Advice Request Why Do You Use Windows Defender Antivirus?

[SeriousHoax]

Admittedly the scanning produces varying results. I think it depends on how high the severity rating is for the file in question. If it has a low severity rating, WD might leave it alone when you run a static scan. But what if you actually run the file? I am pretty sure it will be blocked.
Maybe @Andy Ful has some insight on this.

That's another case but I'm talking about the temporary exclusion system. I can even see the temporary exclusions on regedit but can't delete or modify it.

 

[shmu26]

I can even see the temporary exclusions on regedit

Good discovery!
What happens if you delete the file? And then you put a brand new copy of the same file in the same location?
In any case, I don't think it is a security risk, because the file will be blocked if it executes.

 

[stefanos]

From what you posted, it follows that your daughter has a problem with PUA inside the browser. That could be a problem, if she did not use web filtering. SmartScreen and WD Block at first sight will allow most PUA, because they are often installed legally after accepting the installation by the user. I do not know if Kaspersky web filtering helped your daughter to avoid PUAs for sure (she can learn), but this is a practical solution if it works. It is also better for your daughter than not tweaked WD (without some web browser extensions or DNS filtering). There are also some other solutions without Kaspersky, but there is no reason to replace it if it works well.

The problem is my daughter live to Greece and i live Belgium. I am not near to control her laptop. But realy Kaspersky save me.

 

[Andy Ful]

I have a question about Windows Defender, if I restore a file from the quarantine, it's automatically added to exclusions. But it's not shown in the excluded items list, it's added as temporary exclusions. Is there any way to disable this behavior or modify the temporary exclusions? I find this very annoying.

There are several types of WD exclusions by: extension, path, process, temporary path. This feature is not well implemented in WD. If one clear the history of threats, then the only way to see exclusions is looking at the subkeys of the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
or using PowerShell cmdlet:
(get-mppreference).ExclusionPath
(get-mppreference).ExclusionExtension
(get-mppreference).ExclusionProcess
Those exclusions can be also removed by using the PowerShell cmdlet Remove-MpPreference.

But I did not find the commands to see or remove the temporary path exclusions in PowerShell.

Edit.
It seems that temporary path exclusions can be deleted after booting to Windows recovery cmd (advanced startup options - command prompt):

Windows Defender - How to remove exclusions automatically generated by Windows Defender

So, if a threat is quarantined and then restored, an exclusion that doesn't appear in the exclusions list is automatically created to avoid re-quarantining the same file next time it's run. That is

answers.microsoft.com

 

[stefanos]

There are several types of WD exclusions by: extension, path, process, temporary path. This feature is not well implemented in WD. If one clear the history of threats, then the only way to see exclusions is looking at the subkeys of the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
or using PowerShell cmdlet:
(get-mppreference).ExclusionPath
(get-mppreference).ExclusionExtension
(get-mppreference).ExclusionProcess
Those exclusions can be also removed by using the PowerShell cmdlet Remove-MpPreference.

But I did not find the commands to see or remove the temporary path exclusions in PowerShell.

Think about telling my daughter to do all of this

 

[Andy Ful]

Think about telling my daughter to do all of this

The average users do not have any problem with this, because they do not exclude files. Most average users do not use WD Security Center for managing threats.
Furthermore, it is not a problem for most users because the samples in temporary exclusions had to be first intentionally recovered by the user from the quarantine. So, the user already decided that they are clean.
Yet, for the advanced users WD lacks the possibility to manually manage exclusions independently from history of threats (it can be done via PowerShell) and to remove the temporary exclusions. If I correctly remember, BitDefender free had the same problem. I do not know how it is solved in Kaspersky free.

 

[stefanos]

The average users do not have any problem with this, because they do not exclude files. Most average users do not use WD Security Center for managing threats.
Furthermore, it is not a problem for most users because the samples in temporary exclusions had to be first intentionally recovered by the user from the quarantine. So, the user already decided that they are clean.
Yet, for the advanced users WD lacks the possibility to manually add such entries by the user (it can be done via PowerShell). If I correctly remember, BitDefender free had the same problem. I do not know how it is solved in Kaspersky free.

The first version Bitdefender yes. But the last version i think have not problem. The problem with Bitdefender the last time to i test it is the web filter. if Bitdefender exclude a site. You have not the option to visit the site.

 

[shmu26]

Certain posters are off topic. The thread is not about why WD is a bad choice for certain people. The title of the thread is: Why Do You Use Windows Defender Antivirus?
If you don't use Windows Defender, and have absolutely no interest in using it because you think it's a piece of junk, then this is not the place to express your distaste for it. You are off-topic. There are other threads dedicated to bashing WD -- you will find plenty of them.

