- Aug 2, 2020
- 542
- Content source
- https://www.youtube.com/watch?v=FmDOJL4L38Q
Microsoft Defender Antivirus Tested 7.3.21
- Thread starter The_King
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Aug 2, 2020
- 542
That malware file detection rate not so great. 
Last edited:
- Mar 16, 2019
- 3,633
Microsoft Defender is weird. In my testing, I have seen its right-click scanner not detecting samples even for which it did have local signatures. Then I turned off the internet and entered into the folder containing malware and it started detecting most of them.
I don't know if their scanner is broken or it's like this by design. It's very much dependent on the Real-time protection module. With an internet connection, the real-time scanner will detect most samples anyway so users will remain protected.
I don't know if their scanner is broken or it's like this by design. It's very much dependent on the Real-time protection module. With an internet connection, the real-time scanner will detect most samples anyway so users will remain protected.
I am looking forward to the pc security Channel's video on windows 11's security
- Nov 10, 2017
- 3,250
Maybe thats because of Windows 11? it's beta..
- Aug 12, 2015
- 967
Microsoft should really fix the Defender. It's the most buggiest antivirus software I've seen. So, I tested it few times before with the simple EICAR test file. Detection was fine, but for some strange reason, it couldn't quarantine or delete the file. Then I've tried to delete it manually, but couldn't because Defender was using the file and it was "locked". It kept nagging me how threats were found and the only way for me to get rid of it was to add an exclusion in Defender, delete it and then remove exclusion.
Not to mention it takes ages to quarantine/delete the file while competitors do it in the matter of seconds.
They should make new Defender from scratch. SmartScreen too as there are more private ways to do it instead sending full URLs of visited websites.
It's just the way how Defender works. It's the same in 10.
Last edited:
I’ve noticed the same! Funnily enough I swear it always reliably deletes the KMS activators and watermark removers from my VMs’ desktops the moment my primary AV reloads due to an update but there are times where the on demand scanner just doesn’t want to detect anything at all.
I get that MD’s primary purpose is real-time protection of the everyday user (and secondarily competing with enterprise endpoint features) but it’s a bit of a shame because with a bit more work it can genuinely replace so many use cases of paid AVs, it’s just that doesn’t seem to be their priority.
- May 26, 2014
- 1,056
Just when I decided to just use Microsoft Defender(I'm doubting again)
- Dec 23, 2014
- 8,124
It seems that the author wrongly recognized the number of detected threats in signature (offline) tests.
In the File Detection test - New malware samples (300) the result was 75 threats found, but most of the detected samples were not removed by Defender from the folder with malware samples (removal can last several minutes).
The correct number of detected samples could be counted by inspecting Windows Event Log.
Normally such a test would be worthless because of the small number of samples and several methodology flaws. But in this case, the signature detection of Defender differs significantly from other products, so it can show something real. Detecting even all 75 threats (from 300) is still a poor signature detection result. This is a well known fact for Defender local signatures. One can compare it with the professional tests made by AV-Comparatives that show the same.
On the contrary to signature tests, other tests in this video showed very good results. But, this means nothing, because of the small number of samples and flawed methodology. Testing other AVs in this way cannot show statistically meaningful differences between popular AVs.
In the File Detection test - New malware samples (300) the result was 75 threats found, but most of the detected samples were not removed by Defender from the folder with malware samples (removal can last several minutes).
The correct number of detected samples could be counted by inspecting Windows Event Log.
Normally such a test would be worthless because of the small number of samples and several methodology flaws. But in this case, the signature detection of Defender differs significantly from other products, so it can show something real. Detecting even all 75 threats (from 300) is still a poor signature detection result. This is a well known fact for Defender local signatures. One can compare it with the professional tests made by AV-Comparatives that show the same.
On the contrary to signature tests, other tests in this video showed very good results. But, this means nothing, because of the small number of samples and flawed methodology. Testing other AVs in this way cannot show statistically meaningful differences between popular AVs.
Last edited:
- Aug 12, 2015
- 967
Just tried the cloud protection using the file downloaded from Microsoft Defender Testground. I could normally run the file that was supposed to be detected by the Defender. Even right-click scan isn't finding anything suspicious.
Is this some kind of joke?
Is this some kind of joke?
- Dec 23, 2014
- 8,124
It is not. These files are for testing the efficiency of Cloud Protection Level. They are fully detected only with Cloud Protection Level set to Highest. With default settings, most samples created in the test will not be detected.
When they release Windows 11 and the results are bad then I care. Not about an build from an OS not even sold 
- Dec 23, 2014
- 8,124
Yes. Furthermore, this test (even taken seriously) does not show anything new about Defender.When they release Windows 11 and the results are bad then I care. Not about an build from an OS not even sold
Microsoft never announced that Windows 11’s MD would be different from Windows 10’s. We shouldn’t be surprised here.
This doesn’t really affect the user in the real world, it’s more just something to keep in mind for people with special use cases or who rely on right-click scanning to protect others.
This doesn’t really affect the user in the real world, it’s more just something to keep in mind for people with special use cases or who rely on right-click scanning to protect others.
- Aug 12, 2015
- 967
- Dec 23, 2014
- 8,124
Yes, in such cases, Defender alone is not a good solution.
Anyway, it is easy to support it by HitmanPro or simply upload the samples to OneDrive (online storage) and download them to disk. The downloaded files will get the MOTW and they will be automatically checked in the Defender Cloud via "Block at First Sight" feature.
- Jul 15, 2016
- 321
- Dec 23, 2014
- 8,124
Your irony is understandable.
But when using Defender + Edge, you have a similarly "high protection" as with any Home AV on default settings.
When Defender uses Cloud, the signatures are needed only to remove leftovers that were dropped to disk and were not executed.
Last edited:
- Mar 16, 2019
- 3,633
The experience that I shared is based on Windows 10's Microsoft Defender. Windows 11's Defender is the same but it's possible that there are a few bugs here and there but don't think that would change the on-demand scanner result shown in the video.
I haven't face the latter part but the first part happens a lot when I decide to test it against multiple samples (not all at once like Leo does, I do one by one and wait for it to finish its removal process). A couple of weeks ago it detected malware after execution with its cloud protection and asked for a system restart for full removal. I checked task manager and Defender wasn't using any CPU so I decided to restart the system but after restarting, the files were still there and Defender UI kept showing active threats even after I told it to delete them. I was able to delete those files after disabling Defender's real-time protection and running a scan of Norton Power Eraser (Manual deleting was also possible).
I fully agree. I still think Defender is good enough for average consumers but some of the flaws it has are simply terrible. I have not seen other home AVs with these types of issues. I don't understand why Microsoft doesn't bother with these basic flaws.
- Mar 25, 2021
- 515
same with norton, when I scan with right lick it tell it is safe if I open the folder it removes it.
Similar threads
