What would you like in Windows Defender 2.0?

[Guest]

We're planning for Windows Defender 2.0, and I'd like to gather your
feedback on what the first version doesn't have that it should.

Joe, can we have the floppy drive bug fixed, please? When Defender does a
full scan, towards the end it continually accesses the floppy drive and makes
it buzz, repeatedly, over and over again. This is an old issue, reported
during the beta, and I'm told it can be fixed by putting a blank floppy in
the drive, but I always forget until the confounded buzzing starts.....

 

[Dave M]

Somehow I missed the change to custom scanning in Defender which during
Beta used to do a quick scan first no matter what drive/folder was selected
for the specific custom scan.

Anyway, now that the final version simply scans a selected drive/folder,
how about a context sensitive right click scan from within Windows Explorer
that could invoke an easy to perform WD custom scan in the way that many
competitive AS-products currently do? I generally never use WD for
downloaded installation file scanning because it's cumbersome to invoke
Defender by having to go through the GUI to get to a custom scan,
preferring AVG, SAS, or SS which do have this functionality.

 

[Guest]

However, I bet a filemon trace of what's being touched could settle the
question. Could you use filemon and see what gets touched? If you need
pointers on what I'm asking for, send me a mail.

Thanks Joe. I've now got a copy of filemon, but don't know exactly what to
do with it - so I've sent you an email.

 

[Guest]

Under software explorer, Internet Explorer and Windows Explorer will always
show as "not classified" because of extensions or add-ons. Change Software
Explorer to show which extensions are "not classified". The current
categorization is worthless.

 

[Joe Faulhaber[MSFT]]

Good feedback, thank you.

Under software explorer, Internet Explorer and Windows Explorer will
always
show as "not classified" because of extensions or add-ons. Change
Software
Explorer to show which extensions are "not classified". The current
categorization is worthless.

 

[Robinb]

also in "allow items"
there should be a browse button to link into your C: to allow you to to find
a particular file that you do know is "real" and not spyware and allows you
to put it manually in the list.

Right now you only see in Event Viewer the particular file and WD tells you
it might be a problem, but if it is actually not a spyware and you want it
to allow- there is no way to do this.

Robin

 

[Guest]

We're planning for Windows Defender 2.0, and I'd like to gather your
feedback on what the first version doesn't have that it should.

Just got off the line with support 1031707000. I would really like to leave
"Real time protection" of "Services and Drivers" enabled, but will have to
disable it because of a lack of functionality with this release.

I have services & drivers that update the registry every day. The way it
currently works, a service or driver updates the registry and I am prompted
to either allow or deny the transaction. This is great because I am alerted,
go check out the source of the changes and make my choice. UNFORTUNATELY
there is no Always Allow or Always Deny for these service & driver
transactions.

Please . . . add "always allow" "always deny" so I can turn back on realtime
protection of services & drivers.

Lesson learned for me is to not be complacent during the BETA period. I
thought for sure this would be in the release!

Steve

 

[Paul Baker [MVP, Windows - Networking]]

My first thought is that a service or driver should not be making registry
entries every day. What registry entries is it making?

Paul

 

[Guest]

My first thought is that a service or driver should not be making registry
entries every day. What registry entries is it making?

Which brings up another "would be nice", ability to copy text to the
clipboard.


Recent Frequent Examples:

1 - Publisher=Padus, Inc Checkpoint=Drivers File=...pfc.sys
regkey=HKLM\SYSTEM\CONTROLSET\SERVICES\Racptcmuww
Investigation indicates this is a service used by Nero Burning Rom

2 - Publisher=X-Rite, Inc Checkpoint=Services File=XrUsb.sos
regkey=HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wdmifs
X-Rite makes the colorimeter and color matching software.

3 - Publisher=Not available Checkpoint=Services File=SEQCAL.SYS
regkey=HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Asptomemtuw
Not so sure about this one, but seems to also be related to X-Rite.

I do not have any from Nvidia to share with you, but I frequently get them.

If these are lagit., why cant I "ALWAYS ALLOW" them?

Again, I think that without an "ALWAYS ALLOW" option, your user community
will turn this valuable function off, or since on is the default, your
average user will get fed up and uninstall the software. Dont hear that as a
vote for installing Defender with this realtime function off, but rather as a
suggestion that there should be an "always allow" and "always deny" choice.
Why not?

Steven Bland

 

[Paul Baker [MVP, Windows - Networking]]

So these services are frequently modifying something in the
HKLM\System\CurrentControlSet\Services\<their key> key? Why would they do
that? This is just the configuration of the service, which shouldn't change
except during installation or perhaps by occasional user choice.

I do agree that since badly written software is in abundance and that users
generally want to keep it anyway, some way of reducing these prompts is
necessary. How about if it was per registry value though? One day it might
change a value in this key and you decide it's legitimate, but another day
it might decide to be naughty somewhere else. Or, to put it another way,
"don't ask me about this exact situation again, ask me about variations
though".

Paul

 

[Guest]

So these services are frequently modifying something in the
HKLM\System\CurrentControlSet\Services\<their key> key? Why would they do
that? This is just the configuration of the service, which shouldn't change
except during installation or perhaps by occasional user choice.

I do agree that since badly written software is in abundance and that users
generally want to keep it anyway, some way of reducing these prompts is
necessary. How about if it was per registry value though? One day it might
change a value in this key and you decide it's legitimate, but another day
it might decide to be naughty somewhere else. Or, to put it another way,
"don't ask me about this exact situation again, ask me about variations
though".

Paul

I will take all the control granularity that MS is willing to put into it.