Serious Discussion Microsoft Defender Antivirus and firewall = 100 % clean?

[Oblivion99]

Hello

New laptop with Windows 11 pre-installed

The laptop was only online for a couple of minutes during initial setup and when downloading software from Microsoft Store

Only downloaded software from the Microsoft Store

Never visited any websites

Before it went offline:
Windows fully updated
Microsoft Defender Antivirus and Real-time protection on
Microsoft Defender firewall on

Completed Full scan = clean

Would you trust, that the laptop / system is clean?

Thank you

 

[Sephirothnight]

Hello,
there is no reason why it should not be

 

[Shadowra]

You can always scan with Malwarebytes or Kaspersky Virus Removal Tools, but for me, it's clean

 

[oldschool]

Hello,
there is no reason why it should not be

Absolutely. Especially if you have a NAS router firewall or modem combo.

 

[lokamoka820]

This setup is what I use from 2016 till now, and I scan my laptop monthly with Malwarebytes and Kaspersky Virus Removal Tool, and sometimes install 3rd party AVs just for curiosity, and I found no problems at all.

 

[Oblivion99]

but for me, it's clean

Is that meant for the things I have done?

Or do you only believe it is clean when using: Malwarebytes or Kaspersky Virus Removal Tools?

Thank you

 

[Oblivion99]

Absolutely. Especially if you have a NAS router firewall or modem combo.

And what if not using a NAS router firewall?

Modern combo?

 

[lokamoka820]

Is that meant for the things I have done?

Or do you only believe it is clean when using: Malwarebytes or Kaspersky Virus Removal Tools?

Thank you

It is meant for your setup and the things you have done.

And Malwarebytes or Kaspersky Virus Removal Tools just to be more sure, they called second scanners.

If your device always connected to the internet, MS Defender is sufficient, even if it misses something, it will find it in a way or other after definition updates, it scans in the background, no need to do anything more.

 

[Oblivion99]

If your device always connected to the internet, MS Defender is sufficient, even if it misses something, it will find it in a way or other after definition updates, it scans in the background, no need to do anything more.

If a malicious file download itself onto my laptop
Will the real-time scanner then scan it immediately?
Or first when the malicious file is ran / activated?

 

[lokamoka820]

If a malicious file download itself onto my laptop
Will the real-time scanner then scan it immediately?
Or first when the malicious file is ran / activated?

MS Defender scan all downloaded files immediately before you can run it, you can test this by yourself by the following test:

Feature Settings Check - Drive-By Download Test - AMTSO

Verify if your desktop security software detects drive-by downloads of malware To verify if your desktop security software detects drive-by downloads of malware, a simulated “drive-by download” will be initiated: a new web page or tab will open and your browser will automatically attempt to...

www.amtso.org

 

[Oblivion99]

MS Defender scan all downloaded files immediately before you can run it, you can test this by yourself by the following test:

Feature Settings Check - Drive-By Download Test - AMTSO

Verify if your desktop security software detects drive-by downloads of malware To verify if your desktop security software detects drive-by downloads of malware, a simulated “drive-by download” will be initiated: a new web page or tab will open and your browser will automatically attempt to...

www.amtso.org

1.
As in "immediately ", or after a couple of minutes?

2.
"before you can run it"
I run it - as I open the file?
Or the system?

 

[lokamoka820]

Here is the exact scenario:

• You click on the file to download, or it downloads itself by clicking a malicious link.
• MS Defender will watch the downloaded file to complete, and you will not have access to it at all even if you try to run/copy/rename/whatever, no operations allowed.
• The exact second the file will complete downloading (you still don't have access to it) it will be scanned and quarantine if it is malicious.
• If it was encrypted or password protected, it will be scanned and quarantine in the same second it became accessible.

If you clicked on the test I sent you, you will see the operation practically.

By the way, even already installed software are checked periodically with MS Defender and deleted if it become malicious or suspected, check this thread:

Question - Wise Care 365 Blocked and Deleted by Microsoft Defender and after trying to reinstall Autorun Organizer show it as malware

malwaretips.com

 

[Oblivion99]

• You click on the file to download, or it downloads itself by clicking a malicious link.

1.
What other ways could a malicious file from the internet download itself unto the laptop / system?

• MS Defender will watch the downloaded file to complete, and you will not have access to it at all even if you try to run/copy/rename/whatever, no operations allowed.
• The exact second the file will complete downloading (you still don't have access to it) it will be scanned and quarantine if it is malicious.
• If it was encrypted or password protected, it will be scanned and quarantine in the same second it became accessible.

