Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

I wish Windows defender had a whitelisting feature like NOD32 where it wouldn't scan a file over and over again if the file hash hasn't changed. That would bring down its performance impact significantly.

 

Defender Control 2.1 (March 1, 2022)
Website

 

WD uses such feature, but i think you speak about manually started scans - IMO that will force a full scan. right?

 

You are correct about the full scan but I think @Spartan may be referring to Defender scanning when copying files, etc.

 

If it indeed uses such feature (caching) it's just terrible. Performing file operations (read/write) can be significantly slower when MD is enabled. And even if you repeat operation a minute latter it will still be slow as before even though files were not changed.

 

I have Windows 11 with Kaspersky, but i want to get rid of Kaspersky eland replace it with Windows Defender but what do i need more of i run Windows Defender for the safety?

 

Running a secondary program to compliment your AV is a good idea imo.

Some of these include, OSArmour (paid), Malwarebytes (paid), Configure Defender, Simple Windows Hardening, Hard Configurator, Voodoo Shield, Defender UI and Wise Vector. Use only one of these, ( CD and SWH can be used together.)

There are other options I'm sure will be mentioned but these are the only ones I would consider.

 

I agree with @digmor crusher. On one of my computer I have been running WD with the paid version of OSArmor for 2 years. No problem at all and it's very light.

 

WD is enough. I run it with Configure Defender and have had no issues.

 

WD should be used with Configuredefender (High setting, then you have advanced protection) otherwise its to weak.

https://www.neowin.net/news/windows...y-of-av-test039s-best-anti-virus-2021-awards/

 

Where can i find configure Defender?

 

Here: https://github.com/AndyFul/ConfigureDefender

 

Does anyone think SecureAPlus Lite or SecureAPlus Essentials along with Windows Defender would be a good combination? I've read it runs light and is a good product. Thank you.

 

Yes. No need for the paid version along with Defender.

 

I would not use anything in addition to WD- no need in my view. Just run an image backup every day just in case.

 

Yesterday I discovered that MS Defender is using behavioral signature updates much like Kaspersky does. This one, specifically for tamper protection, appeared in yesterday's update changelog (despite the date).

 

looks like ordinary signature. the page only shows that defender is able to catch such malware als shown. defender has anti-exploit, but a behavior scanner? means: hips? i am not aware of such feature.

 

It says "generic detection for suspicious behavior," so I hope that means MS is improving its tamper protection, which had been a weakness in Defender according to recent news articles.

 

a little research about
https://www.microsoft.com/en-us/wds...in32/MpTamperRemoteProc.A&ThreatID=2147811242
(please insert link text time)

if you use (paid) ATP, then bevaior deetection is possible:

ATP is not available on user machines.
https://www.bleepingcomputer.com/ne...adds-new-malicious-behavior-blocking-feature/

 

Actually, these are not new. They have been using behavioral signatures at least since, 2016. Maybe behavioral signatures were created less frequently back then. As the name suggest, these are based on behaviors, so only comes into play post execution. I've seen this a few times in action while testing Microsoft Defender.

 

Thanks guys for the info. I find MS documentation inscrutable, since most of it applies to their EDR and often describes features that have similar names ("behavior block") as those in the consumer versions ("behavior monitoring").

 

https://www.bleepingcomputer.com/ne...r-tags-office-updates-as-ransomware-activity/

 

Good they are taking this seriously:
After Defender flagged Office as virus, Microsoft gets serious about fixing false positives - Neowin

 

False Positive?

 

most likely.