Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Hi Imuade,

Windows Defender Advanced Threat Protection are an Enterprise product that allows for instant centralized alerting, detection, blocking and also forensics capable of turning time back six months to follow incidents unfold.
It will bring you control of the full Windows 10 protection stack on every endpoint across your company.
You need Enterprise E5 license to be the proud commander of that amazing beast.
And it will control all the SKUs you mentioned.

The features mentioned in my post are as you can see in the links in the post, available if you meet the requirements mentioned under each feature.
They are additionally tied into Windows Defender ATP and fully controllable through it.
So Windows Defender ATP adds capabilities to the features when in enterprise environment, it doesn't remove anything from the features for you as a home user

 

So, basically, Home users can set up all these new features on their PC only (as long as they have the upcoming Windows 10 Fall Creators Update).
Windows Defender ATP allows enterprises to deploy the same settings to all the PCs in their network and to monitor events from the single user.
Is that correct?

 

I am running one of my computers on the fast insider ring and have controlled folder access under "Virus and threat protection settings". The EMET style exploit protections are under "App and browser control".
If you use a 3rd party antivirus controlled folder access will be disabled, but the exploit protections will still be available.

 

In a very simplistic way, yes.
There's a lot more to Windows Defender ATP, but we will get to far of topic if we go into that here.

You have nothing to worry about, and everything to look forward to.

(Just in case anyone else should get worried, then follow the Microsoft links in this post : https://www.wilderssecurity.com/thr...-windows-10-needs.383448/page-45#post-2702605
Microsoft are very clear about requirements.
Also the Microsoft blog post link in this post : https://www.wilderssecurity.com/thr...-windows-10-needs.383448/page-44#post-2700049
Microsoft are very clear about the fact that all Windows 10 Fall Creators Update users, will get Windows Defender Exploit Guard.)

 

Thanks. Can't wait for its release!

 

Now I have to ask cruelsister a question, why would I need Comodo Firewall and Comodo HIPS and Comodo Sandbox, if all this is waiting for us in the next, very soon, upcoming Windows 10 Creators upgrade?
OK, the only thing that Windows 10 would need is sandbox protection just like in Comodo Sandbox, every time you open an unknown file it gets sandboxed on untrsuted level, if it's safe just use "unblock" settings.

 

Everything is possible, Paul, believe it or not, but believe it, on with Windows 10 Pro both firewall (both private and public firewalls) you can easily install and enable and use freely Comodo firewall and also ZoneAlarm firewall with both Windows 10 Pro private and public firewalls enabled!!!!!
So, if that is already fully enabled, why wouldn't be possible additional anti-exploit like HMPA or MBAE that is enables and it's working alongside Windows 10 Pro Exploit Guard?
It's fully possible to do it, if you can do it with firewalls you can do it with additional software anti-exploits/exploit guards as well.

 

Comodo was also working on a Chrome extension https://chrome.google.com/webstore/...ivirus/dbholhabhgiapdakiikjbfegpfmmncfp?hl=it

Basically, it's a scanner for downloaded files, but it also gives the user the option to install a portable sandbox https://antivirus.comodo.com/ccav-sandbox/
Like that, if a downloaded file is unknown, the file could be run inside the sandbox, with no need to install CFW or CCAV.

Unfortunately, it has not been updated since May 2016...

 

We'll have to wait and see. IIRC Surfright built MBAE detection / switchoff into HMPA, and it was never advised to run it alongside EMET.

 

Strange forewarning but here's a snip from a help ticket in early May to HMPA:



I'd installed EMET to troubleshoot a HMPA detection in Firefox (I corrected the misunderstanding). I am hopeful there will be a switch in Defender. I sincerely doubt SurfRight/Sophos would ultimately force users to choose one over the other. This was/is their bread and butter, I'd think this development of Microsoft security would be of marked concern to them, right? .

 

Right. Surfright/Sophos will have to demonstrate the superior functionality and coverage of their product.

Windows security is impressively developing apace, and has the advantage of OS integration, no conflicts.

 

http://news.softpedia.com/news/micr...ll-creators-update-on-october-17-517573.shtml
Still/only one and half month waiting

 

https://www.ghacks.net/2017/09/01/m...10-fall-creators-update-on-october-17th-2017/

 

The only thing that interests me: Security: Windows Defender features new defenses against ransomware and exploits.

I agree with some of the comments that MS should explore the possibility of 'modularising' Win 10 so that one can 'de-select' bloat one doesn't want. Surely businesses don't want most of this stuff (maybe it doesn't exist in Enterprise version).

 

Thanks for the link

 

If you use Windows Defender in the fall creators update will you need to use avast free anymore? Should you replace avast free with Windows Defender? Which would be better to use?

 

I have already created a thread on some of this that showed up the other day in my update. Build 16281 and I was using the Home version.

https://www.wilderssecurity.com/threads/folder-protection-windows-10-home.396467/

 

Thanks boredog, Do you have to use Windows Defender in order to use these new security features or they standalone features that you can use with any third party AV like avast free?

 

There is no special requirement for the feature "Exploit Protection".

To be able to use the features: "Attack Surface Reduction" / "Network Protection" / "Controlled Folder Access", Windows Defender must be enabled.

 

I use Windows Defender in 'Periodic scanning' On mode, but status of WD is Off in that mode, so I guess that doesn't qualify to use those features ... ?

 

@paulderdash, you need Windows Defender fully enabled for those features.

 

Thanks for confirming, @Martin_C . Only using WD on my secondary machine so will check out those features there. On primary I am using Emsisoft, so WD is disabled.

 

You are welcome, @paulderdash.
Just remember that you need to enable them.
The PowerShell cmdlets are listed in the Microsoft documentation of each feature.

 

http://blog.emsisoft.com/2017/09/14/antimalware-service-executable/

 

How often does Windows Defender download definition files? Also how many MB's are they?