 

[Burrito]

Certain posters are off topic. The thread is not about why WD is a bad choice for certain people. The title of the thread is: Why Do You Use Windows Defender Antivirus?
If you don't use Windows Defender, and have absolutely no interest in using it because you think it's a piece of junk, then this is not the place to express your distaste for it. You are off-topic. There are other threads dedicated to bashing WD -- you will find plenty of them.

I dunno. The initial post lists reasons Windows Defender is bad (satire or not).

Seems to me that the posts of this thread are on-topic.

And... this has been a pretty good thread. It's increased my overall understanding of Windows Defender -- both good and bad.

Original Post:
Windows Defender Antivirus is:

• Invades Your Privacy
• Sends All Data to Microsoft Servers
• Very Weak Protection
• Slows Down My PC
• Scans All My 1000 Downloaded Files
• Low Detection Rate
• Easily Bypassed
• No Real Firewall
• Uses All My RAM (Memory)
• Broken White-listing Settings
• Lack of Customization
• Cannot Be Trusted
• ..

 

[SeriousHoax]

There are several types of WD exclusions by: extension, path, process, temporary path. This feature is not well implemented in WD. If one clear the history of threats, then the only way to see exclusions is looking at the subkeys of the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
or using PowerShell cmdlet:
(get-mppreference).ExclusionPath
(get-mppreference).ExclusionExtension
(get-mppreference).ExclusionProcess
Those exclusions can be also removed by using the PowerShell cmdlet Remove-MpPreference.

But I did not find the commands to see or remove the temporary path exclusions in PowerShell.

This is the location of temporary exclusions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths

 

[ForgottenSeer 72227]

If you get infected with third-party AVs, you sure as hell are getting infected with WD.

Well to be fair, anyone can get infected with any AV. Personally I don’t think it’s necessarily worse than 3rd parties. To be honest if you practice unsafe habits your playing with fire and eventually your luck will run out. IMO changing AV products without changing your habits is still playing with fire and gives a false sense of security. Sure it may do a slightly better job, but you can’t guarantee it won’t happen again.

reasons why I never use WD:
personal: too high disk activity with my type of usage
general, for other PCs I configure:
- people in my country download cracks packed in zip files with password -> BAFS & smartscreen are intentionally bypassed. Have seen too many PCs infected this way. Recently disinfected some PCs with WD installed
- people are still using external storage a lot -> another way to bypass
- most PCs around me are using HDDs with =<4GB of RAM and old CPUs => Windows 10 is a burden

I don't mind good things or theories/advanced features other people are saying about WD. This is what I observed
nobody uses tweaked settings, same for other AVs

avast and kaspersky seem to cover better most malwares in my country because everyone is using them while other AVs may end up with infection

the best AV for you is the one you can squeeze the best out of it by tweaking or combining it with something else + you feel comfortable + you don't get any infection for years

This is a good reason why security could/should be tailored to specific uses. There’s no one security fits all. Your examples prove that those poor security behaviours are fairly common place where you live. They may be better off with avast and or kaspersky, but there’s no guarantee that they will be protected every time. I’m not arguing with you just playing devils advocate I’ve said this in another thread, but I think justifying using a certain product because you use poor security habits isn’t really the best approach, as it too will fail at some point. Personally we should b asking people to change their habits, not say well if you use this product, you can do what ever you want, because it really is a false sense of security. Again just playing devils advocate.

WD is not user friendly, it lacks GUI and it is part of the Windows and people take it as such. Virtually all AVs scream at the user: You Are Protected, but WD just quietly sits in the background doing its job, but that makes people uncertain, whether it is actuall ydoing anything. They need reassurance. MS failed at selling WD to the public. MS only says, that it is free, but that makes it worse, how can it be better compared to $100 AV?

Actually this is one of the reasons i like WD over 3rd parties as I don’t need it to tell me its doing something. Sitting quietly in the background is how it should be IMO. Constantly telling me it’s doing something is an annoyance and IMO is trying to justify their existence. Their UI is a little clunky, but how much time does one spend really spend in their AV UI? Again just playing devils advocate here.

 

[bribon77]

Why do not I use WD, why I use W7. But I have friends that if they use it and they tell me, it is a big CPU consumer that they have tried to use it and in the end they have eliminated it. I'm not talking about old CPUs, but i7 and i5. and 16GB of RAM and SSD

 

[ForgottenSeer 72227]

I dunno. The initial post lists all the reason Windows Defender is bad (parody or not).

Seems to me that the posts of this thread are on-topic.

And... this has been a pretty good thread. It's increased my overall understanding of Windows Defender -- both good and bad.

