Video Microsoft Defender Antivirus (Windows 11) - Default Settings

Shadowra

Level 22
Thread author
Verified
Top poster
Malware Tester
Well-known
Sep 2, 2021
1,166
Hello and welcome to the Microsoft Defender test!
Microsoft Defender (formerly Windows Defender, and Microsoft Security Essentials on Win7) is the antivirus integrated in Windows since Windows 8.
Formerly very criticized for its lack of efficiency and reaction, Microsoft revisits it entirely for Windows 10 by adding AI Machine Learning detection, and various behavioral blocking.

Here, on Windows 11, Defender continues its performance.
It even has the luxury of detecting all the samples in my pack!
On the other hand, its scanning bug is still present. Indeed, Microsoft Defender is unable to remove everything... So I had to test via the interceptor.
Microsoft Defender is still an excellent and free antivirus!

Warning: Due to a bug with my Windows installation, some parts of Microsoft Defender are in French and others in English... I apologize, it is the translation of my virtual machine that has jumped.... This will be fixed with a new installation soon.



RAM Usage : Light
Malware URL test : 9/10 (1 missed, probably a fake Skype)
Fake crack : 1/1 (detected)
Malware Pack : A strange bug. Indeed, Microsoft Defender detects a large number, but can not clean everything. There are 358 threats left in the pack, but the interceptor removes them all.
There is nothing left, no malware is launched.

Resistance to script attacks: Yes

Result :
NPE : 1 (detected by Microsoft Defender)
KVRT : 2

Recommand : Yes
System Clean : Yes, system protected
 

SeriousHoax

Level 43
Verified
Top poster
Well-known
Mar 16, 2019
3,160
MD did well (y)
Malware Pack : A strange bug. Indeed, Microsoft Defender detects a large number, but can not clean everything. There are 358 threats left in the pack, but the interceptor removes them all.
Yeah, they haven't managed to fix it yet. But to have the best possible chance of avoiding this bug, you can not turn off MD's real time protection before extracting the sample pack. You have to keep it on and extract the malware pack. When I tested a couple of months ago twice with a pack of 100+ exe malware, MD was able to empty the folder completely automatically without leaving anything behind.
IMO, every AV should be tested like this, turning off real time protection is not a proper way of testing but anyway, that's another thing. For MD, it's necessary but even this method doesn't guarantee success all the time, so they should fix it.
 

Shadowra

Level 22
Thread author
Verified
Top poster
Malware Tester
Well-known
Sep 2, 2021
1,166
MD did well (y)

Yeah, they haven't managed to fix it yet. But to have the best possible chance of avoiding this bug, you can not turn off MD's real time protection before extracting the sample pack. You have to keep it on and extract the malware pack. When I tested a couple of months ago twice with a pack of 100+ exe malware, MD was able to empty the folder completely automatically without leaving anything behind.
IMO, every AV should be tested like this, turning off real time protection is not a proper way of testing but anyway, that's another thing. For MD, it's necessary but even this method doesn't guarantee success all the time, so they should fix it.

Some antivirus programs block the extraction of the pack (like Eset, Norton and others), that's why I always disable the real time protection when I extract.
Microsoft should fix this bug because it can be a handicap if a machine has a big infection or in case of cleaning on an already infected system :/
 

SeriousHoax

Level 43
Verified
Top poster
Well-known
Mar 16, 2019
3,160
Some antivirus programs block the extraction of the pack (like Eset, Norton and others), that's why I always disable the real time protection when I extract.
Microsoft should fix this bug because it can be a handicap if a machine has a big infection or in case of cleaning on an already infected system :/
ESET never did that in my tests, and Norton in my experience does things a bit differently. When you extract malware from a zip and Norton has database about it, it will often/most times block the extraction of those known threats before they are able to properly write themselves to the disk. This is some sort of early blocking, which helps them to reduce the time it takes to remove threats from the disk. Norton is probably the slowest at removing malware, so this method helps them to speed things up. Unknown threats are still extracted.