I guess I just have trauma from the old WIndows XP days...
1.
www.av-comparatives.org
Also if the file was transfered via Bluetooth?
99.9999999% you don't have malware and from your habits only way to even get malware is via a state sponsored targeted attack and I'm pretty sure they won't waste an exploit chain to attack you
Well the 63.1% is via local signatures and default settings but you can extend it's behavior monitoring with tools on this site add software restriction polices too etc and anyway it's not easy for malware to get to systems nowadays the browsers are sandboxed and hardened and you rarely see sandbox escape (browser is the main way most malware goes through ) so as long as you have good habits and don't execute executables that sites download well you should be Malware free1.
Just to be sure, that we are talking about the same.
When I mean "offline scanner", I mean when MS Defender scans a file, and there is no internet connection.
Are you meaning the same?
2.
"the offline (signatures)"
How can local MS Defender on my laptop, contain signatures / bits of code, for all possible kinds of malware?
This I have never quite understood...
It makes sense to use and compare to an online cloud, since it has unlimited space / data.
3.
In regard of this test:
MS Defender has an online detection rate of 97.5% and offline detection rate of 63.1%.Malware Protection Test March 2024
The Malware Protection Test March 2024 assesses program’s ability to protect a system against malicious files before, during or after execution.
3.
If the offline scanner clears a file / says the file is clean, and the online scanner don't scan it - then how come the detection rate of the online scanner is way higher / almost 100%?
4.
To me that is a problem, that the offline scanner that is worse / not good - can clear / say a file is clean, and let the file come into the system. Because with a detection rate of 63.1%, it is letting a lot of bad stuff get through. Or am I misunderstanding something?
Thank you again for all your great replies!
Yes exactly, this is the offline scanner which rely on signatures.
The signatures are file containing hashes of known malware, it is just a kind of text files, and that makes their size very small on your laptop, so space is not a problem here, MS Defender signatures size around 160 MB, this can contain millions of signatures to deal with malware.
Yes this is because in tests they use new malware not old one, but in real world you will not face only new malware, if you are a target to the attacker mostly what you will find on the internet or in a USB stick and old malware, and old here not mean old for years, after 3 days of new malware it becomes old and most vendors will catch it.3.
In regard of this test:
MS Defender has an online detection rate of 97.5% and offline detection rate of 63.1%.Malware Protection Test March 2024
The Malware Protection Test March 2024 assesses program’s ability to protect a system against malicious files before, during or after execution.
Again this is about 0-day malware, so the offline scanner here didn't say these samples clear, it can't quarantine them because it doesn't have signatures about them, while the online scanner will test them in an isolated environment and get the result by testing.
Don't think about it as someone better than the other, look at them as each one of them compliment the other, in the end they are a security layers to close impossible gaps in security not to challenge each other, and this is the best to keep the performance lighter on the system and the procedure faster.
