- Apr 26, 2017
- 89
Windows Defender has evolved a lot in the latest versions of Windows, and while third-party security vendors badmouth the antivirus, Microsoft keeps praising it occasionally, with an in-depth analysis published today detailing the way it can block unknown malware.
Microsoft says it takes a maximum of 10 seconds for Windows 10 to analyze a file that might be infected with a never-before-seen malware, which then helps protect not only the user who submits the sample, but also all the other users who rely on Windows Defender to keep systems protected.
The software giant highlights that the cloud power is what makes Windows Defender react so quickly and efficiently in the case of unknown malware, explaining that while it inspects files for possible infections, it also prevents possible malicious behavior on target systems.
Microsoft says it takes a maximum of 10 seconds for Windows 10 to analyze a file that might be infected with a never-before-seen malware, which then helps protect not only the user who submits the sample, but also all the other users who rely on Windows Defender to keep systems protected.
The software giant highlights that the cloud power is what makes Windows Defender react so quickly and efficiently in the case of unknown malware, explaining that while it inspects files for possible infections, it also prevents possible malicious behavior on target systems.
10-second malware analysis process
As described in the infographic that you can see here, when suspicious files are detected, they can be submitted to the cloud for an in-depth analyst and once the cloud assesses that the file is unknown, it requests a sample for future inspection. The client holding the file then uploads the sample automatically, with Microsoft’s cloud systems processing it and checking against machine learning classifiers.
The cloud then generates a signature and sends it to the client, with the Windows 10 system blocking the file and reporting back to the cloud to help protect all the other users.
The whole process takes place in less than 10 seconds, Microsoft explains, and the full protection is offered once the cloud analysis is enabled from the Settings app.
“When enabled, Windows Defender AV locks a suspicious file for 10 seconds by default, while it queries the Windows Defender AV cloud protection service. Administrators can configure Windows Defender AV to extend the timeout period up to one minute to give the cloud service time to perform even more analysis and apply additional techniques to detect new malware,” Microsoft says.
It goes without saying that these features are only available in the latest version of Windows 10, which right now is the Creators Update, but with more improvements coming in the next update due in September.
Source: Microsoft Explains How Its Antivirus Blocks Unknown Malware in Just 10 Seconds
The cloud then generates a signature and sends it to the client, with the Windows 10 system blocking the file and reporting back to the cloud to help protect all the other users.
The whole process takes place in less than 10 seconds, Microsoft explains, and the full protection is offered once the cloud analysis is enabled from the Settings app.
“When enabled, Windows Defender AV locks a suspicious file for 10 seconds by default, while it queries the Windows Defender AV cloud protection service. Administrators can configure Windows Defender AV to extend the timeout period up to one minute to give the cloud service time to perform even more analysis and apply additional techniques to detect new malware,” Microsoft says.
It goes without saying that these features are only available in the latest version of Windows 10, which right now is the Creators Update, but with more improvements coming in the next update due in September.
Source: Microsoft Explains How Its Antivirus Blocks Unknown Malware in Just 10 Seconds