Serious Discussion How good is Microsoft Defender's protection now in 2024?

RRlight

RRlight

Level 2
Thread author
May 11, 2024
74
171
65
I saw on some news and discussions these days, saying Microsoft is gonna make more limitations on kernel privilege for 3rd party software in 24h2 version. Something like moving security vendors out of the kernel to prevent incidents e.g. CrowdStrike.

So how good is Microsoft Defender for normal users now, in case we eventually don't have many good alternatives, or only MD itself has access to the kernel, that kind of thing? Also considering the number of users to collect malware samples, probably no one has more than MD. In Win 7 age years ago when I used MSE, I remember it didn't have things like behavioural protection. I didn't use MD afterwards, how is it now?
 
  • Like
  • Wow
Reactions: Amnesia, dronefox1166, Mndgs and 5 others
Microsoft Defender has significantly improved over the years. It now includes features like behavioral protection, cloud-delivered protection, and automatic sample submission. It's consistently scored high in independent antivirus testing. The kernel limitation changes aim to enhance system security. For normal users, Defender provides comprehensive protection, making it a viable standalone antivirus solution.
 
  • Like
Reactions: micasayyo, Vitali Ortzi, simmerskool and 1 other person
RRlight said:
So how good is Microsoft Defender for normal users now,
Click to expand...
As far as protection goes Defender is comparable to other AVs, average, not top notch, but it will do. Defender ATP is way better, but you can not expect Enterprise security at home.
Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!
 
  • Like
  • HaHa
Reactions: zidong, SeriousHoax, Sorrento and 4 others
MS Defender is perfectly fine, and used by many members of this and other forums, including yours truly. There's no reason to use 3rd party AVs in this day and age. You may enable advanced settings in Defender by using ConfigureDefender, GP or via powershell commands.

Some gamers actually say that their systems perform best with Defender, some not so much. I suppose it depends on the games you play.

Reports about plans re: kernel privileges were made after the CrowdStrike faulty update. MS hasn't made any decisions yet AFAIK.
 
Last edited:
  • Like
  • +Reputation
  • Wow
Reactions: Szellem, Amnesia, russ0408 and 11 others
Thank you.
TairikuOkami said:
Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!
Click to expand...
Currently using 7945hx, I won't care too much about performance. TBH, I set max frequency for the CPU so that it won't get too hot and fans too noisy;)
 
Last edited:
  • Like
Reactions: Sorrento and Dave Russo
  • Like
  • Applause
Reactions: Amnesia, Wrecker4923, Sorrento and 1 other person
TairikuOkami said:
As far as protection goes Defender is comparable to other AVs, average, not top notch, but it will do. Defender ATP is way better, but you can not expect Enterprise security at home.
Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!
Click to expand...
Yeah both in consumer and enterprise tests the performance usage is worse then some other av software like eset
 
  • Like
Reactions: Sorrento
RRlight said:
I saw on some news and discussions these days, saying Microsoft is gonna make more limitations on kernel privilege for 3rd party software in 24h2 version. Something like moving security vendors out of the kernel to prevent incidents e.g. CrowdStrike.

So how good is Microsoft Defender for normal users now, in case we eventually don't have many good alternatives, or only MD itself has access to the kernel, that kind of thing? Also considering the number of users to collect malware samples, probably no one has more than MD. In Win 7 age years ago when I used MSE, I remember it didn't have things like behavioural protection. I didn't use MD afterwards, how is it now?
Click to expand...
The short of it is this:

1. It depends upon what you want and expect from a security application.
2. Microsoft Defender is not a "full featured" security solution.
3. Microsoft Defender is just an antivirus with file reputation lookup, some malicious scripting detection, and a few other capabilities.
4. As such, Microsoft Defender provides protection consistent with other equivalent security solutions - for this specific feature set or equivalent.
5. Microsoft Defender can be configured to a higher protection level.
6. Against many attacks, Microsoft Defender does not protect whereas other full featured security solutions will (e.g. banking trojans).
7. Are you safe with Microsoft Defender? That depends a lot upon your online behaviors and who else uses the system. It also depends upon your level of knowledge. These last two are far, far more important than what security software that you use.

