Advice Request Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?

[ForgottenSeer 92963]

@monkeylove

People tend to crash their system more often due to security/privacy/performance tweaks than to malware infections. Do your family members have a problem right now. When not, the old "Don't fix what is not broken" advice should be considered an option.

Members of security forums like to throw stones at their Windows to check whether their setup is safe and secure and fix things which ain't broken to make it even stronger. Many of us have had their system bricked by 'optimizing' it or adding the latest security innovation. When it comes to common (security) sense, security forums ironically are not the best place of advice.

 

[Moonhorse]

I tried the advice and encountered problems, e.g., apps that had to be whitelisted, programs like Adguard that began to malfunction and could not be installed or uninstalled properly, etc. Given that, I decided to do a system restore and go back to the point before I made the tweaks. And since I want to avoid using Edge I will have to use a third-party AV.

I will do the same for family members because I don't think they'll know or have the time to figure out reconfiguring tweaks.

I have used adguard with the multiple antiviruses, browsers and there is no problemos been with it

And with microsoft defender + edge youre messing with easiest setup, so there is something other messing with your desktop, maybe do full clean install ?

 

[show-Zi]

I will do the same for family members because I don't think they'll know or have the time to figure out reconfiguring tweaks.

MS Defender is excellent, but I think this is exactly why you need a third party AV. If you don't want to get bogged down in arcane theories, Defender is probably not a candidate.
And it is an interesting target for users interested in security.

 

[Freki123]

I tried the advice and encountered problems, e.g., apps that had to be whitelisted, programs like Adguard that began to malfunction and could not be installed or uninstalled properly,

I can only remember when I had "Block executables files from running unless meet a prevalence, age..." active and Adguard just released an update it was better to just wait 2-3 days. Then the update would install without problems. Other than that Adguard runs just fine for me.
That being said what I like about MS Defender (and H_C) is it is quite and doesn't bother me with dozen of prompt for a normal install which could happen with changed settings on some other 3 party tools.

 

[HarborFront]

A good read here

Is Windows Defender good enough to use in 2022 (yes and no)​

Is Windows Defender Good Enough to Use in 2024

Windows Defender comes built-in as a free security tool in Windows 10. But is it good enough to provide your PC antivirus protection in 2024?

privacysavvy.com

 

[Templarware]

Avast free is just better, it now even includes a firewall and the Ransomware shield, which used to be paid features, on top of Hardened Mode that was already free. Everything is done automatically without bothering you like WD's ransomware protection, which nags you every time you install a legit program or game.
Quick full scans, easier to schedule, it's very light on the system, and it even has a setting in the geek:area to suspend all non-gaming user processes.

 

[Trooper]

Avast free is just better, it now even includes a firewall and the Ransomware shield, which used to be paid features, on top of Hardened Mode that was already free. Everything is done automatically without bothering you like WD's ransomware protection, which nags you every time you install a legit program or game.
Quick full scans, easier to schedule, it's very light on the system, and it even has a setting in the geek:area to suspend all non-gaming user processes.

Did not realize this. I may check it out, thanks.

 

[Local Host]

Avast free is just better, it now even includes a firewall and the Ransomware shield, which used to be paid features, on top of Hardened Mode that was already free. Everything is done automatically without bothering you like WD's ransomware protection, which nags you every time you install a legit program or game.
Quick full scans, easier to schedule, it's very light on the system, and it even has a setting in the geek:area to suspend all non-gaming user processes.

Windows Defender doesn't even nag you, it simply crashes and causes issues with most software and games that mess with library folders, with no warnings, until you pinpoint the issue to it's ransomware protection.

 

[jetman]

Everything I have read elsewhere suggests that Microsoft Defender is as good as any paid-for AV solution. I would assume Defender is the mostly widely used Windows AV product and is therefore based on the widest collection of malware samples from both home and enterprise users. This must give Defender a big advantage over its rivals.

My only concern is that because it is integrated into Windows and so widely used, it is a very attractive target for malware attacks.

 

[Shadowra]

Microsoft Defender is enough, no need to install another free antivirus.

For anti-ransomware, just set it up. It may take some time but everything works afterwards.
That's what I did. I've been using Microsoft Defender for a few days and I'm not complaining. And it is the only free AV to block very recent malware

 

[Trooper]

Microsoft Defender is enough, no need to install another free antivirus.

For anti-ransomware, just set it up. It may take some time but everything works afterwards.
That's what I did. I've been using Microsoft Defender for a few days and I'm not complaining. And it is the only free AV to block very recent malware

Is that the controlled folder access?

 

[RoboMan]

I despise using Windows Defender, and I will list my reasons which I experienced in several PC's:

1. Usability issues: cannot use Controlled Folder Access because it's horribly designed and blocks literally everything, like not even a Trusted app can place a shortcut in the desktop // cannot use Core Isolation module because it kills important apps like overclock or undervolt software
2. Interface bugs: several threats do not even show up when detected // several threats cannot be handled as the GUI just bugs and never applies any solution even after rebooting
3. Resource hog: daily tasks like copy/pasting, browsing through Windows folders can be extemely tedious and slow, with riduculous work-arounds like having to "whitelist the whole Downloads folder" or similar
4. No web protection at all rather than SmartSCreen for downloads?

Besides from that, it offers no benefits rather than being free or pre-installed. It's not "great", I find it to be more like an "efficient static detection tool" due to its huge database. Rather than signatures, I've never seen it shine. The few times I had to see behavioural analysis in action, it popped up too late.

