[German]But that was only a very short guest performance. Microsoft had added this ‘cool’ download feature to its Defender. But security experts wasn’t amused about that. All of a sudden the download feature is gone again …
Defender Download-Feature, that’s what we are talking about
For those blog readers who have not followed it closely, a few short sentences. Microsoft had given Defender a way to download arbitrary files. You can use the command:
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MpCmdRun.exe -DownloadFile -url <url> -path <local-path>
as administrator to download any file with Windows Defender. Microsoft had described the whole thing in this support article in mid-August 2020.
However, this download feature caused more headaches than enthusiasm among security experts. This is a nice feature for malware authors to download their malicious functions. In early September 2020, I addressed the issue in the blog post Security concerns about Microsoft Defender download feature.
It’s gone again …
I just read at Bleeping Computer that Microsoft has removed this feature in the Antimalware Client Version 4.18.2009.2-0 just released. The help does not show the command anymore and when using the option an error is reported. No idea what caused the developers to take this step.