Chart = https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart9&chart_year=2021&chart_month=3&chart_sort=1&chart_zoom=2 Full Article = https://www.av-comparatives.org/tests/malware-protection-test-march-2021/
Microsoft Defender, Panda and Trend Micro are really dependant on their clod protection in this test.
Actually, I'm a bit shocked at how bad Win Defender is in blocking malware without the cloud, only Malwarebytes and Trend Micro performed worse. And even with cloud protection enabled, Win Defender still failed to block 15 malware samples, I'm not too happy about this. Perhaps I should switch to a third party AV, on the other hand it also depends a bit on your risk profile.
You shouldn't be. It has been this way in this test series for as long as I can remember. Note: WD's vast improvement in its malware detection is due to block-at-first-sight cloud scanning. Prior to doing so, WD's detection rates were abysmal.
IMO in reality selecting "right" AV is not crucial for system security. Your behavior, practising safe computing, updating OS and apps, are IMO more important. AV is just last safety net if everything else fails. In most cases, if you practise safe computing, you will probably never see it in action.
i'd add regular backups to that plan. preferably to an offline storage location and to a cloud service.
This! There is nothing more important to any set up than this. If you're using any type of computer you need to be imaging to an external and cloud. Make sure it's encrypted first though. Safety nets are nice to have when you need them.
I agree I only mentioned what you can do to prevent infection. In case you get infected nothing is better than good backups. If you have data, that you don't want to be shared publicly, then you need some other tools to protect it from being accessed by malware.
Yes, forgot about that. This basically means that the locally based AV engine is pretty crappy. No correct, this is what I meant with the risk profile. If you download software from trusted download sites, it's not that easy encounter malware. But I still don't really like it, an AV shouldn't only rely on the cloud. That's why at first I was interested in Cylance which is now also available in Europe. But it's probably mostly hype. BTW, Win Defender also didn't get a good review on this site, see links. https://www.safetydetectives.com/best-antivirus/cylance-smart-antivirus/ https://www.safetydetectives.com/blog/windows-defender-vs-antiviruses-is-defender-enough-for-you/
https://www.safetydetectives.com/blog/windows-defender-vs-antiviruses-is-defender-enough-for-you/ For me some of his points are realy dependend on your usage: Malware detection rates are lower than many third-party competitors. Parental controls are limited to the Microsoft Edge browser. (I got not kids so couldn't care less) The main user interface is clunky and not easy to navigate. (Don't care configured with H_C) PC system health report is basic (no performance boosting or system cleanup). (I want an AV not a tuning suite) There’s no cross-platform support (except for enterprise users). (What cross platform? I wanted an windows AV) Lacks additional tools which third-party antiviruses have, like a VPN, password manager, dark web monitoring, or identity theft protection.
Yes I agree, what I like about Win Defender is that it's light on the system and isn't bloated with all kinds of unneeded features. And now that I think of it, when you enable "cloud protection" it won't automatically upload files from your system unless "automatic sample submission" is also enabled. But the question is, what exactly do you then gain from cloud protection, this is a bit unclear. https://www.howtogeek.com/323537/ho...e-submission-and-cloud-based-protection-work/
I would be careful in equating MD to MD ATP. This article explains the differences in simplistic terms: https://concurrency.com/blog/november-2017/windows-defender-vs-windows-defender-atp. The only major changes on Microsoft's part is you can now use MD ATP on the Win 10 Pro+ versions as long as you purchase a MD ATP subscription. There are also now MD ATP 365 versions.
Yes, I think it's clear by now that Win Def ATP is a different product which works together with Win Defender AV. However, malware analysis on the M$ cloud is being performed with the help of Win Def ATP, from what I understood. Good point, but it's still a bit unclear. I have found some more info. From what I understood, even without uploading any samples, Win Def AV might still block new "never seen before" malware but the thing is it will still need to upload the sample to get a verdict. So without uploading any samples, how does the cloud give you extra protection what you can't get from the locally based AV engine? https://www.microsoft.com/security/...gainst-never-before-seen-malware/?source=mmpc
No. They both perform some type of cloud scanning. The difference is what the cloud scanning is doing. WD non-ATP version performs cloud scanning on unknown downloaded .exe's. View this as a short duration 10 sec. sandbox analysis. The scan can be extended via Group Policy (Pro+ versions) or third party tweak tool to 60 secs. WD ATP on the other does the following per the linked article I posted above: In essence, WD ATP is performing deviation from normal behavior analysis. Also WD ATP is designed to be used via a server based monitoring console as other third part AV equivalent apps have. The assumption being there is a live person monitoring corp. network activity. I do believe there are rules that can be deployed to automate some of the decision making. Note: that WD only users are restricted to ASR rule detection method only. These are in reality HIPS like absolute block only rules. OSA also works the same way; it blocks the activity w/o user option to allow the activity.
No you're misunderstanding, I'm saying that when they perform malware analysis in the cloud, they are probably using Win Def ATP to perform this. This is one way to use Win Def ATP and of course it's normally used to monitor the network. But anyway, it's still a bit unclear if cloud based protection needs to always upload samples in order to block malware. This is from the howtogeek.com article: