A good primer on Windows Defender AV

%3CLINGO-SUB%20id%3D%22lingo-sub-88673%22%20slang%3D%22en-US%22%3EA%20good%20primer%20on%20Windows%20Defender%20AV%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-88673%22%20slang%3D%22en-US%22%3E%3CP%3EWindows%20Defender%20Antivirus%20(Windows%20Defender%20AV)%20is%20an%20antimalware%20solution%20built%20into%20Windows%2010.%20The%20Microsoft%20Malware%20Protection%20Center%20recently%20published%20a%20blog%20post%20that%26nbsp%3Bsummarizes%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fmmpc%2F2017%2F07%2F18%2Fwindows-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehow%20the%26nbsp%3B%3C!--%20%5Bif%20lt%20IE%209%5D%3E%0A%20%3Cscript%20src%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fmmpc%2Fwp-content%2Fthemes%2Fmicrosoft%2Fjs%2Fhtml5.js%22%3E%3C%2Fscript%3E%0A%20%3C!%5Bendif%5D--%3EWindows%20Defender%20Antivirus%20cloud%20protection%20service%20can%20help%20stop%20malware%20in%20real%20time%3C%2FA%3E.%20It's%20a%20good%20starting%20point%20if%20you%20aren't%20familiar%20with%20Windows%20Defender%20AV%2C%20and%20includes%20this%20illustration%20of%20how%20the%20protections%20work%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20940px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F17423i122226A4C12F98AC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Windows-Defender-cloud-instant-protection-2017.png%22%20title%3D%22Windows-Defender-cloud-instant-protection-2017.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CDIV%20id%3D%22page%22%20class%3D%22site%20container-fluid%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3ECloud-based%20protection%20is%20enabled%20in%20Windows%20Defender%20AV%20by%20default%20in%20the%20Windows%2010%20Creators%20Update.%20To%20check%20that%20it%E2%80%99s%20running%2C%20launch%20the%20%3CSTRONG%3EWindows%20Defender%20Security%20Center%3C%2FSTRONG%3E%2C%20go%20to%20%3CSTRONG%3ESettings%3C%2FSTRONG%3E%26gt%3B%20%3CSTRONG%3EVirus%20%26amp%3B%20threat%20protection%20settings%3C%2FSTRONG%3E%2C%20and%20make%20sure%20that%20%3CSTRONG%3ECloud-based%20protection%3C%2FSTRONG%3Eand%20%3CSTRONG%3EAutomatic%20sample%20submission%3C%2FSTRONG%3Eare%20both%20turned%20%3CSTRONG%3EOn%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you're%20looking%20for%20more%20detailed%20information--including%20details%20on%20how%20to%20configure%20Windows%20Defender%20AV%20features%2C%20manage%20updates%2C%20and%20report%20on%20its%20actions--see%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fthreat-protection%2Fwindows-defender-antivirus%2Fwindows-defender-antivirus-in-windows-10%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWindows%20Defender%20Antivirus%20in%20Windows%2010%20and%20Windows%20Server%202016%3C%2FA%3E%26nbsp%3Bdocumentation%20on%20docs.microsoft.com.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-92168%22%20slang%3D%22en-US%22%3ERe%3A%20A%20good%20primer%20on%20Windows%20Defender%20AV%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92168%22%20slang%3D%22en-US%22%3EGotcha%20-%20for%20that%20I'd%20highly%20recommend%20using%20%22Exclusions%22%20instead%20of%20turning%20off%20the%20antivirus.%3CBR%20%2F%3ETwo%20options%3A%3CBR%20%2F%3E1.%20Excluding%20specific%20directories%20%2C%20so%20think%20anything%20created%20in%20c%3A%5Cmyanimations%20%3CBR%20%2F%3E2.%20Excluding%20files%20written%2Fread%20by%20specific%20processes.%20A%20good%20example%20is%20msbuild%20-%20let's%20you%20trust%20it%2C%20and%20you%20are%20a%20developer%20compiling%20a%20lot%20-%20you%20can%20ask%20to%20exclude%20anything%20msbuild.exe%20touches.%3CBR%20%2F%3E%3CBR%20%2F%3EInstructions%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-exclusions-windows-defender-antivirus%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-exclusions-windows-defender-antivirus%3C%2FA%3E%3CBR%20%2F%3E(You%20can%20use%20the%20end%20user%20UI%2C%20as%20well%20as%20group%20policy%2C%20powershell%20etc).%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91894%22%20slang%3D%22en-US%22%3ERe%3A%20A%20good%20primer%20on%20Windows%20Defender%20AV%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91894%22%20slang%3D%22en-US%22%3E%3CP%3EAmitai%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20and%20that's%20a%20really%20good%20tip%20about%20the%20real-time%20protection%20slider.%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20to%20add%20some%20additional%20perspective%2C%20the%20reason%20why%20AV%20can%20interfere%20with%20my%20work%26nbsp%3Bwould%20be%20best%20illustrated%20with%20the%20following%20example.%20I%20recognize%20my%20situation%20is%20certainly%20out%20of%20the%20ordinary%2C%20but%20again%2C%20if%20there%20is%20flexibility%20built%20in%20to%20the%20OS%2C%20I%20can%20see%20others%20benefiting%26nbsp%3Btoo.