Q&A Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,008
... I probably would listen the screaming from the other side of the street if a default deny solution stopped my kids with prompting :)
...

Ha, ha.:)
Using totally silent protection is like using only underground crossings without teaching children anything about traffic lights.
Anyway, I did not write about the default-deny solution. The smart-default-deny will be usually silent. From time to time there can be an alert and this is a good thing because one can explain & teach the children.
Anyway, your solution would be rather the lesser evil for many of the average users, who cannot teach children about basic security, or for users who do not have time for that.
 

SherKaan

Level 12
Mar 17, 2014
582
I am currenty running WD with the following features set to off:

Cloud-delivered protection
Automatic sample submission
Tamper protection

And it performs well on my system. By the way, with or without any 3rd-party AV like Kaspersky, I have not been able to get infected yet based on my surfing routines and common sense.
 
Dec 12, 2021
192
I am currenty running WD with the following features set to off:

Cloud-delivered protection
Automatic sample submission
Tamper protection

And it performs well on my system. By the way, with or without any 3rd-party AV like Kaspersky, I have not been able to get infected yet based on my surfing routines and common sense.
Antiviruses are meant as an last line of defence, its good youre aware of your surroundings and know what you need to look out for, but there may come a day when it will save you, hence why using one is important, no matter how unlikely getting infected may be
 

ticklemefeet

Level 26
Jan 31, 2018
1,547
Yes, but there are many above-average home users too. Most of them do not use PowerShell and it would be strange to learn it only for tweaking Defender.



I think that the problem is far more serious than 20 years ago due to the expanding online activity and expanding cybercrime activity.:(
What did you mean by this Andy? Powershell should not be used to tweak Defender?

Thanks
 

Local Host

Level 25
Verified
Top poster
Well-known
Sep 26, 2017
1,453
Repeating personal opinions (without any reliable sources) will not make them more true.



I did not see any reliable example, except personal opinions.
Thankfully we don't need to go far to find evidence of my claims, MT own MalwareHub has all the evidence everyone needs on how WD protection is bypassed even with High Security settings.

Claiming Windows Defender is flawless is ridiculous at best, even Kaspersky that I talk so much about has it's fair share of problems (the fact it installs bloatware like Password Manager, VPN by default is ridiculous, not to mention the HTTPs certificate).

Honestly if there was an AV I would use on me PC, would be F-Secure, but it causes to many issues with FP and no warnings from Deepguard (some games won't even launch with no warnings, unless you disable Deepguard).

Contrary to popular believe I don't care about Kaspersky whasoever, is simply the best solution I have for family members PCs, they all setup to work without user interaction and I manage them all through Cloud.
@SeriousHoax Got what I meant. Bitdefender will deal with most everything without prompting the user which is ideal when dealing with children... I probably would listen the screaming from the other side of the street if a default deny solution stopped my kids with prompting :)

Anyway, hardening the OS is not something most common users would know how to do. The average user of this forum is nowhere close to the average users out there. If doing daily backups is beyond the technical knowledge of many :) But if you know how to do it then seriously, do it :)

It' not as much a decision of what is the safest way but what is the safest way that won't drive you crazy because of the kids complaining :)
I meant same can be done with Kaspersky which is what I do, either is fine, and yes, everyone should use what fits their needs.

Same way I don't care what others use on their PC, I simply have nausea by now of everyone claiming Windows Defender is perfect and there no need for third-party AVs.

Despite recommending Kaspersky often, at least I'm not a blind fanboy and acknowledge the weaknesses of it, same way I acknowledge it doesn't fit everyone needs, but never in my right mind I'll claim Windows Defender makes third-party AVs obsolete.
What did you mean by this Andy? Powershell should not be used to tweak Defender?

Thanks
By users that don't know what they doing? No.
Same goes for regedit, so they need to rely on third-party software to configure Windows Defender.
 
Last edited:

Shadowra

Level 20
Verified
Malware Tester
Sep 2, 2021
968
Hello,

Microsoft Defender is more than enough, especially since it is updated a lot.

Its evolution is not a myth, especially since I put him full of it when I have the opportunity on VM (0-day, RAT crypted, Exploit etc), he always detected them !

After that for those who go on obscure sites, it can have weaknesses, but it's like any antivirus....
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
288
Can't find anywhere that discuss this issue on the forums. Plenty of solutions on the net but nothing works for me on W 11.
Maybe some of you can redirect it or offer a solution. Thanks.

Defender does not delete Protection History after 30 days. Manual deletion of windowsdefender>scans>history wont work. Neither eventviewer method, nor Powershell set to delete it after one day.

