Defender on Windows 10 has local AI + AI in the cloud (with malware detonation in the sandbox), so it can catch as many 0-day malware as any other good free AV. This is especially true for EXE, DLL, and SCR malicious files. That can be seen when analyzing MRG Effitas tests Q1 2018, Q4 2017. The level of catching 0-day malware depends on Defender settings:
- Cloud Protection Level: Default, High, Highest, Block (not available on Windows Home versions).
- Cloud Check Time Limit (10-60 seconds, 10 sec. by default).
- ASR rules (not activated by default).
- Network Protection (not activated by default).
As in the case of other AVs, some 0-day malware can still fool the local AI (and sometimes detonation procedure, too). Also, the 0-day script & scriptlet malware (highly obfuscated) can be still dangerous.
The top paid AVs have some additional features like monitoring the network traffic, Anti-Exploit modules, etc., which can be useful for detecting 0-day malware (especially in Enterprises). Yet, such AVs should be rather compared to Windows Defender with ATP (paid subscription).
.
The performance of Windows Defender is below the average when:
- copying many files
- opening folders with many executables
- installing/uninstalling applications with many executables
- managing the quarantine
- performing the full scan
For the daily tasks like web browsing, launching applications, reading/writing documents, performing the quick scan, Defender behaves similarly to other AVs.