![[The AI Show Episode 148]: Microsoft’s Quiet AI Layoffs, US Copyright Office’s Bombshell AI Guidance, 2025 State of Marketing AI Report, and OpenAI Codex](https://www.marketingaiinstitute.com/hubfs/ep%20148%20cover%20%281%29.png)
![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![How to make Developer Friends When You Don't Live in Silicon Valley, with Iraqi Engineer Code;Life [Podcast #172]](https://cdn.hashnode.com/res/hashnode/image/upload/v1747360508340/f07040cd-3eeb-443c-b4fb-370f6a4a14da.png?#)
-(1).jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.jpg?#)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![What’s new in Android’s May 2025 Google System Updates [U: 5/19]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/google-play-services-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple's iPhone Shift to India Accelerates With $1.5 Billion Foxconn Investment [Report]](https://www.iclarified.com/images/news/97357/97357/97357-640.jpg)
![Apple Releases iPadOS 17.7.8 for Older Devices [Download]](https://www.iclarified.com/images/news/97358/97358/97358-640.jpg)
Defendnot Disarms Windows Defender by Pretending to Be a Friend
The post Defendnot Disarms Windows Defender by Pretending to Be a Friend appeared first on Android Headlines.
A newly developed, sneaky security program called Defendnot can trick and disable Windows Defender, which is built into Windows operating systems. This can happen even if users don’t install any genuine antivirus software, because the tool modifies the system to make Windows recognize it as a real antivirus program. Yeah, with this fake antivirus program, hackers can disable Windows Defender.
Hackers can now disable Windows Defender with Defendnot
This method works through an undocumented API that antivirus software uses to identify itself to the Windows Security Center (WSC). Normally, when an antivirus software identifies itself to the WSC, Microsoft Defender automatically shuts itself down to prevent conflicts.
Security researcher es3n1n developed the tool. Previously, the developer created a tool called no-defender for a similar purpose and used the code of a third-party antivirus software. The tech attracted great interest. After the company filed a complaint, GitHub removed it under the DMCA. This time, the developer created Defendnot by developing the entire infrastructure from scratch to avoid potential copyright issues.
Defendnot injects a specially prepared DLL file into the Taskmgr.exe (Task Manager) process. This process is signed by Microsoft and considered trustworthy, which helps the tool perform the fake antivirus registration. Thanks to this, the tool tricks Windows into thinking an antivirus is present and causes it to disable Defender. As a result, the system continues to work without any active protection.
es3n1n developed Defendnot for research purposes, but attackers can misuse it
Although cybersecurity researchers developed Defendnot for research purposes, we should not forget that malicious actors can misuse it. As we know, scammers try all sorts of methods to steal user data. Unfortunately, this seems to be a potential threat to users’ security systems and, therefore, their private data.
Well, Microsoft Defender now at least flags this sneaky tool called Defendnot as a Trojan, thanks to its machine learning algorithms, and quarantines it immediately.
The post Defendnot Disarms Windows Defender by Pretending to Be a Friend appeared first on Android Headlines.
