Researchers have developed a method for bypassing Windows Defender that will allow any malware to execute on a Windows machine. Microsoft, meanwhile, has told the experts that it does not see this as a security issue and will not address the problem in its native antimalware protection.
Microsoft said in a response provided to Threatpost:
“The technique described has limited practical applicability. To be successful, an attacker would first need to convince a user to give manual consent to execute an unknown binary from an untrusted remote location. The user would also need to click through additional warnings in order to grant the attacker Administrator privileges. Should the attacker successfully convince a user to carry out the manual steps mentioned, Windows Defender Antivirus and Windows Defender Advanced Threat Protection will detect further actions by the attacker.”
The bypass involves the use of a custom-built SMB server, tricking Windows Defender into scanning a benign file, and executing a malicious one instead that is passed to the operating system.
Source: Threatpost Windows Defender Bypass Tricks OS into Running Malicious Code
