App Review Microsoft Defender Antivirus (Windows 11) - Default Settings

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Content source
https://odysee.com/@Shadowra:f/Microsoft-Defender-Antivirus-(Windows-11):f
Hello and welcome to the Microsoft Defender test!
Microsoft Defender (formerly Windows Defender, and Microsoft Security Essentials on Win7) is the antivirus integrated in Windows since Windows 8.
Formerly very criticized for its lack of efficiency and reaction, Microsoft revisits it entirely for Windows 10 by adding AI Machine Learning detection, and various behavioral blocking.

Here, on Windows 11, Defender continues its performance.
It even has the luxury of detecting all the samples in my pack!
On the other hand, its scanning bug is still present. Indeed, Microsoft Defender is unable to remove everything... So I had to test via the interceptor.
Microsoft Defender is still an excellent and free antivirus!

Warning: Due to a bug with my Windows installation, some parts of Microsoft Defender are in French and others in English... I apologize, it is the translation of my virtual machine that has jumped.... This will be fixed with a new installation soon.



RAM Usage : Light
Malware URL test : 9/10 (1 missed, probably a fake Skype)
Fake crack : 1/1 (detected)
Malware Pack : A strange bug. Indeed, Microsoft Defender detects a large number, but can not clean everything. There are 358 threats left in the pack, but the interceptor removes them all.
There is nothing left, no malware is launched.
Resistance to script attacks: Yes

Result :
NPE : 1 (detected by Microsoft Defender)
KVRT : 2

Recommand : Yes
System Clean : Yes, system protected
 
  • Like
  • +Reputation
  • Applause
Reactions: simmerskool, vtqhtr413, Andy Ful and 23 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
MD did well (y)
Shadowra said:
Malware Pack : A strange bug. Indeed, Microsoft Defender detects a large number, but can not clean everything. There are 358 threats left in the pack, but the interceptor removes them all.
Click to expand...
Yeah, they haven't managed to fix it yet. But to have the best possible chance of avoiding this bug, you can not turn off MD's real time protection before extracting the sample pack. You have to keep it on and extract the malware pack. When I tested a couple of months ago twice with a pack of 100+ exe malware, MD was able to empty the folder completely automatically without leaving anything behind.
IMO, every AV should be tested like this, turning off real time protection is not a proper way of testing but anyway, that's another thing. For MD, it's necessary but even this method doesn't guarantee success all the time, so they should fix it.
 
  • Like
  • +Reputation
Reactions: windows1064, simmerskool, vtqhtr413 and 13 others
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
SeriousHoax said:
MD did well (y)

Yeah, they haven't managed to fix it yet. But to have the best possible chance of avoiding this bug, you can not turn off MD's real time protection before extracting the sample pack. You have to keep it on and extract the malware pack. When I tested a couple of months ago twice with a pack of 100+ exe malware, MD was able to empty the folder completely automatically without leaving anything behind.
IMO, every AV should be tested like this, turning off real time protection is not a proper way of testing but anyway, that's another thing. For MD, it's necessary but even this method doesn't guarantee success all the time, so they should fix it.
Click to expand...

Some antivirus programs block the extraction of the pack (like Eset, Norton and others), that's why I always disable the real time protection when I extract.
Microsoft should fix this bug because it can be a handicap if a machine has a big infection or in case of cleaning on an already infected system :/
 
  • Like
Reactions: simmerskool, amirr, Andy Ful and 10 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Shadowra said:
Some antivirus programs block the extraction of the pack (like Eset, Norton and others), that's why I always disable the real time protection when I extract.
Microsoft should fix this bug because it can be a handicap if a machine has a big infection or in case of cleaning on an already infected system :/
Click to expand...
ESET never did that in my tests, and Norton in my experience does things a bit differently. When you extract malware from a zip and Norton has database about it, it will often/most times block the extraction of those known threats before they are able to properly write themselves to the disk. This is some sort of early blocking, which helps them to reduce the time it takes to remove threats from the disk. Norton is probably the slowest at removing malware, so this method helps them to speed things up. Unknown threats are still extracted.
 
  • Like
  • +Reputation
  • Applause
Reactions: simmerskool, Andy Ful, brambedkar59 and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
amirr said:
I saw this is a new video ...
Click to expand...

Yes. This can be bad news for people who download files when disconnected from the internet. :)

But seriously, this can be an issue for some people who often:
  • use USB or network drives to install files (shared with other people) while disconnected from the Internet,
  • open MS Office documents stored on USB drives or network drives (shared with other people) while disconnected from the Internet,
  • use a very poor Internet connection.
Such situations can happen, especially in businesses. Of course, using Defender free in businesses is not recommended for those and some other reasons.
Please note, that Trend Micro (one of the top AVs) has got much worse offline detection.

Edit.
Good signatures can be also useful when checking the computer offline from a live CD.
 
Last edited:
  • Like
  • HaHa
Reactions: windows1064, amirr, Nevi and 6 others
G

Guilhermesene

Andy Ful said:
Yes. This can be bad news for people who download files when disconnected from the internet. :)

But seriously, this can be an issue for some people who often:
  • use USB or network drives to install files (shared with other people) while disconnected from the Internet,
  • open MS Office documents stored on USB drives or network drives (shared with other people) while disconnected from the Internet,
  • use a very poor Internet connection.
Such situations can happen, especially in businesses. Of course, using Defender free in businesses is not recommended for those and some other reasons.
Please note, that Trend Micro (one of the top AVs) has got much worse offline detection.

Edit.
Good signatures can be also useful when checking the computer offline from a live CD.
Click to expand...
For these reasons, I still think AV's that do not rely exclusively or largely on the cloud (network connection) are valid, even though many may not like this approach, but in my opinion it is still valid.

In the end, as everything has its pros and cons, it all comes down to what you need in your environment 🙂
 
  • Like
Reactions: amirr, Nevi, EascapenMatrix and 1 other person

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)
Replies
34
Views
3,257
Video Reviews - Security and Privacy
lokamoka820
lokamoka820
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,309
Video Reviews - Security and Privacy
tofargone
tofargone
Shadowra
    • Like
    • +Reputation
    • Applause
App Review UltraAV Antivirus 2024
Replies
28
Views
2,570
Video Reviews - Security and Privacy
Shadowra
Shadowra

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top