Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    As far as WD's usability to the average PC user, it still has a "ways to go." In the recent AV-C Realtime test it was:

    1. Third highest in false positives.
    2. It was second highest in required user interaction to allow/block activity. In this regard, the average PC user will statistically measured, make the wrong decision.
     
  2. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    500
    Can you try excluding MsMpEng.exe on WD as per this article?
    https://blog.emsisoft.com/2017/09/14/antimalware-service-executable/
     
  3. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,649
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,841
    Location:
    Among the gum trees
    Manually checking for updates and I get this.
     

    Attached Files:

  5. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,616
    Location:
    Sneffels volcano
    Very good post!
     
  6. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Excluding MsMpEng.exe on WD from scanning its self and/or disabling Windows Defender and scanning with Emsisoft Animalware as per this article is an bunch of BS. Any reduction in security, especially with built-in security, escalates the threat potential and widens the threat landscape.

    My full scans with Windows Defender Antivirus hover around 38% for both CPU and Memory, occasionally spiking briefly to 48% for both, and maxing with occasional brief spikes to 54%.

    Also, Windows Defender Antivirus obviously flags files for an short period of time because subsequent full scans within an few days apart only take around 10 minutes, compared to the first initial full scan that takes around 30-40 minutes.

    Fix #5: Uninstall Emsisoft Antimalware
    Fix #6: Below

    The default paging file size (virtual memory) on the hard disk drive for an clean installation or re-installation of Windows results in the paging file size to be configured to expand and contract within the reserved space on the hard disk drive as needed when used.

    The default minimum size of the paging file size being equal to the amount of RAM (random access memory) installed in the device.

    The default maximum size of the paging file size being only limited to the amount of free space remaining on the hard disk drive.

    This constant expanding and contracting of the paging file size on the hard disk drive, and the constant swapping of data to and from the RAM, and to and from the paging file, uses quite an bit of CPU (central processing unit) cycles.

    Because when the RAM becomes full the CPU must now remove (swap) the oldest data in RAM to the paging file on the hard disk drive (the virtual memory), and the newest data from the hard disk drive to RAM, and the cycle continues and is endless until the process is over.

    So it is not Windows Defender Antivirus causing the lag, it is the constant swapping of data and the constant resizing of the paging file eating up all of the CPU cycles because the paging file is not ultimately configured to handle the load/s causing an memory bottleneck.


    The following is undocumented Microsoft information. It can be found deep within the bows of the Microsoft Web site, but who knows where, especially now.

    Microsoft recommends setting the initial paging file size and the maximum paging file size both to be equal, and to be set that of 1.5 times or 2 times the amount of RAM installed on the device for ultimate configuration and performance. I have always used 2 times the amount of RAM.

    This configuration alleviates the CPU from having to constantly resize the paging file and minimizes data swapping, because we now have fooled the system into believing there is more RAM than actually installed in the device.

    The result is an overall smoother and faster running system.


    TO CONFIGURE THE PAGING FILE TO BE TWICE THE AMOUNT OF INSTALLED RAM

    For our example we will be using 8 GB of installed RAM.
    We will fool the system into believing there is 16 GB of installed RAM.
    Control Panel/System/Advanced system settings/Performance/"Settings" button/"Advanced" Tab/"Change" button/

    Untic - Automatically manage paging file size for all drives
    Enable - Custom size radio button
    Set - Initial size (in MB to): 16384 MB (16 GB)
    Set - Maximum size (in MB to): 16384 MB (16 GB)

    NOTE: After reboot the paging file may become fragmented. One can use Piriform (now Avast) Defraggler and preform an boot-time defrag to defrag the paging file. However, ALWAYS use the Windows built-in drive optimizer for everyday defragging with automatic scheduling.

    1 GB = 1024 MB
    8 GB = 8192 MB (8 x 1024 = 8192)

    8192 MB times 2 = 16384 MB (16 GB)



    -HKEY1952
     
    Last edited: Nov 18, 2017
  7. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    500
    I fail to see how '#5. Uninstall Emsisoft Anti Malware' is even a suggestion at all. If the user has EAM install but WD service is active then something is wrong, and disabling WD in that case seems like a good idea.

