Windows Defender Evolves but Still Boasts Basic Antivirus Features, Tests Show

Status
Not open for further replies.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Not on demand scan, just going into the folder and then having to wait for files to get sorted by date. It's ridiculous.
It is strange, that some people have this issue, and many have not, even on slow computers. Maybe it depends on how they made the upgrade. My Windows 10 is from the fresh install and I do not have folder opening slowdown.

I also heard that there is an option to scan archives :
HKLM\Software\Policies\Microsoft\Windows Defender!DisableArchiveScanning

If DisableArchiveScanning=0 (no default value), then WD scans archives. If someone upgrades from previous Windows versions, some registry values may be no default, and have an impact on scanning performance.
 
Last edited:

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
It's a fresh install. Besides, do you think that's a normal behavior for a system powered by a 6 core 4.5GHz CPU, 32GB RAM on Samsung 850 Pro 2TB SSD. All of it. I have no spinning drives. I find that entirely unacceptable. And it has been like this forever since the beginning of Windows Defender. Other antiviruses on the other hand, not just avast!, also AVG, AVIRA and all the others don't have these issues.
 
  • Like
Reactions: rpsgc and Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
It's a fresh install. Besides, do you think that's a normal behavior for a system powered by a 6 core 4.5GHz CPU, 32GB RAM on Samsung 850 Pro 2TB SSD. All of it. I have no spinning drives. I find that entirely unacceptable. And it has been like this forever since the beginning of Windows Defender. Other antiviruses on the other hand, not just avast!, also AVG, AVIRA and all the others don't have these issues.
It would be unacceptable for many people.:)
 
  • Like
Reactions: reboot
D

Deleted member 178

Not on demand scan, just going into the folder and then having to wait for files to get sorted by date. It's ridiculous.
ah this issue, it is well known, indeed; personally i rarely put too much files on the same folders by habits. so im surely less annoyed by this than you :D
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
I have just made the test. 186 files (126 EXE, 4 MSI, 10 ISO, 46 ZIP) copied to one folder = over 4GB. No slowdown at all. Everything opens, sorts in half of the second. And the folder is on 10 years old, slow disk. I have AMD A10-5700 APU + 8GB RAM.

EDIT
And I remember that opening such folder took a couple of seconds on Windows 8 even on SSD.
Now, when I open this folder the Antimalware Service Executable can jump to 30-40% in CPU usage for one or two seconds, then drops to 20% and fade away to 0. All takes about 10 seconds. If I open this folder after some time, nothing happens.
 
Last edited:

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
I can understand the point some are making. About testing Windows built-in security together. WD, SmartScreen and UAC since they complement each other.
Which is why I think that if a tester(organizations or youtuber) is testing Windows built-in security, then it should have everything enabled.
However(and this is a big HOWEVER) if the tester is simply testing WD's detection capabilities then testing it alone makes sense. Basically they should state what they are testing.

And let's not forget, that UAC and SmartScreen can also complement 3rd party antiviruses as well. I imagine @Umbra wouldn't like it if Microsoft suddenly integrated WD, SmartScreen and UAC together to the point that if a user installs a 3rd party antivirus it would disable all 3 of them.
(I think a lot of people would downvote me for this if it were possible)

With that said I would like it if WD didn't feel so heavy.

Also for those that wonder if WD uses cloud. This is a new feature they introduced on Windows 10, version 1607 called Block at first sight
Enable the Block at First Sight feature to detect malware within seconds
"When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean."

Since they are stating it only reacts if the file is suspicious perhaps it means WD is looking into the behavior of the file(a la behavior blocker). Maybe @Wave could tell us if that is the case considering his knowledge in this kind of stuff.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
I have just made the test. 186 files (126 EXE, 4 MSI, 10 ISO, 46 ZIP) copied to one folder = over 4GB. No slowdown at all. Everything opens, sorts in half of the second. And the folder is on 10 years old, slow disk. I have AMD A10-5700 APU + 8GB RAM.

EDIT
And I remember that opening such folder took a couple of seconds on Windows 8 even on SSD.
Now, when I open this folder the Antimalware Service Executable can jump to 30-40% in CPU usage for one or two seconds, then drops to 20% and fade away to 0. All takes about 10 seconds. If I open this folder after some time, nothing happens.

