Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

I just found out WD doesn't automatically scan Removal Drives during a Full System Scan so I've used this:

Code:

Set-MpPreference -DisableRemovableDriveScanning 0

Source - https://www.tenforums.com/tutorials...ender-scan-removable-drives-windows-10-a.html

Also, Email Scanning is off by default too. To enable:

Code:

Set-MpPreference -DisableEmailScanning 0

Source - Figured that one out from above.

 

Top scoring in industry antivirus tests.

Much more about Microsofts excellent results here : https://docs.microsoft.com/en-us/wi...lligence/top-scoring-industry-antivirus-tests

 

Additionally the latest transparency report are now available.

The complete report, "Examining the AV-TEST May-June 2018 results", can be downloaded here (PDF) :

Code:

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?

 

Honestly, who cares of Windows ATP, most people here uses Windows Home...and those who don't have to pay to get it.

so basically i have to pay for Win10 pro at minimum, plus WD ATP fees ; sorry i can get the same (or even better) results for cheaper.

Also, tests most are interested in is about home users products, using Windows Home.

 

Is ATP even buyable for people?

 

Honestly, everyone that has a genuine interest in the topics in this thread - the blogs, slides and video sessions that highlights and informs about new technology and improvements/hardening of same - the many, many users that actually use all the security that Windows 10 natively offers without the need for bolt-ons, these users also understand that Windows Defender ATP are the platform that brings together all the security features in Windows and gives enterprises a unified control of all these features across all the devices their employees are using.

Tests of Windows Defender ATP next generation protection are testing Windows AV capabilities, and that is Windows Defender Antivirus.

Also mentioned when reading the link posted in this post.

A complete view of the Windows Defender ATP platform and the individual capabilities that it combines, can be found here.

There's really nothing cryptic about any of this. Links should clear any confusion.

 

Nevertheless, since this forum is mainly for home users, rather than corporate IT guys, the focus should be on security for Home and Pro editions of Windows.

 

All Windows 10 SKUs include Windows Defender Antivirus, which is exactly what was tested.

And which is one of the capabilities that is combined in Windows Defender ATP.

Consumers control these capabilities in the Security Center app (and through GPOs).
Enterprise users control these capabilities through Windows Defender ATP.

Microsoft are just simplifying in order to not having to explain two dozen security features twice.

And with the tests mentioned above the difference are :
Consumers get the protection.
Enterprise get the protection and additionally central managing of this protection across all their employees devices.

It would be a waste of time if Microsoft had to publish each report and blog post twice. One for consumers without the mentioning of central managing and one for enterprise with the mentioning of same.

 

Thanks for the clarification.

 

Some of us are using the Home Edition of Windows so don't have Group Policy options. That means searching for alternate methods of enabling certain features, like PowerShell cmdlets for example.

Edit: GPO options if you prefer.

 

Andy Ful's ConfigureDefender tool gives you easy GUI access to those powershell cmdlets. You just click on the button/s you want, and the appropriate powershell script runs.
https://github.com/AndyFul/ConfigureDefender

This is his support thread
https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/

 

Perhaps I should @Martin_C as to reply to him directly.

Thanks, @shmu26 . I may investigate that further.

Yeah, pass. Not going there thanks.

 

Hi @Krusty,

You are absolutely correct. Access to all the more technical settings are tricky without GPOs.

On Home you need to memorize some PowerShell cmdlets.

But Microsoft has to place the cut between the different SKUs somewhere and currently this is one of them.

There's basically three options.
1. Run Windows 10 Home, activate everything in the Windows Security app and then run the handful of PowerShell cmdlets that are relevant.
2. Like option 1, but use Andy Ful's ConfigureDefender tool instead of PowerShell. Much, much easier.
(No reason to join another forum, just download his tool from GitHub.)
3. Upgrade to Windows 10 Pro and have easy access to all settings in GPOs.

With Windows 10 Pro you also get a lot of other benefits, like Windows Defender Application Guard - I would never touch a lot of the internet without it.
And configuring all the WD settings and especially other security features that has WD dependencies, becomes a walk in the park.
(and then I like the fact that with Windows set up through GPOs, then things stay that way. Nobody accidentally flips a setting anywhere due to low on coffee, low on sleep or the sudden twitch on mouse/touchscreen.)

 

Agreed! Anyone can easily see this is the case by following Any Ful's posts and the evolution of his software. He often provides references/sources for his various feature implementations and they are usually to these MS sources. I personally appreciate posts on MS security developments as I know that some will filter down to WD for Windows home.

Oh, I can't forget to mention Andy's Hard_Configurator which, like all of his software, makes better native Windows security possible for those of us who are less technically inclined.

 

Of note, Application Guard requires Windows Pro v1803, as well as a device with a processor that supports hardware virtualization. A possible option if the hardware doesn't support virtualization is to use a Software Restriction Policy. It's easy enough to employ a default-deny configuration or even just to simply blacklist userspace directories (eg: c:\users\your_name\appdata\...etc

 

Small businesses targeted by highly localized Ursnif campaign.

More in blogpost here : https://cloudblogs.microsoft.com/mi...targeted-by-highly-localized-ursnif-campaign/

 

This is cool and all, but let's say this Ursnif or similar malware is able to run. Will Win Def block it from stealing data?

 

Office VBA + AMSI: Parting the veil on malicious macros.

And I better also quote the following from blog post. Microsoft are very clear about how this will benefit the entire protection stack on Windows 10 :

Much more in blog post here : https://cloudblogs.microsoft.com/mi...ba-amsi-parting-the-veil-on-malicious-macros/

 

Just saw this on another site. I like the idea of it. Hopefully it is effective.

 

About time they also add Python script scanning to AMSI. But that would be a "bit tricky;" wouldn't it.

 

No reaction to this? Then I can already guess what the answer is.

 

Are the virus definitions used by Windows 7 Defender, the same as the definitions used by Windows 10 Defender? I've never been entirely clear on this point.

 

They are not the same, but I'm not sure about Microsoft Security Essentials.

 

Thanks, that helped.

 

Microsoft doing very well, FP winner for second month in the row.
https://www.wilderssecurity.com/thr...real-world-protecion-test-august-2018.408331/