Windows 10 includes its own antivirus and anti-malware against viruses and malware called “Windows Defender". It scans programs user opens, and downloads new definition from Windows Update. It has cloud protection which prevents newer malware and viruses. As a product of Microsoft, Windows Defender works best when protecting Microsoft’s applications like Outlook, Microsoft Office, IE, Edge etc. So user should feel safe with baseline level of antivirus protection provided by this product. Windows defender catches almost 95% of known threats and 85% of daily exploits which is suitable for average user. User can control windows defender behavior from control panel.
Windows defender includes real-time, cloud-based protection, and automatic submission. It finds malware by scanning your system in real-time. Cloud based protection and automatic submission of files will allow windows defender to share information about malware files.
Windows defender works in the background and does not disturb user by interrupting about the job its performing until it finds any malware. It will not even ask what to do with the infected file; it will clean up and quarantine the infected files automatically. Windows defender updates are downloaded and installed by windows update service and it does not require system restart to reflect changes. It displays protection and update status on home screen.
It’s automatic. User doesn’t need to do anything to use it; it works in the background all the time.
It provides RTP (Real-time protection). RTP monitors registry and file system on your system by using agents that monitors ASEP (Auto-start extensibility points).
It has smart-screen filter which asses all installed application with cloud based assessment. It determines if app is infected, it will stop its execution.
Windows Defender can be customized through exclusion panel. User can stop scanning of files or folders that known to be safe, it will reduce background computing.
User can scan manually to scan external components.
User can scan individual file or folders by right clicking the item and selecting “scan with windows defender" option.
User can remove or restore the quarantined files from his/her system by clicking “View details" button in history tab.
If user installs any other antivirus, windows defender will be deactivated automatically. And will be activated automatically if 3rd-party antivirus is uninstalled.
User can manually upload a malicious file for experts to analyze.
It provides “tamper protection". It helps to identify if malware has attempted to modify registry or any settings. It will stop such files from executing by damaging them.
Windows defender will identify unwanted programs and block or delete them from system.
Features for enterprise users
To help enterprise customers, windows defender has provided a new service "Windows Defender Advanced Threat protection" to detect, investigate, and respond to advance attacks. With combination of client technology and cloud service, windows defender advanced threat protection will help detect threats, provide information to investigate the root and offer response recommendations.
Windows Defender Advanced threat protection
Detect Advanced Attacks give information that what and why the attack has happened.
Windows defender advanced threat protection is combination of threat intelligence, behavioral sensors, cloud based security, and Microsoft’s security graph. Security graph provides data security analytics that check the behavior to identify threats. This data is then analyzed by experts to detect threats.
Response Recommendations: data provides easy way to examine alerts, signs of attack, and get detailed report from organization to recommend responses.
Windows Defender advanced threat protection investigates the machine and provides information on attack timeline. Cloud service submits files to virtual machines for examination.
As Windows Defender advanced threat protection is built-in application of windows 10, it will be kept updated, lowering cost, with no installation required.
Enabling protection against Potentially Unwanted Programs (PUPs)
User can protect windows against PUPs (Potentially unwanted programs) through Windows Defender. PUPs protection is only available for enterprise customers. PUPs are programs that you do not want on your system, and which can do more harm than good. User can protect himself from PUPs by enabling this protection policy setting. User can do this by editing windows registry
Open Run search and write “regedit" and find this key
Right click on windows defender and select New Key and name it.
Right click on new key and select new DWORD value. After naming it, type 1 in value data text bar. (0 value means PUPs protection is disabled, 1 value means PUPs protection is enabled)–
Restart the computer to reflect changes. Windows 10 will show a display box when a PUP file is blocked.
Windows Defender is pretty good for basic protection. At least better than not having an antivirus at all. For basic levels of computer usage, Windows Defender does a good job but if you want advanced protection, you will need third party Internet Security software which offer advanced threat protection levels.
Are you using Windows Defender for your computer or a third party security software? Please mention your favorite one in the comments below.