Windows 10 Insider Preview Build 17672 Is About Fighting Malware
Microsoft released, on May 16, the Windows 10 Insider Preview Build 17672 (RS5), which is a notable development as regards fighting malware.
In a blog post published the same day, Microsoft says- “Today, we are releasing Windows 10 Insider Preview Build 17672 (RS5) to Windows Insiders in the Fast ring in addition to those who opted in to Skip Ahead.”
The software, as mentioned above, is currently released only for those who registered for the Fast ring or for Skip Ahead releases and is hence in testing and not yet finalized for general customers. Build 17672 comes with a number of improvements; the most notable change, however, is that the platform handles third-party antivirus differently.
As per the new change, Windows Security Center requires antivirus software to run as protected processes. It was with the release of Windows 8.1 that Microsoft announced extending protected processes into a general purpose model to be used by anti-malware vendors. “Starting with Windows 8.1, a new security model has been put in place in the kernel to better defend against malicious attacks on system-critical components. This new security model extends the protected process infrastructure previous versions of Windows used for specific scenarios, such as playing DRM content, into a general-purpose model that can be used by 3rd party anti-malware vendors. The protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks”, Microsoft had said then, “After the anti-malware services have opted into the protected service mode, only Windows signed code or code signed with the anti-malware vendor’s certificates are allowed to load in that process. Similarly, other protected process levels have different code policies enforced by Windows.”
As regards the improvements included in Build 17672, the Microsoft blog says- “The Windows Security Center (WSC) service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security UI, and Windows Defender Antivirus will remain enabled side-by-side with these products.”
Testers have been given the option to disable this behavior; the Microsoft blog says- “For testing purposes, you can disable this new behavior in Windows Insider builds by creating the following registry key and rebooting the device. This key will be removed as we get closer to release.”
Among the other fixes that Build 17672 offers, notable ones include some improvements to the Microsoft Edge browser, an update to the recently released Timeline feature, and low battery notifications for compatible Bluetooth-supported devices.
Julia Sowells924 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.