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20I%20am%20generating%20an%20animation%2C%20that%20could%20mean%20anywhere%20between%20600-1200%20new%20files%20be%20created%20either%20via%20alocal%20network%20of%20rendering%20servers%2C%20or%20it%20may%20also%20be%20a%20remote%20rendering%20service.%20In%20the%20case%20of%20local%20that%20would%20also%20mean%20my%20own%20PC%20would%20be%20helping%20to%20generate%20the%20frames%20(files)%20and%20in%20those%20cases%20it's%20using%20100%25%20of%20the%20CPU%20(Xeon%2012-core)%20and%20probably%2010-16GB%20of%20RAM.%20So%20if%20during%20this%20process%20the%20system%20is%20at%20all%20pushing%20for%20it's%20own%20CPU%20interupts%20in%20order%20to%20scan%20incoming%20files%20(from%20other%20servers%20on%20the%20network)%2C%20you%20can%20see%20how%20that'd%20be%20a%20problem.%20Each%20frame%20generally%20takes%2010%20minutes%20or%20more%20to%20generate%20(sometimes%2020-30%20mins.)%20so%20it%20can%20start%20to%20add%20up%20over%20time.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20the%20case%20of%20an%20outside%20service%20it's%20more%20a%20matter%20of%20having%20many%20files%20coming%20in%20all%20at%20the%20same%20time%2C%20which%20again%20I'd%20rather%20not%20have%20the%20OS%20pause%20and%20scan%20each%20and%20every%20one%2C%20at%20least%20not%20while%20I'm%20working.%3CBR%20%2F%3EThanks%20again!%3CBR%20%2F%3EDoug%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91886%22%20slang%3D%22en-US%22%3ERe%3A%20A%20good%20primer%20on%20Windows%20Defender%20AV%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91886%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%3C%2FP%3E%0A%3CP%3EI'm%20Amitai%2C%20a%20PM%20on%20the%20product%20team.%3C%2FP%3E%0A%3CP%3EI%20just%20wanted%20to%20reach%20out%20and%20say%20thanks%20for%20the%20feedback!%20We%20hear%20it%20and%20will%20try%20to%20improve%20on%20that%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20for%20the%20temporary%20shutdown%20-%20not%20that%20I%20would%20usually%20recommend%20it%20-%20but%20if%20you%20feel%20you%20need%20to%20turn%20off%20%22Real%20time%20protection%22%20for%20just%20a%20few%20hours%2C%20you%20can%20slide%20it%20to%20%22off%22%20-%20we'll%20automatically%20turn%20it%20back%20off%20after%20a%20few%20hours%20of%20%22snooze%22.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EAmitai%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90691%22%20slang%3D%22en-US%22%3ERe%3A%20A%20good%20primer%20on%20Windows%20Defender%20AV%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90691%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20been%20a%20fan%20of%20Windows%20AV%20(and%20Security%20Essentials%20before%20that)%20for%20a%20long%20time%2C%20so%20much%20so%20that%20I've%20almost%20never%20had%20to%20use%26nbsp%3Badd-on%20products%20or%20third%20part%20AV.%20Recently%20I%20did%20add%20Cyberreason%20Ransomfree%2C%20but%20I%20can%20see%20that%20some%20of%20the%20new%20security%20features%20being%20rolled%20out%20in%20the%20Insider%20Previews%20are%20moving%20in%20that%20direction%20too-%3CEM%3Ethough%20they%20have%20a%20ways%20to%20go%20on%20implementation.%3C%2FEM%3E%20However%2C%20my%20biggest%20issue%20with%20the%20built%20in%20security%20suite%20is%20that%20it%20on%20one%20hand%20can%20seem%20too%20complex%20for%20the%20average%20user%2C%20and%20yet%20doesn't%20give%3CSTRONG%3Eenough%3C%2FSTRONG%3Egranular%20control%26nbsp%3Bto%20power%20users.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20slider%20for%20setting%20levels%20of%20security%20is%20way%20too%20blunt%20a%20tool%2C%20and%20what's%20more%20it's%20often%20an%20all%20or%20none%20choice.%20How%20about%20having%20settings%20that%20are%3CSTRONG%3Etimed%2C%3C%2FSTRONG%3Elike%20shut%20off%20any%20security%20notifications%20for%20the%20next%201-2%20hours%2C%3CEM%3Eand%20automatically%20resume%20after%3F%3C%2FEM%3EAlso%2C%20it'd%20help%20to%20have%20better%20explanations%20of%20what%20things%20do%2C%20especially%20for%20the%20average%20user.%20Use%20some%20real%20world%20examples%20of%20what%20happens%20whenyou%20choose%20A%2C%20B%20or%20C.%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20a%20professional%20animator%20and%20video%20editor%2C%20and%20there%20is%20a%20lot%20going%20on%20%22under%20the%20hood%22%20with%20resources%20and%20often%26nbsp%3Bdozens%20of%20software%20components%20that%20all%20need%20to%20work%20together.%20So%20there%20are%20times%20when%20I%20need%20to%20pretty%20much%20shut%20everything%20else%26nbsp%3Bdown%2C%20and%20especially%20%3CSTRONG%3Enot%3C%2FSTRONG%3Ehave%20any%20security%20so%20apps%20interfering-%20and%20there%20is%20the%20issue.%20You%20can't%20really%20turn%20features%20on%20and%20off%3CSTRONG%3Eeasily%3B%3C%2FSTRONG%3E%26nbsp%3Bsure%20I%20know%20ways%20to%20do%20it%20but%20that%20becomes%20a%20huge%20chore.%20Plus%26nbsp%3Byou%20don't%20want%26nbsp%3Bto%20forget%20and%20leave%20them%20off%20altogether.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Community Manager