    Remember it is generally accepted idea not to run 2 antiviruses at the same time.
     
  8. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    There is nothing wrong sir, when an third party antivirus installs it must be compatible with the Windows Defender Security Center. That third party antivirus is considered 'compatible' when it only 'suspends' the Windows Defender Antivirus.

    In other words, WHEN Windows Defender Virus & Threat Protection is suspended, Windows Defender Real-time protection is disabled, but Windows Defender Cloud-delivered protection and Automatic sample submission is still enabled and can be toggled on/off within the Windows Defender Security Center. Further more, Windows Defender can still be used as an Stand Alone Scanner utilizing all of its scans, including Offline scans. Note that during Windows Manual or Automatic Updates the Virus Definitions will not be updated when Windows Defender is suspended. But who knows in the background.

    And finally, WHEN Windows Defender Virus & Threat Protection is suspended, Windows Defender will run periodic scans in the background. All of this and the above can be toggled on/off by the end user when an third party antivirus is installed in Windows 10 Creators Fall Update.

    Now that is the REQUIRED compatibility parameters demanded by Microsoft. Just an little while longer and third party security software will less than nil, third party security software is currently on the threshold of next to nil.



    -HKEY1952
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    This recommendation was based on the days when average installed RAM was 4 GB or less. Other factors that will affect system performance is how much memory is installed on your graphics card. For anyone that has 4 GB or more of RAM installed, just use what Windows itself recommends as noted below.

    As far as defragging the page file, the easiest and most effective method is just to deleted the page file and reboot. A new page file will be created during the boot process. Also, this method ensures that any malware lurking in the page file is also deleted.

    Page_File_Size.png
     
  10. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    500
    Yeah, the third party AV must be compatible with the security center in order to properly disable WD. Which Emsisoft already is.


    Remember the previous article was directed to WD users, meaning they shouldn't even have Emsisoft installed in the first place. That is why I thought it was strange of you to consider uninstalling EAM as a solution at all.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,559
    Location:
    The etherlands
    I have EAM installed.

    I set WD periodic scanning to 'On' under WD Security Centre>Virus & threat protection>Windows Defender Antivirus options, but when I revisit it later at some point, it is 'Off' again. Any explanation for this?
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    Might be a bug in Win 10 CE. I had no problems like this in Win 10 AU.

    However, what I discovered when enabling Periodic Scanning is WD loaded the its full engine at boot time and it stayed there for the entire boot session eating system resources. For that reason, I never re-enabled it.
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,559
    Location:
    The etherlands
    Guess I'll just leave it then :cautious:.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
    The question is what type of behaviors does it monitor in order to decide if some app might be malware? Does it use the same behavioral rules as Win Def ATP? That type of stuff would be interesting to know. But of course, some behaviors can only be spotted when malware already is running, and most AV's without an "old-skool" behavior blocker try to block malware pre-execution.
     
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    863
    Location:
    Italy
    If PUA protection is enabled, Utorrent Portable is positive with W.D:

    Immagine.jpg
     
    Last edited: Nov 19, 2017
  16. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    As well for Wisecleaner...
     
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    863
    Location:
    Italy
    Did you add it to exclusions?
     
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    863
    Location:
    Italy
  20. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,997
    Microsoft Security Faux Pas: ASLR implementation issue on Windows 8 and 10
    https://www.ghacks.net/2017/11/20/m...slr-implementation-issue-on-windows-8-and-10/
     
  21. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    947
    How many active users does windows defender have.
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,841
    Location:
    Among the gum trees
    How long is a piece of string?
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,841
    Location:
    Among the gum trees
  24. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    547
    Enabling windows defender network protection leaks dns while using open vpn software:cautious: I have turned off smart multi-homed name resolution and enabled block outside dns flag in openvpn configuration files but still dns leaks:doubt:
     
  25. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    947
    Wisecleaner also detected
     
Loading...