I am not saying you shouldn't use it, since it will probably be enough for most users who aren't average Joe's. I'm just saying, for novice users, who like to click and surf the web without knowledge, it will probably get you infected.

 

[Shadowra]

I despise using Windows Defender, and I will list my reasons which I experienced in several PC's:

1. Usability issues: cannot use Controlled Folder Access because it's horribly designed and blocks literally everything, like not even a Trusted app can place a shortcut in the desktop // cannot use Core Isolation module because it kills important apps like overclock or undervolt software
2. Interface bugs: several threats do not even show up when detected // several threats cannot be handled as the GUI just bugs and never applies any solution even after rebooting
3. Resource hog: daily tasks like copy/pasting, browsing through Windows folders can be extemely tedious and slow, with riduculous work-arounds like having to "whitelist the whole Downloads folder" or similar
4. No web protection at all rather than SmartSCreen for downloads?

Besides from that, it offers not benefits rather than being free or pre-installed. It's not "great", I find it to be more like an "efficient static detection tool" due to its huge database. Rather than signatures, I've never seen it shine. The few times I had to see behavioural analysis in action, it popped up too late.

I am not saying you shouldn't use it, since it will probably be enough for most users who aren't average Joe's. I'm just saying, for novice users, who like to click and surf the web without knowledge, it will probably get you infected.

I have no worries about slowing down.
After the interface bugs, yes...

I'm going to test it today, video tomorrow !

 

[Captain Holly]

The main problem I have with WD is it is just too hard to understand. CFA is useless because it blocks legit apps. WD is hard to schedule a scan and a full scan of an average system can take all night and still not be done by morning. WD will do a quick scan on its own and tell me about the results ten days later. I also don't like having to add extra apps to make WD work better. Configure defender is a great app but I think the AV should perform all it's functions on its own without outside help. Also if you use any browser other than Edge you have no web protection. WD needs improvement.

C.H.

 

[ForgottenSeer 94654]

Microsoft Defender works great. CFA works great because it is designed to block so-called "legit apps." That is the whole point of CFA, otherwise you might as well allow process hollowed explorer or svchost to encrypt your valuable files. Allow exceptions for CFA are supposed to be created only when something is permanently broken. A 2 TB drive scan takes less than 5 minutes.

Everything that can be done with Configure Defender, Firewall Hardener, Hard Configurator, and the rest can all easily be done with PowerShell. So there is no need to use any third party app.

 

[show-Zi]

WD can be likened to an honor student who is not good at writing letters. It is excellent in the classroom (os), but it is difficult for people around to decipher it because it writes difficult-to-read characters. And it's not that strong in the corridor (web) out of the classroom.

 

[outlawxtorn]

Avast free is just better, it now even includes a firewall and the Ransomware shield, which used to be paid features, on top of Hardened Mode that was already free. Everything is done automatically without bothering you like WD's ransomware protection, which nags you every time you install a legit program or game.
Quick full scans, easier to schedule, it's very light on the system, and it even has a setting in the geek:area to suspend all non-gaming user processes.

I concur, Avast works great on my gaming system as well. I also use the suspend all non-gaming user processes option.

 

[ForgottenSeer 95367]

At the end of the day, SRP is still SRP, with all of its known limitations.

Within the context of this thread and all said in it, you say "SRP... limitations" in a tone and manner as if it is fatally flawed and should not be used by anyone. You're dislike of all things SRP is public and well-established here.

What SRP limitations?

Provide credible evidence.

If SRP is so limited and problematic, then why is it so successfully deployed and relied-upon since Vista? Why do government agencies and other institutions successfully use it to protect critical data?

@danb - MT member upvote of this thread; they're liking the discussion I am bringing here.

 

[danb]

Within the context of this thread and all said in it, you say "SRP... limitations" in a tone and manner as if it is fatally flawed and should not be used by anyone. You're dislike of all things SRP is public and well-established here.

What SRP limitations?

Provide credible evidence.

If SRP is so limited and problematic, then why is it so successfully deployed and relied-upon since Vista? Why do government agencies and other institutions successfully use it to protect critical data?

@danb - MT member upvote of this thread; they're liking the discussion I am bringing here.

The absolute most basic contextual implementation includes allowing or blocking by parent process and process. Legacy SRP cannot even do that.

JT, the last thing I want to do is to spend my time interacting with you. Have fun arguing and cyberstalking!

 

[ForgottenSeer 95367]

The absolute most basic contextual implementation includes allowing or blocking by parent process and process. Legacy SRP cannot even do that.

You made a negative claim regarding SRP. Now supply the evidence so that we can take a look at it.

But as stated earlier, SRP policies are all created from events (context). If a breakage happens, it takes only a few minutes to create an allow rule from the logs and other intelligence.

A contextual engine is a nice-to-have for consumers that cannot cope with block events, but it isn't needed in enterprise. The admins have the SRP logs, the plugins, the utilities, and all the analysis they need to create an allow rule to fix any "breakage."

In enterprise, admins don't create allow rules in real-time on-the-fly. There's an audit and vetting process that is a part of it. However, if need be they can create a allow exception within minutes and the whole system keeps humming right along.

JT, the last thing I want to do is to spend my time interacting with you. Have fun arguing and cyberstalking!

Who is JT? And nobody is arguing with or cyberstalking you.

If you don't want to discuss it, then stop responding to my posts. And stop making false claims.