Windows Defender Antivirus (Windows Defender AV) is an antimalware solution built into Windows 10. The Microsoft Malware Protection Center recently published a blog post that summarizes how the Windows Defender Antivirus cloud protection service can help stop malware in real time. It's a good starting point if you aren't familiar with Windows Defender AV, and includes this illustration of how the protections work:

 

Windows-Defender-cloud-instant-protection-2017.png

 

Cloud-based protection is enabled in Windows Defender AV by default in the Windows 10 Creators Update. To check that it’s running, launch the Windows Defender Security Center, go to Settings > Virus & threat protection settings, and make sure that Cloud-based protection and Automatic sample submission are both turned On.

 

If you're looking for more detailed information--including details on how to configure Windows Defender AV features, manage updates, and report on its actions--see the Windows Defender Antivirus in Windows 10 and Windows Server 2016 documentation on docs.microsoft.com. 

4 Replies

I've been a fan of Windows AV (and Security Essentials before that) for a long time, so much so that I've almost never had to use add-on products or third part AV. Recently I did add Cyberreason Ransomfree, but I can see that some of the new security features being rolled out in the Insider Previews are moving in that direction too- though they have a ways to go on implementation. However, my biggest issue with the built in security suite is that it on one hand can seem too complex for the average user, and yet doesn't give enough granular control to power users.

The slider for setting levels of security is way too blunt a tool, and what's more it's often an all or none choice. How about having settings that are timed, like shut off any security notifications for the next 1-2 hours, and automatically resume after? Also, it'd help to have better explanations of what things do, especially for the average user. Use some real world examples of what happens whenyou choose A, B or C.

I'm a professional animator and video editor, and there is a lot going on "under the hood" with resources and often dozens of software components that all need to work together. So there are times when I need to pretty much shut everything else down, and especially not have any security so apps interfering- and there is the issue. You can't really turn features on and off easily; sure I know ways to do it but that becomes a huge chore. Plus you don't want to forget and leave them off altogether.

Hi!

I'm Amitai, a PM on the product team.

I just wanted to reach out and say thanks for the feedback! We hear it and will try to improve on that :)

 

As for the temporary shutdown - not that I would usually recommend it - but if you feel you need to turn off "Real time protection" for just a few hours, you can slide it to "off" - we'll automatically turn it back off after a few hours of "snooze".


Amitai

Amitai:

 

Thanks and that's a really good tip about the real-time protection slider.

So to add some additional perspective, the reason why AV can interfere with my work would be best illustrated with the following example. I recognize my situation is certainly out of the ordinary, but again, if there is flexibility built in to the OS, I can see others benefiting too.

If I am generating an animation, that could mean anywhere between 600-1200 new files be created either via alocal network of rendering servers, or it may also be a remote rendering service. In the case of local that would also mean my own PC would be helping to generate the frames (files) and in those cases it's using 100% of the CPU (Xeon 12-core) and probably 10-16GB of RAM. So if during this process the system is at all pushing for it's own CPU interupts in order to scan incoming files (from other servers on the network), you can see how that'd be a problem. Each frame generally takes 10 minutes or more to generate (sometimes 20-30 mins.) so it can start to add up over time. 

In the case of an outside service it's more a matter of having many files coming in all at the same time, which again I'd rather not have the OS pause and scan each and every one, at least not while I'm working.
Thanks again!
Doug

Gotcha - for that I'd highly recommend using "Exclusions" instead of turning off the antivirus.
Two options:
1. Excluding specific directories , so think anything created in c:\myanimations
2. Excluding files written/read by specific processes. A good example is msbuild - let's you trust it, and you are a developer compiling a lot - you can ask to exclude anything msbuild.exe touches.

Instructions:
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/configure-excl...
(You can use the end user UI, as well as group policy, powershell etc).