Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    I am talking about real time scanning speed, thats all that matters to me, avast manual scan is slow as hell as well but the auto scanning is significantly better than WD on my machines and thats with everything on avast turned up.
     
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I think that was a reference to OneCare. Was popular back in the Vista days.
     
  3. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    Signatures are updated almost daily. Scheduled scans can be disabled. I really haven't seen much of a performance hit other than when it is checking for and download new signatures. I don't have Windows 10 on anything as slow as a core 2 duo but I have MSE which is, in many ways, the same program on a couple of Pentium Mobile laptops running Xp. The biggest resource use is memory, not CPU and it is much easier on them than most other AVs.

    Signature based scanning is only going to get the easiest targets which have been around a while. It does nothing for a lot of modern malware, phishing and exploit attacks which don't even use files which can be scanned and even if they do, use techniques to evade the scanners. Securing a browser with script blocking and sandboxing and locking down the OS with SRP, Applocker and ACLs are far more effective which is one of the reasons I downgrade AVs in general and am perfectly satisfied to use one that is free and comes with OS. Unless they do a lot more than signature based scanning they are all pretty lame as far as I'm concerned.
     
  4. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    How does one do this, besides disabling Automatic Maintenance?
     
  5. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Including real-time scanning. It does cache scanned files.
     
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    You have to bring up the bit defender panel and it is in the settings. Just do a search for Windows Defender to get it. The panel is just like the one for MSE and has tabs for updating signatures, scans and setting options.
     
  7. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    A further update. I just looked at the Windows Defenders panel and the options are not as easily accessed from the main panel as in MSE but otherwise the panal is the same. There are, however, extended options in group policy under Windows Components/Windows Defender/Scan. There is a key called "Specify the day of the week to run a scheduled scan". It has the option of "Never" which will disable scheduled scans. There is also an option to scan archives which is enabled by default.

    Windows defender signature updates are delivered both by Windows update and updated by Windows defender. In this system, I have Windows update disabled for over a month and the Windows Defender signatures were updated the last time I booted Windows 10, 3 days ago.
     
  8. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    You can also created an shotcut with %ProgramFiles%\Windows Defender\MpCmdRun.exe and then add the Scan -ScheduleJob argument.

    C:\Users\CHEF-KOCH>"C:\Users\CHEF-KOCH\Desktop\MpCmdRun.exe - Shortcut.lnk" -?
    Microsoft Antimalware Service Command Line Utility (c) 2006-2015 Microsoft Corp
    Use this tool to automate and troubleshoot Microsoft Antimalware Service

    Usage:
    MpCmdRun.exe [command] [-options]

    Command Description
    -? / -h Displays all available options
    for this tool
    -Scan [-ScanType #] [-File <path> [-DisableRemediation] [-BootSectorScan]]
    [-Timeout <days>]
    Scans for malicious software
    -Trace [-Grouping #] [-Level #] Starts diagnostic tracing
    -GetFiles Collects support information
    -RemoveDefinitions [-All] Restores the installed
    signature definitions
    to a previous backup copy or to
    the original default set of
    signatures
    [-DynamicSignatures] Removes only the dynamically
    downloaded signatures
    -SignatureUpdate [-UNC | -MMPC] Checks for new definition updates
    -Restore [-ListAll | [-Name <name>] [-All] [-Path <path>]] Restore or list
    quarantined item(s)
    -AddDynamicSignature [-Path] Loads a dynamic signature
    -ListAllDynamicSignatures List the loaded dynamic signatures
    -RemoveDynamicSignature [-SignatureSetID] Removes a dynamic signature
    -EnableIntegrityServices Enables integrity services
    -SubmitSamples Submit all sample requests

    Additional Information:

    Support information will be in the following directory:
    C:\ProgramData\Microsoft\Windows Defender\Support

    -Scan [-ScanType value]
    0 Default, according to your configuration
    1 Quick scan
    2 Full system scan
    3 File and directory custom scan

    [-File <path>]
    Indicates the file or directory to be scanned, only valid for custom scan.

    [-DisableRemediation]
    This option is valid only for custom scan.
    When specified:
    - File exclusions are ignored.
    - Archive files are scanned.
    - Actions are not applied after detection.
    - Event log entries are not written after detection.
    - Detections from the custom scan are not displayed in the user interface.
    - The console output will show the list of detections from the custom scan.

    [-BootSectorScan]
    Enables boot sector scanning; only valid for custom scan.

    [-Timeout <days>]
    Timeout in days; maximum value is 30.
    If this parameter is not specified, default value is 7 days for full scan and 1 day for all other scans.

    Return code is
    0 if no malware is found or malware is successfully remediated and no additional user action is required
    2 if malware is found and not remediated or additional user action is required to complete remediation or there is error in scanning. Please check History for more information.

