After installing the Windows 10 February security updates, an unprivileged user can no longer view all folders in the system that Microsoft Defender Antivirus does not scan, as well as files, extensions, or processes specified as exceptions in the program settings.

According to Bleeping Computer, Microsoft has fixed a vulnerability in the Microsoft Defender antivirus application. Due to this issue, any Windows 10 user, including enterprise editions, could see the scan exclusion list. Now it is available only to the administrator.

Previously, regardless of their access levels on the system, a local Windows 10 user could run the reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /s command from the command line, which will list all folders on the system that Microsoft Defender Antivirus does not check , as well as files, extensions or processes specified as exceptions in the application settings. In such folders, for example, you can store and run ransomware. In this case, Microsoft Defender will not react to this and will not show any warnings.

Microsoft did not explain in which particular security update this bug was fixed. Developer Will Dormann discovered that permission settings changed on his system in February, and without installing Windows 10 updates. He suggested that in this case, Microsoft fixed the vulnerability through a Microsoft Defender signature update.

On January 13, information security experts spoke about a local vulnerability in the Microsoft Defender antivirus application. Any Windows 7 and 10 user could see the scan exclusion list using the reg query command and a specific key in the registry. It turned out that this problem is already more than 8 years old. Microsoft initially fixed it in Windows 11, and now the vulnerability is closed for exploitation in Windows 10 versions 21H1 and 21H2.

bbabo.Net