In research that is talked about, we now have something that can shut of EDR by triggering something called WER in Windows. This is the windows error reporter, based on what I’m understanding, and this makes sure that the EDR like Defender, Trend Micro and others are completely in a suspended state without the ability of coming back.
If I’m a betting man, someone on staff here will be saying that I should be covering this on a future TSB, and it won’t surprise me if it does after the NCSAM schedule through the month of October.
There are going to be images and a big discussion here on what the research covers, and of course, Microsoft says that Defender is protected although the research says it isn’t … at least in the latest 11 version of windows listed.
New EDR-Freeze tool uses Windows WER to suspend security software < is going to be your article.
Let the games begin with continuing EDR stuff. I believe staff said we wouldn’t be done with this one.
I’ll let the article speak for itself.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.