Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,218
    Location:
    Brooklyn, NY
    Hmm, OK, thank you for checking this. :thumb: It's the same result.

    Not complaining, mind you. But surely do not want this to be indicative of another anomaly. Remains to be seen, I guess...
     
  2. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    419
    Location:
    Milan, Italia
    My recent scans have all been 39,000+ file ~ 1min 50 sec

    Edit: I have an HDD.
     
    Last edited: Mar 2, 2020
  3. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    945
    Location:
    Canada
    43k files in 65 seconds here.
     
  4. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,218
    Location:
    Brooklyn, NY
    OK, thank you for checking. That's a pretty nice time for an HDD, Bertazzone. Typically, scans on this SSD are around 45 sec-1 min 30 sec. Here's the result after clearing Defender's caches w/PrivaZer.

    2nd def scan.PNG

    So, I don't know. I'll just rely more on my other scanners as they're performing as usual.
     
  5. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    559
    Location:
    South Park, CO
    My last WD scan (W10 1903) was 1m 4s w/ 41,347 files scanned on a slow laptop HDD. Most WD scans have been around 1m 15s for me lately. (By contrast, HMP took over 10m to scan the same HDD last night.)
     
  6. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    335
    Location:
    USA
    It's been five weeks since I placed online my new Windows 10 Pro 1909 tower, 10-12 hours a day.

    A primary task was to keep an eye on Defender "virus & threat protection updates" under Windows Security Settings versus "change logs for security intelligence update" posted on
    https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes.

    I checked several times a day and found that versions matched up much less than I could find acceptable. My system was largely behind by at least two versions. Worse, sometimes most of a day could go by with only one update.

    In checking the MpCmdRun.log and MpSigStub.log files, no rhyme or reason is found to explain the sheer random timing of the updates. That over several update tasks that are flagged "Update completed succesfully (sic). no updates needed (sic)" when clearly there were updates is perplexing.

    In running Security Essentials on my Windows 7 system, I have a task scheduled to run "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate every two hours. Works like a charm.

    That path to MpCmdRun still exists in Windows 10, but the OS is using "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate. (Yes, no hyphen on that first argument.)

    I note that sometimes SignatureUpdate -ScheduleJob -RestrictPrivileges is used. I'll let the OS manage that and stick to the most frequently used -UnmanagedUpdate for the scheduled task.

    And that's what I've been using for a week, for now every hour, and the version is up to date every time I check. The downside is having to pay attention to that path over time; no doubt 4.18.1911.3-0 is bound to change.

    The simpler Program Files path to MpCmdRun.exe and argument still seems to work, as tested in cmd and verified in MpCmdRun.log, but that exe is v4.18.1902.5 while the other is, well, v4.18.1911.3. I'm unsure if that makes a Big Diff; I doubt if the former is part of the Windows Update scheme. However, according to
    https://www.microsoft.com/en-us/wdsi/defenderupdates
    it is posted that "Enterprise administrators can also push updates to devices in their network" via
    cd %ProgramFiles%\Windows Defender
    MpCmdRun.exe -removedefinitions -dynamicsignatures
    MpCmdRun.exe -SignatureUpdate


    Sidebar: As Microsoft updates defs/sigs constantly, several times a day, I don't use "cloud-delivered protection." And as that "works best with automatic sample submission turned on," the cloud is a big turn off for me. MBAE, AppCheck, SpyShelter Premium, GlassWire's Security and TrafficLite in the browser (and Windows' other security feature sets) provide safeguards regardless of the sigs/defs Defender model, cloud or not. That said, for the mainstream user, I would otherwise recommend both cloud and submit be enabled.
     
    Last edited: Mar 14, 2020
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,284
    Location:
    Among the gum trees
    Code:
    Set-mppreference -SignatureUpdateInterval 1
     
  8. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    419
    Location:
    Milan, Italia
    The beauty of powershell to configure whatever you fancy! :thumb:
     
  9. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    335
    Location:
    USA
    @ krusty - Thanks for that!

