
Microsoft says that Defender file download feature is not a risk - knaik94
https://winaero.com/blog/microsoft-says-that-defender-file-download-feature-is-not-a-risk/
======
jart
Isn't the implication that Windows no longer has a firewall? Let's say Windows
Firewall is configured to block by default and enable network access to
individual executables that need it. Pointless apparently since apps can just
apply patches and upload telemetry by encoding it into HTTPS URIs passed to
the MpCmdRun downloader which apparently can't be disabled. What if someone
wrote a DLL implementing the WinSock API that tunnelled internet protocols via
MpCmdRun. That way the DLL can be dropped in any folder to enable existing
EXEs to bypass the firewall.

