, I created an exception years ago for the Fabs folder so that all the Nirsoft utilities wouldn't fail!) This folder exception had existed for many months.

This email message was so vague and uninspiring she considered it a phishing attempt and she's trained to call me over to review such things.

Upon a quick search I realized this was a valid Microsoft product and I proceeded to search for Microsoft Defender on her Windows 10 Pro machine. It immediately began a setup routine. I had to login to her Microsoft Account (even though she already was!) and then it took some installation steps which seemed normal. But then it wanted me to setup OneDrive for a system backup.

Here's the thing, she already has OneDrive and her 50GB of stuff is already successfully backed. But the setup prompt for the "new" Microsoft Defender showed that she had NOTHING backed up and wanted to start the process all over again. I checked the System Tray and OneDrive was enabled and reporting that her files were completely sync'd. No way I wanted to open that can of worms with thousands of duplicate files on a 4Mb DSL uplink. This is the point I bailed and uninstalled Microsoft Defender from her PC. Then I went around and uninstalled it from all my local PCs.

Totally Microsoft BS where the left hand doesn't know what the right hand is doing! And who gives them the right to have my machines report home to the mothership?

Also, try going on-line and finding a real technical discussion of what Microsoft Defender adds to the existing Windows Security app for unmanaged home users. It's like pulling teeth getting a decent and succinct description.

TL/DR... It mostly appears to add reporting to the Microsoft 365 portal and some Experian Identity Theft protection! The best description I found was:

Microsoft Defender will be installed automatically on many Windows devices - gHacks Tech News

Installation of Microsoft 365 applications on Windows devices will soon include the automatic installation of Microsoft Defender on these devices.

www.ghacks.net

It may be benign and even beneficial, but then the implementation needs to be a smarter and better documented!

 

[britechguy]

And who gives them the right to have my machines report home to the mothership?

They do. And I'd have to say that for those of us in this business, telemetry has proven to be a godsend many thousands of times over. I don't see why this is in the slightest bit unexpected at this juncture as telemetry for system health (of all different kinds) is a baseline expectation in 2023, isn't it?

I've got to remember to do what you did for Fabs and for NirLauncher. I happened to download that last night, and unzip it, not expecting Windows defender to go quite so batsh*t crazy as it did about these utilities, which at this juncture are well known quantities I'd have expected to be whitelisted by MS (but, noooooooooo!).

 

[timeshifter]

Just when you thought you've got things figured out and everything is easy for you and your users, something like this comes along. In the long run it will probably be better for everyone. In the meantime it's a learning curve, and another billable opportunity

 

[Sky-Knight]

It's just a rebrand of existing features. And you agreed to the "phoning home" part when you chose to use Windows. Don't like telemetry? Go use Alpine linux or something. It'd better be a stripped down server version, because most of the "user friendly" distributions are doing telemetry now too.

There is NOTHING TO INSTALL, though it appears as such to some degree. This is just rebranding Windows Defender, to Microsoft Defender. Which is REALLY confusing when you're working with the products because these things are all different:

Windows Defender
Microsoft Defender for Endpoint
Microsoft Defender for Cloud
Microsoft Defender for O365

See the oddball here?

There's also Microsoft System Center Endpoint Protection (SCEP).

Everything security in Microsoft land is being rebranded to Microsoft Defender <insert name here>. The Windows Defender that's been a part of Windows 10 since launch is no exception. I'm pretty sure the "install" portion of this process is actually enrolling Defender to the personal Microsoft account's control system. Which would be similar to a standard Intune enrollment.

OneDrive IS NOT A BACKUP, so Microsoft Security Center asking you to configure a backup is welcome, and yes I've seen a few pops on that myself.

Extension of group controls to Home Edition machines is a natural extension of Microsoft Parental Controls built into the platform, and having that controlling Defender endpoints is kind of cool, and news to me.

I have to be honest I'm starting to find this forum exhausting. It's one thing to be ignorant to the constant drum beat of change Microsoft throws out, there's A LOT going on after all. But it's quite another to be upset because Microsoft handed you updated features in effect for free and being bent out of further shape because they dare to try to make a few bucks off you. Welcome to capitalism, get a helmet.

I do have great sympathy for the crap documentation though, because Microsoft documentation is simultaneously really good and really bad.

 

[YeOldeStonecat]

The app is installed as a part of the 365 suite.
Don't confuse it with just the antivirus program, this is the Defender Security, which encompasses much more. And it's a really good thing if you want to use it. You don't have to sign into it to activate it. (although I don't know why you wouldn't!)

Their Defender for Endpoint for 365 Biz Prem subs is really...really incredible. Not just antivirus...but able to touch so many different areas to ensure security, and do a darned good job at it too!

 

[britechguy]

because Microsoft documentation is simultaneously really good and really bad.

You can say that again! My biggest complaint is that they don't seem to be very good about keeping things up to date on the whole. The second biggest is that they seem to create multiple variants (in any class, like targeted at techs, targeted at end users) of documentation for the same thing.

When it comes to MS documentation, a variant on the immortal words of Mae West applies: When it's good, it's very, very good, and when it's bad it's even badder!