Microsoft’s Windows Defender helps keep pesky viruses and prevents your computer from malicious attacks until the recent update that adds a feature that downloads malware itself. So, what exactly is this feature and is it something to be worried about?
People at the Bleeping Computer reports that one of the recent updates to Microsoft Defender has added a feature that “downloads malware files.” To be precise, Microsoft has updated Antimalware Service Command Line Utility (MpCmdRun.exe) which, as the name suggests, is a command-line utility to keep malware out but instead will now download files remotely.
Reports also said that they were able to download WastedLocker ransomware through the executable file MpCmdRun.exe. As Defender scans for files with Malware and instantly blocks it, it might also do the same with the files that it itself downloads. Hence, there’s no need to be worried about the security of your Windows PC/Laptop.
A Microsoft spokesperson confirmed that “Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature.”
A file when downloaded is scanned and requires access to a local user account. If Defender detects it as a malicious file it will not let it spread to directories with no write privilege. As the attack window is limited with a lot of restrictions and many other criteria to be satisfied, it is safe to say that this update is totally safe.