Получение Microsoft Security Essentials для предупреждения меня об обнаружении угрозы

1215
oligofren

Есть ли способ заставить Microsoft Security Essentials предупредить меня, когда обнаружена угроза?

Недавно я прошел по вкладке «Журнал» Защитника Windows и обнаружил ряд угроз в карантине, но не знаю, как они туда попали. Что касается будущих событий, я хотел бы выяснить, если и когда я зайду на враждебную веб-страницу, уведомив меня об этом Microsoft Security EssentialsMicrosoft Security Essentials (или какой-либо третьей стороны).

Это возможно? Может быть, какой-то инструмент, который бы отслеживал журнал событий?

1
** Это уже должно по умолчанию. ** По крайней мере, мой делает, сразу после чистой установки операционной системы, и с использованием настроек по умолчанию Ramhound 10 лет назад 0
Хммм ... Я думаю, я никогда не буду рядом, когда все это случится тогда. Я никогда не получал уведомления от защитника Windows, за исключением случая, когда оно каким-то образом было отключено или когда определения вирусов устарели. oligofren 10 лет назад 0

1 ответ на вопрос

1

Microsoft Security Essentials by default briefly notifies you when it finds a threat and automatically takes care of it, the notification only lasts for a few seconds and that's why you probably never noticed it since it could've happened while you were away from your computer - it looks like this :

Automatic alert screenshot

"Detected threats are being cleaned up, no action required."

You can however disable this behavior and have Security Essentials prompt you before any action (it'll still prevent any malicious file from executing so no risk here), to do so open Security Essential's preferences and uncheck this option :

Preferences screenshot

"Apply recommended actions. Protect your computer by applying these actions when potential threats are detected."

This is a bit misleading since it seems like by disabling this the computer won't be safe anymore, but I've tested it (see below) and it still prevents any threat from executing while asking the user what to do, si it's still safe.

Now if a threat is detected, it'll display an alert like this instead :

Manual alert screenshot

"This application has detected a potential threat and has suspended it. Click on "Cleanup computer" to delete it. - Display details - Cleanup computer"

Clicking "Cleanup computer" will automatically delete the threat (equivalent to what it automatically did before), where as clicking "Display details" will open this window and will allow you to choose what to do (quarantine, delete, or allow the file) and get more info about the file itself :

Threat details screenshot

"This application has detected a potential threat that can affect your privacy or damage your computer. Your access to this file may be suspended until you take action. Click on "Display details" for more information..."

If you'd like to safely test this you can use the EICAR test file which is a harmless file but will be detected by all anti-malware programs as an evil and scary virus.

Copy and paste this string :

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Into a text editor (Notepad will do fine) and save it with the .exe extension (don't forget to select "All files" in the file save dialog, if you leave the default "Text files (.txt)" it'll save it as a .exe.txt which isn't what we want).

And there you go, it should automatically trigger your anti-malware program and you shouldn't be able to execute the file (on my system it says Access denied when I try).

Спасибо! Именно то, что мне было интересно. И вы правы в том, что пользователи могут подумать, что опция отключена защита - я сделал :) oligofren 10 лет назад 0

Похожие вопросы