Security is not software. Security is a process.

8. You can only know what works for you personally by trialing all the security solutions that you are interested in. There is no other way. Recommendations by others on security forums are well intentioned, but only you can figure out what works best by your own "testing" of trials.
 
  • Like
  • Hundred Points
  • HaHa
Reactions: Parkinsond, Jonny Quest, mlnevese and 2 others
oldschool said:
I don't know any more about MS Defender is perfectly fine, and used by many members of this and other forums, including yours truly. There's no reason to use 3rd party AVs in this day and age. You may enable advanced settings in Defender by using ConfigureDefender, GP or via powershell commands.

Some gamers actually say that their systems perform best with Defender, some not so much. I suppose it depends on the games you play.

Reports about plans re: kernel privileges were made after the CrowdStrike faulty update. MS hasn't made any decisions yet AFAIK.
Click to expand...
For gaming Defender is one of the "heavier" ones , in cpu heavy games you can see the performance difference between WD and Avast AV ( not one , one is heavier than the prior avast )
 
  • Like
  • HaHa
Reactions: simmerskool, zidong and Sorrento
RRlight said:
Currently using 7945hx, I won't care too much about performance.
Click to expand...
I have bought a new PC and using Defender is noticeable, unless you have disabled it's services, you can not really tell. When you install 3rd party AV, Defender still runs. You need to kill it to see.
 
Last edited:
  • Like
Reactions: brambedkar59, simmerskool, Smoke and 2 others
TairikuOkami said:
As far as protection goes Defender is comparable to other AVs, average, not top notch, but it will do. Defender ATP is way better, but you can not expect Enterprise security at home.
Then there is the performance and as far as I can tell, Defender is the worst. If you are considering 3rd party AV, then this most likely the cause. MS just does not optimize, period!
Click to expand...
What is the best AVs for performance from your experience, I want a free one?
 
  • Like
Reactions: Sorrento
Slerion said:
For gaming Defender is one of the "heavier" ones , in cpu heavy games you can see the performance difference between WD and Avast AV ( not one , one is heavier than the prior avast )
Click to expand...
Where did you see this? Any link where we can see this test? Defender use basically no CPU at all when gaming when I checked. Make sure game mode detects that game as a game. In a fresh Windows 24H2 an online game that I play wasn't detected by the game mode automatically but always did in the past. Also, for online games other AVs with web protection might have some impact (usually don't) but not Defender since it doesn't have web protection.
But in some day-to-day operations Defender have some impact on performance based on the activity. But nowadays it's less noticeable for most basic things.
 
  • Like
  • +Reputation
Reactions: Parkinsond, simmerskool, zidong and 1 other person
bazang said:
2. Microsoft Defender is not a "full featured" security solution.
3. Microsoft Defender is just an antivirus with file reputation lookup, some malicious scripting detection, and a few other capabilities.
4. As such, Microsoft Defender provides protection consistent with other equivalent security solutions - for this specific feature set or equivalent.
6. Against many attacks, Microsoft Defender does not protect whereas other full featured security solutions will (e.g. banking trojans).
Click to expand...
Thanks for making me laugh :)

2. MS Defender has anti-malware, cloud, anti-ransomware protection, firewall and can even determine behavior if it knows the "pattern" (Behavior:Win32/ detection).

3. But it's much more than that...
4. If you install another antivirus, MS Defender is automatically deactivated...
6. You made me laugh... most of the banking Trojans I've tested have been detected (AgentTesla, GuLoader, LokiBot, LastClipper and many more....). It's even one of the first to block new malware variants, and the 1st to block effectively when Emotet/TrickBot were active, thanks to their Machine Learning AI.....

It's time to stop bashing Microsoft av, it's evolved a lot and no longer looks like the old Win7 MSE Av ;)
 
  • Like
  • Thanks
  • Hundred Points
Reactions: Parkinsond, Wrecker4923, micasayyo and 10 others
Shadowra said:
Thanks for making me laugh :)

2. MS Defender has anti-malware, cloud, anti-ransomware protection, firewall and can even determine behavior if it knows the "pattern" (Behavior:Win32/ detection).