2
Does above apply, no matter how the file has downloaded itself?

3.
Does above also apply to a file someone uploaded to the laptop / system via wifi?

 

[lokamoka820]

1.
What other ways could a malicious file from the internet download itself unto the laptop / system?

In this thread, you will find the ways you can get infected:

Serious Discussion - What All the Ways I Can Get Infected Machine, and How to Avoid That?

What All the Ways I Can Get Infected Machine, and How to Avoid That?

malwaretips.com

2
Does above apply, no matter how the file has downloaded itself?

3.
Does above also apply to a file someone uploaded to the laptop / system via wifi?

The mentioned scenario will apply to any file crated/opened/copied/pasted/modified/etc. to your laptop/system, it is not about how the file downloaded or where it came from, it is about any file in the system new or old.

 

[Oblivion99]

Here is the exact scenario:

• You click on the file to download, or it downloads itself by clicking a malicious link.
• MS Defender will watch the downloaded file to complete, and you will not have access to it at all even if you try to run/copy/rename/whatever, no operations allowed.
• The exact second the file will complete downloading (you still don't have access to it) it will be scanned and quarantine if it is malicious.

1.
Does Microsoft Defender real-time protection use the online / cloud scanner or offline scanner first?

2.
In regard of your post in the other thread:

Question - Scanner find malware hidden in file with several functions?

Yes, scanners typically detect threats even if the file contains a timer to delay the activation of the malware. Scanners usually analyze not just the file itself but also its structure, signatures, and behavior. The malware will still be detected since the signatures or suspicious code elements...

malwaretips.com

And for the "it will be scanned and quarantine if it is malicious."
It uses:
Heuristic scanning and cloud-based protection service?
What else?

Thank you

 

[pxxb1]

Hello

New laptop with Windows 11 pre-installed

The laptop was only online for a couple of minutes during initial setup and when downloading software from Microsoft Store

Only downloaded software from the Microsoft Store

Never visited any websites

Before it went offline:
Windows fully updated
Microsoft Defender Antivirus and Real-time protection on
Microsoft Defender firewall on

Completed Full scan = clean

Would you trust, that the laptop / system is clean?

Thank you

Why do you ask? What is the evaluation behind the question

 

[lokamoka820]

1.
Does Microsoft Defender real-time protection use the online / cloud scanner or offline scanner first?

It will use offline scanner first.

2.
In regard of your post in the other thread:

Question - Scanner find malware hidden in file with several functions?

Yes, scanners typically detect threats even if the file contains a timer to delay the activation of the malware. Scanners usually analyze not just the file itself but also its structure, signatures, and behavior. The malware will still be detected since the signatures or suspicious code elements...

malwaretips.com

And for the "it will be scanned and quarantine if it is malicious."
It uses:
Heuristic scanning and cloud-based protection service?
What else?

It will use all the services available.

 

[Oblivion99]

Why do you ask? What is the evaluation behind the question

I just wanted confirmation from pros / specialists, that my laptop / system is clean.
And the more I learn from all these great replies, the more questions also arise.

 

[Oblivion99]

It will use offline scanner first.

1.
Why will it use the offline scanner first, when the online scanner is much better?

2.
When the offline scanner says the file is "OK", then the online scanner scans it?

3.
If the online scanner is in the process of scanning a file, and the internet connection is lost mid scan.
Then what happens to the file?
Will MS Defender call it a failed scan, and then delete the file?

Thank you

 

[lokamoka820]

1.
Why will it use the offline scanner first, when the online scanner is much better?

The online scanner is not better than the offline one, using the offline (signatures) is faster than uploading and downloading every single file it scans.

2.
When the offline scanner says the file is "OK", then the online scanner scans it?

No, if the offline says it is "OK", then no need to online scanner, online scanner just in case the offline find unknown file, it will upload it to the cloud to be tested.

3.
If the online scanner is in the process of scanning a file, and the internet connection is lost mid scan.
Then what happens to the file?
Will MS Defender call it a failed scan, and then delete the file?

I don't know exactly, I think it there will try again and again but after limited time it will pass the file as it doesn't have a reason to delete it, this is why MS Defender offline scan doesn't have good results.

By the way, here is what happen for me yesterday when I was trying to download CCleaner portable version:

• In the first try, MS Defender blocked it as it contains malware.
• In the second try I disabled MS Defender and download it, then I enabled MS Defender again and before going to the file it finds it and blocked it, it is that efficient.