"Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. When BleepingComputer contacted Microsoft about this issue they provided a statement repeating what we already reported above.
With this discovery, administrators and blue teamers now have an additional Windows executable that they need to monitor so that it is not used against them. The good news is that Microsoft Defender will detect malicious files downloaded with MpCmdRun.exe, but it is unknown if other AV software will allow this program to bypass their detections. In tests conducted by, this feature was added to Microsoft Defender in version .9 or .9.ĭownloading ransomware with Microsoft Defender This directive allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using the following command: MpCmdRun.exe -DownloadFile -url -path Microsoft Defender can be used as a LOLBINĭiscovered by security researcher Mohammad Askar, a recent update to Microsoft Defender's command-line tool now includes a new -DownloadFile command-line argument. With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers. In a recent Microsoft Defender update, the command-line MpCmdRun.exe tool has been updated to include the ability to download files from a remote location, which could be abused by attackers. Legitimate operating system files that can be abused for malicious purposes are known as living-off-the-land binaries or LOLBINs. A recent update to Windows 10's Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer.
0 kommentar(er)
