Serious Discussion How good is Microsoft Defender's protection now in 2024?

[RRlight]

I saw on some news and discussions these days, saying Microsoft is gonna make more limitations on kernel privilege for 3rd party software in 24h2 version. Something like moving security vendors out of the kernel to prevent incidents e.g. CrowdStrike.

So how good is Microsoft Defender for normal users now, in case we eventually don't have many good alternatives, or only MD itself has access to the kernel, that kind of thing? Also considering the number of users to collect malware samples, probably no one has more than MD. In Win 7 age years ago when I used MSE, I remember it didn't have things like behavioural protection. I didn't use MD afterwards, how is it now?

 

[Bot]

Microsoft Defender has significantly improved over the years. It now includes features like behavioral protection, cloud-delivered protection, and automatic sample submission. It's consistently scored high in independent antivirus testing. The kernel limitation changes aim to enhance system security. For normal users, Defender provides comprehensive protection, making it a viable standalone antivirus solution.

 

[TairikuOkami]

So how good is Microsoft Defender for normal users now,

As far as protection goes Defender is comparable to other AVs, average, not top notch, but it will do. Defender ATP is way better, but you can not expect Enterprise security at home.
Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!

 

[oldschool]

MS Defender is perfectly fine, and used by many members of this and other forums, including yours truly. There's no reason to use 3rd party AVs in this day and age. You may enable advanced settings in Defender by using ConfigureDefender, GP or via powershell commands.

Some gamers actually say that their systems perform best with Defender, some not so much. I suppose it depends on the games you play.

Reports about plans re: kernel privileges were made after the CrowdStrike faulty update. MS hasn't made any decisions yet AFAIK.

 

[RRlight]

Thank you.

Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!

Currently using 7945hx, I won't care too much about performance. TBH, I set max frequency for the CPU so that it won't get too hot and fans too noisy

 

[Shadowra]

App Review - Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)

Microsoft Defender is the anti-malware solution present on Windows since Windows 8. It offers completely free protection powered by daily updates and cloud-based protection powered by AI Machine Learning. In this test, we will compare the antivirus twice. The first time, configured by...

malwaretips.com

 

[Vitali Ortzi]

It's basically the average av and can be configured to be as good as the top avs
With Windows Hybrid Hardening (with all it's tools )

 

[Vitali Ortzi]

As far as protection goes Defender is comparable to other AVs, average, not top notch, but it will do. Defender ATP is way better, but you can not expect Enterprise security at home.
Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!

Yeah both in consumer and enterprise tests the performance usage is worse then some other av software like eset

 

[bazang]

I saw on some news and discussions these days, saying Microsoft is gonna make more limitations on kernel privilege for 3rd party software in 24h2 version. Something like moving security vendors out of the kernel to prevent incidents e.g. CrowdStrike.

So how good is Microsoft Defender for normal users now, in case we eventually don't have many good alternatives, or only MD itself has access to the kernel, that kind of thing? Also considering the number of users to collect malware samples, probably no one has more than MD. In Win 7 age years ago when I used MSE, I remember it didn't have things like behavioural protection. I didn't use MD afterwards, how is it now?

The short of it is this:

1. It depends upon what you want and expect from a security application.
2. Microsoft Defender is not a "full featured" security solution.
3. Microsoft Defender is just an antivirus with file reputation lookup, some malicious scripting detection, and a few other capabilities.
4. As such, Microsoft Defender provides protection consistent with other equivalent security solutions - for this specific feature set or equivalent.
5. Microsoft Defender can be configured to a higher protection level.
6. Against many attacks, Microsoft Defender does not protect whereas other full featured security solutions will (e.g. banking trojans).
7. Are you safe with Microsoft Defender? That depends a lot upon your online behaviors and who else uses the system. It also depends upon your level of knowledge. These last two are far, far more important than what security software that you use.

Security is not software. Security is a process.

8. You can only know what works for you personally by trialing all the security solutions that you are interested in. There is no other way. Recommendations by others on security forums are well intentioned, but only you can figure out what works best by your own "testing" of trials.

 

[Slerion]

I don't know any more about MS Defender is perfectly fine, and used by many members of this and other forums, including yours truly. There's no reason to use 3rd party AVs in this day and age. You may enable advanced settings in Defender by using ConfigureDefender, GP or via powershell commands.

Some gamers actually say that their systems perform best with Defender, some not so much. I suppose it depends on the games you play.

Reports about plans re: kernel privileges were made after the CrowdStrike faulty update. MS hasn't made any decisions yet AFAIK.

For gaming Defender is one of the "heavier" ones , in cpu heavy games you can see the performance difference between WD and Avast AV ( not one , one is heavier than the prior avast )

 

[TairikuOkami]

Currently using 7945hx, I won't care too much about performance.

I have bought a new PC and using Defender is noticeable, unless you have disabled it's services, you can not really tell. When you install 3rd party AV, Defender still runs. You need to kill it to see.

 

[lokamoka820]

As far as protection goes Defender is comparable to other AVs, average, not top notch, but it will do. Defender ATP is way better, but you can not expect Enterprise security at home.
Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!

What is the best AVs for performance from your experience, I want a free one?

 

[SeriousHoax]

For gaming Defender is one of the "heavier" ones , in cpu heavy games you can see the performance difference between WD and Avast AV ( not one , one is heavier than the prior avast )

Where did you see this? Any link where we can see this test? Defender use basically no CPU at all when gaming when I checked. Make sure game mode detects that game as a game. In a fresh Windows 24H2 an online game that I play wasn't detected by the game mode automatically but always did in the past. Also, for online games other AVs with web protection might have some impact (usually don't) but not Defender since it doesn't have web protection.
But in some day-to-day operations Defender have some impact on performance based on the activity. But nowadays it's less noticeable for most basic things.