Protection Hystory..png
 

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,658
Defender does not delete Protection History after 30 days. Manual deletion of windowsdefender>scans>history wont work. Neither eventviewer method, nor Powershell set to delete it after one day.
Try looking here:
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
288
Try looking here:
Thanks. I am unable to follow Andy instructions past downloading and opening AdvanceRun.
How to implement the line below is above my knowledge:
<Edit the config file AdvancedRun.cfg as it is shown below>
Screenshot 2021-12-18 160642.png
I dont' know what to do with this.
Much appreciated though.
 
Last edited:

danb

From VoodooShield
Verified
Top poster
Developer
Well-known
May 31, 2017
1,234
Can't find anywhere that discuss this issue on the forums. Plenty of solutions on the net but nothing works for me on W 11.
Maybe some of you can redirect it or offer a solution. Thanks.

Defender does not delete Protection History after 30 days. Manual deletion of windowsdefender>scans>history wont work. Neither eventviewer method, nor Powershell set to delete it after one day.

View attachment 262902
DefenderUI has an option on the Home tab for this (Clean and repair protection history), please let me know if for some reason it is not working with W11.
 
Dec 12, 2021
192
That makes no sense whatsoever because the implication of that argument is that one should not bother using security software.
94% of malware arrives trough email, so the end user has to download, lets say, an document, open it, and manually enabling editing/macros and will still not suspect anything or notice any red flags, if that isnt the fault of the user then I dont know what is, also, its the users job to keep their system up to date, so how is it not their fault if they get malware that exploits an vulnerability that has already been patched (i.e Bluekeep, log4j, etc)?
 

monkeylove

Level 7
Verified
Well-known
Mar 9, 2014
316
If you have 9 computers in-home, and some of them are used by children, then the chances of infection in some years cannot be ignored. The children have to be learned how to use safely the computers, just like they are taught to cross safely the street. It is long-term learning because safe habits have to be trained. I do not think that there is an easy way for that. Someone has to sacrifice time and pay attention to do it. This can be a similar challenge as teaching reading and writing.

In my opinion, the best method for children is to use a restricted system with special AV settings or Windows built-in features.
The best AV for that would be Kaspersky with Application Control (@harlan4096 setup). There are other possibilities too (also with non-AV applications).
Advanced users can adopt Windows built-in protection (Defender with advanced settings, Edge with SmartScreen and PUA, SRP, Windows Policies, Exploit Protection) and Parental/Ads control for web browsing (like Adguard DNS).

The clue is that the child should not be allowed to easily bypass the AV alerts. Unfortunately, most security solutions show such (Allow / Deny ) alerts for users' convenience.
Another problem is that most parents do not have sufficient knowledge or patience, or simply do not have time to apply & use a restricted system on a child's computer.

That is why there is no good solution for many people. The AV default settings are not sufficient for children. In many cases, the children are allowed to visit dangerous places and do dangerous things. Their security when using computers is a kind of roulette.:(
No children (the ages range from young adults to seniors), but only one of the nine has the most knowledge about this issue (me), and a second intermediate knowledge. They also regularly visit various websites and use different apps (office software, video, audio, and graphics editors), don't know or don't want to know how to back up and recover other than making copies of files in another folder or drive, and so on. I had to install adblockers, backup programs, etc., for them. Some even panicked when popups in Kaspersky showed up telling them to consider installing this or updating that, even though I already disabled as many info notifications I could find. So, you can imagine what mayhem can take place if I even try something like a default-deny feature, or using something other than an admin account (they call me and complain that this or that can't be installed), or UAC turned on, or what I experienced when I tried using advanced features in Defender (they call and complain that they can't load this or that file).

So, now I had Avast free installed in their machines in silent mode for the past few weeks, and no complaints so far. Probably, at worst, they will encounter one site that they can't access, and they'll only know when they actually look at the system bar and wonder what that blue dot means in the Avast icon. LOL.

Finally, I think most who participate in security forums have no idea what most computer users are like, which is why the advice given always refers to those with at least intermediate knowledge of computers.
 

monkeylove

Level 7
Verified
Well-known
Mar 9, 2014
316
There was never any comparison between Free and Paid products, that was only another excuse they came up to defend Windows Defender, Free Anti-Virus solutions can still provide better protection than Windows Defender at less performance cost on top.

I personally already provided examples where Windows Defender fails, that third-parties don't, and they failed to reply going around in circles and making up more excuses.

All the options you stated are available in Kaspersky, I use them myself on family members PCs, so I can't argue why one is better than the other.

From what I read, some of the AVs test in AV-Comparatives are free versions.

For your second and third point, I used KSC Free, but I noticed that a slow down took place in some machines, and in one with Adguard for Windows, problems with browsing. Also, popup notifications could not be removed, and they are tricky: you can't close them unless you click on the button to show that you want to learn more, and then close that window. So, now we're all using Avast Free, but I had to set it to silent mode; otherwise, they'll keep asking me about popups. LOL.