    That would be the same as as setting 1 for the group policy in Security Intelligence Updates, "Specify the interval to check for security intelligence updates." Right?

    I tried that and it didn't have any effect over a two day period as evidenced in the logs.

    I figured there must be another setting(s) in there to enable from all the defaults not configured and gave up given my ignorance of the mighty gpedit. I just didn't want to fess up to that in my post. :D

    In finding
    https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps
    I went deer-in-the-headlights and haven't yet recovered...
     
  10. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    Disabling cloud protection, makes WD a dumb, subpar AV.
    Better drop the other security stuff, and optimize WD, using DefenderConfigure.
    https://github.com/AndyFul/ConfigureDefender
     
  11. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    419
    Location:
    Milan, Italia
    :thumb::thumb: I think we've been down this road before, my friend. People use what they like, how they like it. Whaddaya' gonna' do? :D
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,370
    Yeah. People can decide for themselves how to use Windows Defender. After all, Microsoft gave users the ability to disable cloud and automatic sample submission if they wish to do so. But I also believe it is important for users, especially average users, to know that doing so could drastically lower their protection
     
  13. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    419
    Location:
    Milan, Italia
    I totally agree. I wouldn't advise using it without those features. Makes no sense to me.
     
  14. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
    ... and finally you can delete defender.exe, however I wouldn't recommend it because it will lower protection about 99 %. :(
     
  15. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    569
    Location:
    Belgium
    Sometimes several updates a day, sometimes one a day, not that much important because windows defender is at his best with cloud, so protect all the way and up-to-date with cloud !
    Use configureDefender with High settings to tweak windows defender and it will be rocksolid protection..
     
  16. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
    Any problems with high settings? :)
     
  17. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    419
    Location:
    Milan, Italia
    No, because it disables the 3 ASR rules that the cause most issues and Controlled Folder Access. You can bump up cloud protection level to Block, cloud-check time limit to 50 or 60. In fact, you can change any individual setting, e.g. enable CFA.
     
  18. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    569
    Location:
    Belgium
    No problems here , why should someone have problems with high settings? you could have some problems with Max settings because then its more agressive... :)
     
  19. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,218
    Location:
    Brooklyn, NY
    I would not touch the Cloud control button myself, that's Defender's backbone.

    Who was the one expressing a concern about being one behind the latest Antimalware Platform version? Well, you can get the latest version. 4.18.2003.6 (on v.1909 at least) via the Windows Update mechanism. Takes a second or two.
     
  20. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Protecting against coronavirus themed phishing attacks.
    https://www.microsoft.com/security/...-against-coronavirus-themed-phishing-attacks/
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,787
    Windows Defender Bug in Windows 10 Skips Files During Scans
    March 22, 2020
    https://www.bleepingcomputer.com/ne...r-bug-in-windows-10-skips-files-during-scans/
     
  22. RangerDanger

    RangerDanger Registered Member

    Joined:
    Apr 30, 2018
    Posts:
    120
    Location:
    Boston
  23. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,754
    Location:
    USA
  24. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,152
    Location:
    USA still the best. But barely.
    Borkity, borkity, bork.

    It Looks Like Microsoft Broke Windows Defender With a Recent Update
    https://www.tomshardware.com/news/i...t-broke-windows-defender-with-a-recent-update
    It's starting to seem like Microsoft can't update anything without breaking it. Windows Latest reported yesterday that Windows Defender, the built-in antivirus tool for Windows 10, stopped functioning properly after it was updated recently.

    The report indicated that Windows Defender--which is set to be renamed Microsoft Defender as it expands to additional platforms--has shown an error message to multiple Windows 10 users. Windows 7 and 8 users don't appear to be affected...
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,443
    Location:
    Slovenia
    :D
    It surely improved it's scan speed. The more files it skips, shorter is it's scan time.
    So much about WD being less buggy than other AVs.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.