    -Trace [-Grouping value] [-Level value]
    Begins tracing Microsoft Antimalware Service's actions.
    You can specify the components for which tracing is enabled and
    how much information is recorded.
    If no component is specified, all the components will be logged.
    If no level is specified, the Error, Warning and Informational levels
    will be logged. The data will be stored in the support directory
    as a file having the current timestamp in its name and bearing
    the extension BIN.

    [-Grouping]
    0x1 Service
    0x2 Malware Protection Engine
    0x4 User Interface
    0x8 Real-Time Protection
    0x10 Scheduled actions
    0x20 NIS/GAPA

    [-Level]
    0x1 Errors
    0x2 Warnings
    0x4 Informational messages
    0x8 Function calls
    0x10 Verbose
    0x20 Performance

    -GetFiles [-Scan]
    Gathers the following log files and packages them together in a
    compressed file in the support directory

    - Any trace files from Microsoft Antimalware Service
    - The Windows Update history log
    - All Microsoft Antimalware Service events from the System event log
    - All relevant Microsoft Antimalware Service registry locations
    - The log file of this tool
    - The log file of the signature update helper tool

    [-Scan]
    Scans for unusual files. The files and results of the scan
    will be packaged in the compressed file.

    -RemoveDefinitions
    Restores the last set of signature definitions

    [-All]
    Removes any installed signature and engine files. Use this
    option if you have difficulties trying to update signatures.

    [-DynamicSignatures]
    Removes all Dynamic Signatures.

    -SignatureUpdate
    Checks for new definition updates

    [-UNC [-Path <path>]]
    Performs update directly from UNC file share specified in <path>
    If -Path is not specified, update will be performed directly from the
    preconfigured UNC location

    [-MMPC]
    Performs update directly from Microsoft Malware Protection Center

    -Restore
    [-ListAll]
    List all items that were quarantined

    [-Name <name>]
    Restores the most recently quarantined item based on threat name
    One Threat can map to more than one file

    [-All]
    Restores all the quarantined items based on name

    [-Path]
    Specify the path where the quarantined items will be restored.
    If not specified, the item will be restored to the original path.
    -AddDynamicSignature -Path <path>
    Adds a Dynamic Signature specified by <path>

    -ListAllDynamicSignatures
    Lists SignatureSet ID's of all Dynamic Signatures added to the client
    via MAPS and MPCMDRUN -AddDynamicSignature

    -RemoveDynamicSignature -SignatureSetID <SignatureSetID>
    Removes a Dynamic Signature specified by <SignatureSetID>

    With the -Grouping 0x10 you can then add your own schedule via shotcuts. So everything is present, but I agree the GUI needs a bit tweaked. :)
     
  9. wildman

    wildman Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    2,185
    Location:
    Home on the range.
    I think it was one called MSE!
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @wildman No, it's still available for Vista and Windows 7.
     
  11. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    And Xp. You have to trick it by installing an old version from before Windows Xp support ended and then MS update will update it to a newer version. For a while, it would give reminders to upgrade to a newer Windows but MS has stopped harrassing Xp holdouts.

    MSE and defender are two branches of the same tree. Vista came with defender but it is disabled if you install MSE which is recommended. The Windows 10 upgrade will replace MSE with defender.
     
  12. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    I was using BD AV Free, since it was my top choice for free antivirus. A few weeks ago I decided to try Windows Defender on 3 W10 machines (2 PC's and 1 laptop) and I'm not going to looks at anything else ever! The systems fell lighter, although it tends to slowdown boot times a bit since it checks for updates and applies them. I just have them paired with Autorun Eater and safe browsing habits.
     
  13. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    I'm using Win10 Home so Group Policy is not an option for me. I end up solving the problem by simply right-clicking on the 'Windows Defender Scheduled Scan' task and choosing 'Disable'.

    WDScan.png
     
  14. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    These scheduled scans are different to the idle scans.

    From my observation after every definition update a new idle scan will be triggered which seems to bear no resemblance to the scheduled scans.
     
  15. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Did anyone (except me) tested ransomeware with WD? I'm impressed because every sample I found on mentioned pages was successfully detected by WD right after extraction process and some within packed .zip, not bad. :thumb: Only problem I found is f/p with Bat to Exe Converter 2.4.1 which is wrongly detected as trojan due some script's in it.
     
  16. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    But after a week you will get a message that your computer isn't fully protected. :doubt:
     
  17. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    176
    As long as you're aware that WD still ranks near the bottom of the list of AVs in tests such
    as those from AV-Test in protection scores. AV-Test awards a max of 6 points for each of 3
    categories: protection, performance, and usability. WD has always scored high on the latter
    two but not so good on protection - especially in the zero-day proactive tests. It does
    appear to be improving in that area recently, so may be moving upward. But still can't
    match the likes of Avira, Bitdefender Kaspersky, Norton, etc. when it comes to protection.

    In these latest results from AV-Test both WD and ESET (surprise) scored 4.5 for protection.
    Only 2 products scored lower.

    AV-Test gives equal weight to each of the 3 categories. I think many users would feel that
    protection is the most important measure and should carry more weight when evaluating a
    product.