3. But it's much more than that...
4. If you install another antivirus, MS Defender is automatically deactivated...
6. You made me laugh... most of the banking Trojans I've tested have been detected (AgentTesla, GuLoader, LokiBot, LastClipper and many more....). It's even one of the first to block new malware variants, and the 1st to block effectively when Emotet/TrickBot were active, thanks to their Machine Learning AI.....

It's time to stop bashing Microsoft av, it's evolved a lot and no longer looks like the old Win7 MSE Av ;)
Click to expand...
I believe you Shadowra...
I do think that other people who are mentioning the performance impact are correct. IF MS could fix that, I would use Defender in a heart beat along with Andy's tools
 
  • Like
  • Applause
  • Hundred Points
Reactions: oldschool, Pat MacKnife, Shadowra and 2 others
Usually, Microsoft Defender (properly configured) has close to 0 impact on gaming. This is probably true for most popular AVs.






Microsoft Defender (MD) does not work normally on some computers and can impact gaming. This can be seen when the CPU on idle is not about 1%, but for example 10%.
The performance of MD is similar to top AVs, except for administrator tasks with many files (creating backups, packing/unpacking/copying/opening large folders, installing applications with many files, performing system full scans, etc.).

If the computer is connected to the Internet, the protection of "MD (default settings) + SmartScreen for Eplorer + Edge web browser" is similar to top AVs on default settings.
If one does not respect SmartScreen or frequently uses the computer without an Internet connection, then Avast and a few other AVs can be better options. For example, Avast CyberCapture improved much last year and currently can check (on the execution) all suspicious EXE files in the cloud sandbox (some time ago only files downloaded from the Internet were checked). That is why Norton is going to implement CyberCapture instead of Download Insight.
Of course, MD does not have some features like VPN, Password Manager, or Banking web browser. If required, those features must be installed separately.
 
Last edited:
  • Like
  • +Reputation
Reactions: micasayyo, simmerskool, lokamoka820 and 3 others
Shadowra said:
Thanks for making me laugh :)

2. MS Defender has anti-malware, cloud, anti-ransomware protection, firewall and can even determine behavior if it knows the "pattern" (Behavior:Win32/ detection).

3. But it's much more than that...
4. If you install another antivirus, MS Defender is automatically deactivated...
6. You made me laugh... most of the banking Trojans I've tested have been detected (AgentTesla, GuLoader, LokiBot, LastClipper and many more....). It's even one of the first to block new malware variants, and the 1st to block effectively when Emotet/TrickBot were active, thanks to their Machine Learning AI.....

It's time to stop bashing Microsoft av, it's evolved a lot and no longer looks like the old Win7 MSE Av ;)
Click to expand...
You make me laugh very much. Your own opinion of Microsoft Defender:

1729395199551.png



Microsoft Defender provides essentially no banking protections if it cannot detect the malware. AMSTO certified testing and peer-reviewed:

avlab.pl

Analysis of modules for protection of online banking and payments » AVLab Cybersecurity Foundation

Is your antivirus protect banking and payment online session? We have published security test about banking mode in modern antivirus solutions.
avlab.pl avlab.pl

avlab.pl

Overview of techniques and attacks in Windows 11 » AVLab Cybersecurity Foundation

Question - What does the name of the "Advanced In-The-Wild Malware Test" mean?
avlab.pl avlab.pl


There are MT members who have reported multiple ways that native Windows security can be bypassed.

I don't even have to provide any references for Microsoft Defender against ransomware. It's track history is dismal if it does not detect the malware by signature.

Microsoft Defender - even highly hardened with maximum settings - is routinely defeated by malware and other attack types. The list of attacks and bypasses submitted to Microsoft by various nations' Defense Ministries is constantly full and long. Then there are the financial sector industry cybersecurity groups that routinely inform Microsoft of its Defender failures. Do you have access to either of those? Both are Controlled Unclassified Information (CUI) so I know that you do not. I do.

Try harder.
 
Last edited by a moderator:
  • Like
Reactions: Dimitriss

You may also like...