{"id":724,"date":"2020-09-21T13:04:38","date_gmt":"2020-09-21T18:04:38","guid":{"rendered":"http:\/\/williamscomputers.com\/?p=724"},"modified":"2020-09-21T13:04:40","modified_gmt":"2020-09-21T18:04:40","slug":"windows-defender-removes-controversial-download-option","status":"publish","type":"post","link":"https:\/\/williamscomputers.com\/?p=724","title":{"rendered":"Windows Defender Removes Controversial Download Option"},"content":{"rendered":"\n<p>Earlier this month, Microsoft met backlash for adding a new \u201c-DownloadFile\u201d command line option to Windows Defender, enabling anyone with some level of access to the system to download files using a trusted application to potentially evade detection. Almost as quickly as it appeared without warning, as of version 4.18.2009.2-0 this feature has been quietly removed. Attempting to use the \u201c-DownloadFile\u201d &nbsp;option will once again return the message \u201cCmdTool: Invalid command line argument.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ANALYST NOTES<\/h2>\n\n\n\n<p>Defenders can still watch out for attempts to use this option by monitoring process execution events where \u201cMpCmdRun.exe\u201d is being launched with the \u201c-DownloadFile\u201d, \u201c-path\u201d or \u201c-url\u201d arguments. With the feature being removed quickly and quietly, chances are high that any instance of \u201cMpCmdRun.exe\u201d being launched with those three arguments will not be legitimate. Source: https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-removes-windows-defender-ability-after-security-concerns\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this month, Microsoft met backlash for adding a new \u201c-DownloadFile\u201d command line option to Windows Defender, enabling anyone with some level of access to the system to download files using a trusted application to potentially evade detection. Almost as quickly as it appeared without warning, as of version 4.18.2009.2-0 this feature has been quietly [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-724","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/posts\/724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=724"}],"version-history":[{"count":1,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/posts\/724\/revisions"}],"predecessor-version":[{"id":725,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/posts\/724\/revisions\/725"}],"wp:attachment":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}