    Note that the Softpedia article linked to in the opening post of this thread has errors
    and misleading statements. For starters, where it says:

    "As far as Windows 8.1 is concerned, Windows Defender received 4.5 points (out of 6)
    for protection and performance, and 6 points for usability. ... only one solution
    actually blocking all malware and getting the maximum score - Kaspersky Antivirus."

    It should read "As far as Windows 10 is concerned ..." as the link is to the results
    for Win10 corporate users.

    Similarly, where it says:

    "On Windows 10, however, Windows Defender really exceeded expectations. Microsoft’s
    default Windows antivirus received 4.5 points for protection, 5 points for performance,
    and 6 points for usability, ranking better than highly-praised security software such
    as F-Secure, Panda Security, ESET, and Comodo."

    It should read "On Windows 8.1, however, Windows Defender really exceeded ..." as the link
    is to the results for the Win 8.1 consumer products test results.

    http://i1-news.softpedia-static.com...e-best-antivirus-for-windows-8-1-499375-2.jpg

    The statement that WD ranked higher than F-Secure is wrong. Both scored the same in total
    points - 15.5 out of a possible 18. Microsoft appears before F-Secure in the listings only
    because in the case of tie scores the vendors are listed in reverse alphabetic order, from
    Z to A. If they had been sorted in normal ascending alpha order then F-Secure would have
    appeared before Microsoft in the results. More significant however is the fact that WD
    scored 4.5 for protection while F-Secure scored a perfect 6 - as did Panda.

    Note that this reverse-order sorting also places Kaspersky at the top. Had the table been
    sorted alphabetically A-Z within total scores then Avira would be at the top and Kaspersky
    would be third.

    As to the protection under Win10, the AV-Test results were for corporate products and WD
    placed 3rd last overall and was tied for last with Seqrite in the Protection category.
     
  18. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    May I suggest that you look at the numbers behind the score.

    As discussed in another thread - https://www.wilderssecurity.com/threads/windows-defender-whips-eset-in-latest-av-tests.383301/ - Windows Defender blocked 99,541% of everything malicious that they threw at it during the two months of testing.

    AV-Test translated that into a score of 4,5 in order to be able to place things on a chart.

    That score doesn't say anything about how well you are protected. It's just a placement on a chart.

    The numbers behind however, shows that Windows Defender successfully blocked 99,541% of everything malicious in the sample set during these two months.

    With that in mind, I REALLY don't think the user has any reason to be worried.
     
  19. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Well said :thumb:
     
  20. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    176
    I already looked at all of the detailed scores for all of the products tested, and crunched
    all of the numbers.

    In the tests in question WD scored 97.5% in the Nov proactive tests and only 90.0% in the
    Dec tests - an average of 93.75% for the two months. The industry average was 97.1% for
    that period. As I said before, it has always been weakest in that area - catching zero-day
    threats
    - but is improving. It remains however well behind the industry leaders in that
    particular area. It has always been fairly strong at catching known threats,

    As to whether or not that's "close enough", I prefer "as close as possible to 100%" as
    often as possible. Something that Avira, Bitdefender, Comodo, F-Secure and Trend Micro
    achieved in this particular set of tests. In the December 0-day tests, only ThreatTrack
    VIPRE scored less than WD.

    In today's state-of-the-art protection, it is a reasonable assumption that all products
    should provide very close to 100% protection against known threats. With shared data,
    cloud detection, rapid deployment of new signatures, etc. most products achieve this
    goal or 99.x% most of the time. So the critical difference between products is how well
    they detect unknown threats (0-day). With tens of thousands of new threats appearing
    every day, proactive defence is vital. WD still lags behind most of the pack in this
    area, but is closing the gap.
     
  21. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    WD is a good and reliable AV, that does not cause trouble, nor does it display annoying messages.
    It's a basic AV, very good to combine with a second opinion malware protection, like ZAM and HMP.A exploit mitigation.
    Adding the tiny unchecky, and surfing with µBlock-Origin, should cover almost any risk.

    WD does exactly what it should and is compatible with almost any third party addition.
     
  22. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Exactly, good post :thumb:

    WD isnt very good against zero day malware per se, but remember that Microsoft security model isnt the antivirus alone, it needs and goes well with SmartScreen and Windows 10 mitigations.
     
  23. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I was using an old Core Duo laptop with Windows 10 installed just now, and WD was using up to 97% CPU time. When the laptop started running slowly, I presumed WD was the cause, and a quick check with Task Manager confirmed it. I disabled WD, but after a rebooting, WD was enabled again, and when the laptop was running slowly again, Task Manager showed excessive CPU use of up to 97%.

    I wonder if some of the posters who find WD to be really light, have done a comparion between having WD's real time protection turned on and off.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I'm using WD here and don't see any cpu% issues at all. Runs light and well, no slowdowns...
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Roger,

    Maybe WD was scanning? I never had any issues and if I didn't have a licence for Norton I would be happily using WD right now.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.