Windows PCs at risk as new tool disarms built-in security

All modern Windows PCs travel with Microsoft Defender built in. For the unaware, this instrumentality is Windows’ autochthonal antivirus. 

Over time, it has matured into a reliable information instrumentality susceptible of blocking a wide scope of threats. However, a instrumentality called Defendnot tin unopen down Microsoft Defender completely, without exploiting a bug oregon utilizing malware. It simply convinces Windows that different antivirus is already running.

The implications are serious. This instrumentality does not interruption into the strategy oregon usage precocious codification injection. It uses Windows features the mode they were designed to beryllium used. And that makes the occupation harder to observe and harder to fix.

Join the FREE "CyberGuy Report": Get my adept tech tips, captious information alerts and exclusive deals, positive instant entree to my free "Ultimate Scam Survival Guide" erstwhile you motion up!

Windows bundle connected a PC (Kurt "CyberGuy" Knutsson)

The instrumentality works by pretending to beryllium an antivirus

Windows is built to debar moving aggregate antivirus products astatine once. When a third-party antivirus registers itself, Windows disables Microsoft Defender to forestall conflicts. Defendnot exploits this system utilizing an undocumented API that information bundle uses to pass with the Windows Security Center.

The instrumentality registers a fake antivirus that appears morganatic to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating wrong this signed process, Defendnot avoids signature checks and support blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without informing oregon confirmation.

WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLE

No information alert is shown to the user. No disposable changes are made to bespeak that the strategy is unprotected. Unless idiosyncratic checks manually, the instrumentality remains unfastened to attacks with nary real-time extortion running.

The instrumentality besides includes options to acceptable a customized antivirus name, alteration logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the idiosyncratic logs in.

Windows bundle connected a laptop (Kurt "CyberGuy" Knutsson)

WINDOWS DEFENDER VS ANTIVIRUS SOFTWARE: FREE PROTECTION FALLS SHORT

From GitHub takedown to a caller build

Defendnot is based connected an earlier task called No-Defender. That task utilized codification from an existent antivirus merchandise to fake registration. It gained attraction rapidly and was removed aft a copyright ailment from the vendor whose codification had been reused. The developer took the task down and walked distant from it.

With Defendnot, the creator rebuilt the halfway features utilizing archetypal code. This mentation avoids copyright issues and uses a caller method to execute the aforesaid effect. It does not trust connected different antivirus oregon third-party binaries. It was written from scratch to show however elemental it is to manipulate Windows information from wrong the system.

Microsoft Defender presently flags the instrumentality arsenic a threat. It detects and quarantines it nether the sanction Win32/Sabsik.FL.!ml. However, the information that it works astatine each points to a weakness successful however Windows handles antivirus registration and trust.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Windows laptop showing the location screen (Kurt "CyberGuy" Knutsson)

DOUBLECLICKJACKING HACK TURNS DOUBLE-CLICKS INTO ACCOUNT TAKEOVERS

6 ways to support yourself from malicious programs

While Defendnot is simply a probe project, there’s a accidental that akin tools are already retired determination and could beryllium utilized to compromise your PC. Here are a fewer tips to assistance you enactment safe:

1. Use beardown antivirus software: Even with regular updates, Windows systems tin beryllium near exposed by tools similar Defendnot that silently disable built-in defenses. A beardown third-party antivirus with real-time extortion and predominant updates provides indispensable backup security. Look for solutions with real-time extortion and predominant updates to tackle emerging threats. Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

2. Limit exposure: Many exploits trust connected idiosyncratic interaction, specified arsenic clicking a shady link, downloading a compromised record oregon mounting an untrusted virtual disk. Stick to reputable websites, debar opening unsolicited email attachments and usage a browser with built-in information features (like Microsoft Edge oregon Chrome with Safe Browsing enabled).

3. Avoid moving unexpected commands: Never paste oregon tally commands (like PowerShell scripts) you don’t recognize oregon that were copied from random websites. Attackers often instrumentality users into unknowingly moving malware this way.

4. Keep your bundle updated: Regularly update your operating system, browsers and each bundle applications. Updates often see patches for information vulnerabilities that malware tin exploit.

5. Use two-factor authentication (2FA): Enable 2FA connected each your accounts. This adds an other furniture of information by requiring a 2nd signifier of verification, making it harder for attackers to summation entree adjacent if they person your password.

6. Invest successful idiosyncratic information removal services: Even with beardown instrumentality security, your idiosyncratic accusation whitethorn inactive beryllium exposed online done information brokers and people-finder sites. These services cod and people details similar your name, code and telephone number, making you an easier people for individuality theft oregon phishing. Automated information removal services way down these sites and taxable removal requests connected your behalf, helping to trim your integer footprint and summation your online anonymity. While they can't erase each hint of your information, they marque it importantly harder for attackers to find and exploit your idiosyncratic data, which saves you clip and reduces unwanted spam successful the process.

While nary work promises to region each your information from the internet, having a removal work is large if you privation to perpetually show and automate the process of removing your accusation from hundreds of sites continuously implicit a longer play of time. Check retired my apical picks for information removal services here.

Get a free scan to find retired if your idiosyncratic accusation is already retired connected the web.

RELENTLESS HACKERS ABANDON WINDOWS TO TARGET YOUR APPLE ID

Kurt’s cardinal takeaway

Defendnot points to a bigger contented with however Windows handles security. It takes a diagnostic meant to forestall bundle conflicts and turns it into a mode to wholly disable protection. The strategy assumes immoderate registered antivirus is legitimate, truthful if attackers tin fake that, they get successful without overmuch resistance.

We often deliberation of information arsenic blocking the atrocious and trusting the good. But this lawsuit shows what happens erstwhile that spot is misplaced. Defendnot doesn’t sneak past Windows defenses. It walks close successful utilizing valid credentials. The solution isn’t conscionable much patches oregon stronger malware signatures. What we request is simply a smarter mode for systems to archer what is really safe.

CLICK HERE TO GET THE FOX NEWS APP

Do you deliberation companies similar Microsoft request to rethink however Windows handles antivirus registration and trust, fixed that tools similar Defendnot tin truthful easy disable built-in protections without utilizing malware oregon exploiting a bug? Let america cognize by penning america at Cyberguy.com/Contact.

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to the most-asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy's exclusive coupons and deals

Copyright 2025 CyberGuy.com. All rights reserved.