Original Post:
Windows Defender Antivirus is:

• Invades Your Privacy
• Sends All Data to Microsoft Servers
• Very Weak Protection
• Slows Down My PC
• Scans All My 1000 Downloaded Files
• Low Detection Rate
• Easily Bypassed
• No Real Firewall
• Uses All My RAM (Memory)
• Broken White-listing Settings
• Lack of Customization
• Cannot Be Trusted
• ..

I think @Spawn post was more of satire/joke very similar to his thread on why you use W10. He’s really listing all the arguments against, many of which are pretty silly anyways, hence the satire. As I’ve already said, I think WD gets unfair treatment, as people are always constantly looking for the negatives with it. You can’t have a discussion or a test where WD does very well without people going, but, but, but. No other 3rd party AV goes through this, not to this degree anyways IMO.

Personally there are some who are basically putting their hands over their ears and going, not listening, not listening, not listening, every time someone shows/talks about how WD has/is improving.

To me it’s all about trying it out and seeing for yourself. I’ve been running it on both my systems for a while now and I can say with 100% confidence that I have not experienced any of the issues, performance and so on that is constantly talked about when it comes to WD. I think some people either haven’t tried it, or haven’t tried it in a very long time. Even @RoboMan has tried it out recently and was very surprised how good it has become and how much it’s performance has improved. I’m happy to hear his comments because it too confirms what many of us have been trying to say for a while now.

No I want to be clear that I am in no ways saying WD perfect, it’s far from it, but it has improved on many fronts and I think people just need to try it for themselves. No product can offer you 100% protection and no product is perfect. I am not saying that people who have had poor experiences with WD are wrong, everyone has different experiences and the same can be said for any security product. At the end of the day, choose what you like and what works best for you.

 

[shmu26]

And... this has been a pretty good thread. It's increased my overall understanding of Windows Defender -- both good and bad.

+1
But I do get a little tired of posters who feel they must convince everyone else why WD is garbage. They don't do this with other AVs.

 

[Burrito]

+1
But I do get a little tired of posters who feel they must convince everyone else why WD is garbage. They don't do this with other AVs.

Yeah, and I don't like Windows Defender (and yes, I've experimented with it).... but I recognize that you are right about that.

 

[bribon77]

I have to say that, in spite of everything, if I had W10, I would give him the opportunity to see it first-hand.

 

[ForgottenSeer 72227]

Why do not I use WD, why I use W7. But I have friends that if they use it and they tell me, it is a big CPU consumer that they have tried to use it and in the end they have eliminated it. I'm not talking about old CPUs, but i7 and i5. and 16GB of RAM and SSD

See I have a system very similar and one less powerful and if anything running WD makes my systems faster than most 3rd parties. I’m not saying your wrong, I’m just speaking from experience. As with any product, it will vary from system to system.

+1
But I do get a little tired of posters who feel they must convince everyone else why WD is garbage. They don't do this with other AVs.

Same here, it’s getting a little tiresome. TBH where I get a laugh is when people call us WD fanboys and say we are justifing (for the record no one in this thread said this, just speaking generally here) using WD, however the amount of energy some people put into bad mouthing WD is telling, because if you look at their arguments, they are grasping at straws.

 

[shmu26]

Yeah, and I don't like Windows Defender (and yes, I've experimented with it).... but I recognize that you are right about that.

I dislike Windows Defender, but I dislike it less than other AVs I have tried.

 

[Local Host]

@Raiden But WD hasn't performed well in any testing, even in the Malware Hub.

The first question everyone asks in those negative tests is "Is this using Hard Configurator?"

Considering the majorly of users use WD with Default Settings, that is irrelevant, not to mention even with Strict Settings, WD is easily bypassed by Malware constantly (and malware that targets WD is actually used in Home Systems, since it's the default AV).

Reason why everyone started talking about the Anti-Tamper in WD, which clearly shows lack of testing from you guys, as the Anti-Tamper in WD has proven to be ineffective and still in testing.

So no, WD is not a good AV for casual users, and as for us advanced users we don't need an AV in the first place, so using us as benchmark and claiming WD is good, is not exactly a good idea.

 

[Andy Ful]

Certain posters are off topic. The thread is not about why WD is a bad choice for certain people. The title of the thread is: Why Do You Use Windows Defender Antivirus?
If you don't use Windows Defender, and have absolutely no interest in using it because you think it's a piece of junk, then this is not the place to express your distaste for it. You are off-topic. There are other threads dedicated to bashing WD -- you will find plenty of them.

I agree (mostly).
But fortunately, people on this thread are kind and respectful to each other, even when they had very different experience with WD. The discussion is also very rational and can be helpful for the readers. So, I would like to thank for all posts (also slightly off topic).