'Hidden' update button

[Joe Faulhaber[MSFT]]

Some answers for you, Alan:

Those zillions of Defender checkpoints still aren't completely understood by
us, but we've made a bunch of changes in house that should fix them for our
next set of bits...we're going to only do one checkpoint a day (the released
bits max is one/hour), and they should ONLY be snapped before cleaning
threats, right now they're snapped when taking any action on unknowns or
threats, and we're still not sure how scanning is creating checkpoints. So
those are lame, and we're going to change them. We have a KB on how to turn
the darn things off from WD, I can't find it right now, I'll look it up.

The bad guys have written a bunch of tools so when patch Tuesday rolls
around, they can quickly write exploits for whatever just got fixed. So
we're tending to see exploits come out for many vulnerabilities only _after_
the patch is issued. And then we're in a race to update everybody before
the bad guys get to unpatched machines. It's a darn tough problem to solve,
too - of course not having the vulnerability in the first place is the best
fix.

Regards,
Joe

 

[robin]

will these changes go into definitions on our beta 2? (especially the system
restore ones?) and can you let us know when we will see them so we can give
you feedback and tell you if there is now a difference? and please find the
KB so some of us who do not want to do a registry change can do it via a
patch?

Also is it possible because we are in beta you can post when definitions are
updated exactly what is in them so again we can give you feedback on them?

thanks
Robin

 

[Guest]

Some answers for you, Alan:

Those zillions of Defender checkpoints still aren't completely understood by
us, but we've made a bunch of changes in house that should fix them for our
next set of bits...we're going to only do one checkpoint a day (the released
bits max is one/hour), and they should ONLY be snapped before cleaning
threats, right now they're snapped when taking any action on unknowns or
threats, and we're still not sure how scanning is creating checkpoints. So
those are lame, and we're going to change them. We have a KB on how to turn
the darn things off from WD, I can't find it right now, I'll look it up.

That's excellent, and urgently needed news. I don't know what a KB is, but I
hope it's not that registry edit, is it? I can't do that. But if there is
some other way to turn them off (other than disabling RTP) I'd love to know
how. (What is a KB please, someone?)

The bad guys have written a bunch of tools so when patch Tuesday rolls
around, they can quickly write exploits for whatever just got fixed. So
we're tending to see exploits come out for many vulnerabilities only _after_
the patch is issued. And then we're in a race to update everybody before
the bad guys get to unpatched machines. It's a darn tough problem to solve,
too - of course not having the vulnerability in the first place is the best
fix.

Perfect explanation. Even I could understand it. Thanks.

 

[robin]

kb is normally a patch/security update
you will see a update like KB810202 (that is not real just an example)
robin

 

[andre]

Typically "KB" in Microsoft-esse refers to the Microsoft Knowledge Base -
which contains articles/fixes/workaround for many problem with Microsoft
products. Still a very good place to go, before Google,
http://support.microsoft.com/search/?adv=0.

HTH

 

[Guest]

Ah! Thanks robin and andre. So a patch is made usually in response to an item
in the MS Knowledge base... hence the KB code for the patch? But an entry in
the knowledge base may not necessarily lead to a patch?

Well then yes, we definitely want one of those if it's n update patch,
please, but not if it's just that old registry fix again! Can't handle that.

 

[Robin]

i think they should fix this in a definintion update in the beta 2 now
robin

 

[Dave M]

spyware signature definition updates fixing system restore checkpoints...
interesting!

 

[Bill Sanderson MVP]

Joe--has that KB article been released publically? I'd be interested to see
it, because the steps are somewhat involved because of the security around
Windows Defender's keys. I've got my own version which I've posted a few
times, based on Steve Dodson's initial post, but I don't like it much.