Threat Watch

Windows Defender Removes Controversial Download Option

Earlier this month, Microsoft met backlash for adding a new “-DownloadFile” command line option to Windows Defender, enabling anyone with some level of access to the system to download files using a trusted application to potentially evade detection. Almost as quickly as it appeared without warning, as of version 4.18.2009.2-0 this feature has been quietly removed. Attempting to use the “-DownloadFile”  option will once again return the message “CmdTool: Invalid command line argument.”

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Defenders can still watch out for attempts to use this option by monitoring process execution events where “MpCmdRun.exe” is being launched with the “-DownloadFile”, “-path” or “-url” arguments. With the feature being removed quickly and quietly, chances are high that any instance of “MpCmdRun.exe” being launched with those three arguments will not be legitimate.

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support