I retested the above folder with 186 files (126 EXE, 4 MSI, 10 ISO, 46 ZIP) on 6 years old nettop with Atom D525 processor, slow hard disk, and 2GB RAM with Windows 10 Pro. I noticed the same behavior on hard disk and even on pendrive. No slowdown when opening the folder and sorting files.
I am curious, if anybody with updated Windows 10, has the folder slow openning issue. If so, what is the source of it.
 

DC47561

Level 3
Verified
Feb 3, 2017
102
As I said in another thread. I would use the antivirus that you are comfortable with. Myself - Sophos at the moment. I'm sure you would be fine if you used a limited user account with windows firewall and smartscreen enabled.
 
  • Like
Reactions: Andy Ful

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I retested the above folder with 186 files (126 EXE, 4 MSI, 10 ISO, 46 ZIP) on 6 years old nettop with Atom D525 processor, slow hard disk, and 2GB RAM with Windows 10 Pro. I noticed the same behavior on hard disk and even on pendrive. No slowdown when opening the folder and sorting files.
I am curious, if anybody with updated Windows 10, has the folder slow openning issue. If so, what is the source of it.
Maybe that's because of memory caching. You reboot the computer, then try again. :)
I have the same problem as RejZoR. WD has been this way since the OS was 8.1 and now 10. :)
 
D

Deleted member 178

I can understand the point some are making. About testing Windows built-in security together. WD, SmartScreen and UAC since they complement each other.
Which is why I think that if a tester(organizations or youtuber) is testing Windows built-in security, then it should have everything enabled.
However(and this is a big HOWEVER) if the tester is simply testing WD's detection capabilities then testing it alone makes sense. Basically they should state what they are testing.

I agree, my point is if they test only WD , so they should do the same with other products by disabling their preventive features (BBS, web filters, etc...) and only test the scanner part. when you compare , you must be fair.
You don't compare a normal car with the another model but tuned with a NOS kit...

And let's not forget, that UAC and SmartScreen can also complement 3rd party antiviruses as well. I imagine @Umbra wouldn't like it if Microsoft suddenly integrated WD, SmartScreen and UAC together to the point that if a user installs a 3rd party antivirus it would disable all 3 of them.
(I think a lot of people would downvote me for this if it were possible)

i will be very unhappy indeed. :D

With that said I would like it if WD didn't feel so heavy.

honestly i don't know what mechanism WD use when users open a folder populated with hundreds of exes; making the listing very sluggish; maybe it checks ADS, links, use the cloud, etc... i dont know. but sure like everybody , i would like see this minor issue fixed.

Also for those that wonder if WD uses cloud. This is a new feature they introduced on Windows 10, version 1607 called Block at first sight
Enable the Block at First Sight feature to detect malware within seconds
"When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean."

Good point, i always forgot to mention it.

Since they are stating it only reacts if the file is suspicious perhaps it means WD is looking into the behavior of the file(a la behavior blocker). Maybe @Wave could tell us if that is the case considering his knowledge in this kind of stuff.

i think maybe the file is run in a local VM.
 
  • Like
Reactions: Andy Ful and reboot
D

Deleted member 178

Maybe that's because of memory caching. You reboot the computer, then try again. :)
I have the same problem as RejZoR. WD has been this way since the OS was 8.1 and now 10. :)

just the icons taking some times to be displayed. and only the first time the folder is open after a boot.
 
  • Like
Reactions: Andy Ful and XhenEd

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Maybe that's because of memory caching. You reboot the computer, then try again. :)
I have the same problem as RejZoR. WD has been this way since the OS was 8.1 and now 10. :)

Rebooted - no slowing. Memory cashing works, when I open the folder next time in the same session. It is very strange, that in the same system the behavior is extremely different. I think about opening the Poll about it, and then we can try to solve this issue.
I can see exactly the same as @Umbra (icons are diplaying from the top to the bottom - it takes 3-4 seconds).
 
Last edited:
  • Like
Reactions: reboot and XhenEd
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top