 

[lokamoka820]

For gaming Defender is one of the "heavier" ones , in cpu heavy games you can see the performance difference between WD and Avast AV ( not one , one is heavier than the prior avast )

Do you install all the shields in Avast AV, if not, what shields do you recommend?

 

[Shadowra]

2. Microsoft Defender is not a "full featured" security solution.
3. Microsoft Defender is just an antivirus with file reputation lookup, some malicious scripting detection, and a few other capabilities.
4. As such, Microsoft Defender provides protection consistent with other equivalent security solutions - for this specific feature set or equivalent.
6. Against many attacks, Microsoft Defender does not protect whereas other full featured security solutions will (e.g. banking trojans).

Thanks for making me laugh

2. MS Defender has anti-malware, cloud, anti-ransomware protection, firewall and can even determine behavior if it knows the "pattern" (Behavior:Win32/ detection).

3. But it's much more than that...
4. If you install another antivirus, MS Defender is automatically deactivated...
6. You made me laugh... most of the banking Trojans I've tested have been detected (AgentTesla, GuLoader, LokiBot, LastClipper and many more....). It's even one of the first to block new malware variants, and the 1st to block effectively when Emotet/TrickBot were active, thanks to their Machine Learning AI.....

It's time to stop bashing Microsoft av, it's evolved a lot and no longer looks like the old Win7 MSE Av

 

[tofargone]

Thanks for making me laugh

2. MS Defender has anti-malware, cloud, anti-ransomware protection, firewall and can even determine behavior if it knows the "pattern" (Behavior:Win32/ detection).

3. But it's much more than that...
4. If you install another antivirus, MS Defender is automatically deactivated...
6. You made me laugh... most of the banking Trojans I've tested have been detected (AgentTesla, GuLoader, LokiBot, LastClipper and many more....). It's even one of the first to block new malware variants, and the 1st to block effectively when Emotet/TrickBot were active, thanks to their Machine Learning AI.....

It's time to stop bashing Microsoft av, it's evolved a lot and no longer looks like the old Win7 MSE Av

I believe you Shadowra...
I do think that other people who are mentioning the performance impact are correct. IF MS could fix that, I would use Defender in a heart beat along with Andy's tools

 

[Andy Ful]

Usually, Microsoft Defender (properly configured) has close to 0 impact on gaming. This is probably true for most popular AVs.






Microsoft Defender (MD) does not work normally on some computers and can impact gaming. This can be seen when the CPU on idle is not about 1%, but for example 10%.
The performance of MD is similar to top AVs, except for administrator tasks with many files (creating backups, packing/unpacking/copying/opening large folders, installing applications with many files, performing system full scans, etc.).

If the computer is connected to the Internet, the protection of "MD (default settings) + SmartScreen for Eplorer + Edge web browser" is similar to top AVs on default settings.
If one does not respect SmartScreen or frequently uses the computer without an Internet connection, then Avast and a few other AVs can be better options. For example, Avast CyberCapture improved much last year and currently can check (on the execution) all suspicious EXE files in the cloud sandbox (some time ago only files downloaded from the Internet were checked). That is why Norton is going to implement CyberCapture instead of Download Insight.
Of course, MD does not have some features like VPN, Password Manager, or Banking web browser. If required, those features must be installed separately.

 

[bazang]

Thanks for making me laugh

2. MS Defender has anti-malware, cloud, anti-ransomware protection, firewall and can even determine behavior if it knows the "pattern" (Behavior:Win32/ detection).

3. But it's much more than that...
4. If you install another antivirus, MS Defender is automatically deactivated...
6. You made me laugh... most of the banking Trojans I've tested have been detected (AgentTesla, GuLoader, LokiBot, LastClipper and many more....). It's even one of the first to block new malware variants, and the 1st to block effectively when Emotet/TrickBot were active, thanks to their Machine Learning AI.....

It's time to stop bashing Microsoft av, it's evolved a lot and no longer looks like the old Win7 MSE Av

You make me laugh very much. Your own opinion of Microsoft Defender:

Microsoft Defender provides essentially no banking protections if it cannot detect the malware. AMSTO certified testing and peer-reviewed:

Analysis Of Modules For Protection Of Online Banking And Payments » AVLab Cybersecurity Foundation

Is your antivirus protect banking and payment online session? We have published security test about banking mode in modern antivirus solutions.

avlab.pl

Overview Of Techniques And Attacks In Windows 11 » AVLab Cybersecurity Foundation

Question - What does the name of the "Advanced In-The-Wild Malware Test" mean?

avlab.pl

https://avlab.pl/PDF_avlab/AVLab-Test-of-software-for-online-banking-protection.pdf

There are MT members who have reported multiple ways that native Windows security can be bypassed.

I don't even have to provide any references for Microsoft Defender against ransomware. It's track history is dismal if it does not detect the malware by signature.

Microsoft Defender - even highly hardened with maximum settings - is routinely defeated by malware and other attack types. The list of attacks and bypasses submitted to Microsoft by various nations' Defense Ministries is constantly full and long. Then there are the financial sector industry cybersecurity groups that routinely inform Microsoft of its Defender failures. Do you have access to either of those? Both are Controlled Unclassified Information (CUI) so I know that you do not. I do.

Try harder.

 

[BSONE]

Windows Security has a very light footprint these days from a system resources point of view.

 

[BSONE]

Try harder.

Détente with a few beers might be what the doctor ordered...