Advice Request Windows Defender - Pro's and Con's

Please provide comments and solutions that are helpful to the author of this topic.

jackuars

Level 27
Thread author
Verified
Top Poster
Well-known
Jul 2, 2014
1,688
With respect to the Free Antivirus of the Year 2018 competition, I'm starting a thread series where users of the various products will be joining together to state the Pro's and Con's of each antivirus software and why they think it was a contender or not for the Free Antivirus of the Year 2018.

In this thread we'll talk about the Pro's and Con's you have found about Windows Defender Antivirus.

The first post will be updated by me [or the mods] with what user's think is good and bad about the product, so an informed decision can be made for newcomers.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Pros:
- Included with Windows, no need extra installation
- Improving every year with better signatures and new protection modules
- Included Windows smartscreen to protect against zero-day malwares
- Basic exploit protection => can be tweaked directly for better protection
- Included ransomware protection/folder protection which can be configured
- Has no web protection in default settings => no SSL/HTTPS certificate problem
- Basic web protection can be enabled for little bit better protection
- Can be tweaked using Configure-Defender, Group Policy or Powershell for maximum protection => better than 2/3 of 3rd-party AVs
- Very few bugs in default settings especially for average users who never touch its setting menu
- Smartscreen + Syshardener/any scriptblocker can protect a system only downloading files from the internet up to 98%, completely signature-less
- Smartscreen is quite effective against PUPs
- No ads, no popups

Cons:
- Very buggy when users are dealing with malwares or they play around with settings. Bugs can be super irritating and non-resolvable
- Slows down some specific PCs significantly in some tasks: copying, disk-intensive tasks, opening a folder with programs (repeatedly due to a lack of caching) => really high CPU and disk usage, very obvious on PCs with HDD, less with SSD
- Causes high CPU and disk usage during large updates. Time-consuming, too
- Extremely poor signatures before and after tweaking. Tweaks have zero effect on signatures (right-click scan)
- In default settings, cloud feature almost never works, never detect anything, served as a file uploader only => only after tweaking, it detects much much more
- Smartscreen can be bypassed very easily: external drives, archived files, some scripts/documents (malwares are abusing this vector) or any vectors introduce a file without downloading it from the internet
- Tweaks must be done outside the main UI => regular users are not capable
- Sometimes, WD can't remove a detected file even after requested reboot and removal process takes forever although users can simple delete that file in 1 second
- In many occasions, WD reverts some windows settings, most noticeably UAC, after detecting some malwares
- The latest features can only be got when users upgrade to the latest windows versions (like Block at first sign) => Windows updates are proven to break so many working machines => how about Windows 8.1 and older windows 10 users?
- Block at first sign and smartscreen are known to cause many many false positives due to low reputation of the files, which may/may not be whitelisted after a few days
- Some features are working like in beta: ransomware protection, web protection
- Problems with consistency: sometimes, WD randomly doesn't work as expected
- WD is the main target of malware makers and they are adapting (using scripts) and they can disable WD easily using simple registry/powershell tricks
- WD has almost non-existent behavior blocker, in default settings
- People who want to use WD safely must be very cautious because it can be defeated very easily
- WD is a telemetry tool from MS (minor point)
- The strength of WD mostly comes from Windows smartscreen and block at first sign. The rest are not very helpful
 
Last edited:

plat

Level 29
Top Poster
Sep 13, 2018
1,793
My experience with Defender.

Pros: decent and stable security foundation/out of sight,out of mind almost always/takes adjunct security programs without problems (like ERP) strengthening baseline protections now made possible by group policy in home version, does not affect machine performance (disk is mostly free as stated above)

Cons: Crytpic "help" texts frequently explain nothing/controls are hidden/group policy may not fully explain the changes/one has to come across certain highly desirable features first (like PUP detections, Defender does not spoon-feed), default protections are inadequate, general OS problems may affect WD as well/support forum is in the Microsoft community forums instead of a separate, dedicated and more comprehensive place/Defender remains vulnerable to bypass.
 

ChemicalB

Level 8
Verified
Sep 14, 2018
360
I don't have much experience with WD because I use a third-party AV and many useful comments are already posted, but I think:

Pros

- Simple UI.
- Good detection (I don't know about complex malware and zero day).
- Windows built-in

Cons

Slow update: Windows Defender get its definitions via Windows Update, which means that it may take time before you receive a critical update.
- Big impact on performance on some systems.
- Universally popular so a common target of criminal bypass.
 
5

509322

Pro:
  • It's free.
Cons:
  • It's very buggy.
  • It's a perpetual beta.
  • It's prone to high false positives.
  • The GUI is atrocious.
  • Usability is atrocious.
  • It's very cryptic and non-intuitive.
  • Virtually no documentation.
  • Conflicting documentation.
  • Incomplete documentation.
  • It's a resource hog.
  • It will slow-down the system at times.
  • The protections have holes by design.
  • All of the advanced settings are hidden.
  • Not all settings or features are available on the Windows Home version.
  • To get the most protection out of it requires a quite advanced level of knowledge not to mention the effort required to obtain all the needed details.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Some posts about WD pros & cons can be found on my thread:
Discuss - The truth about Windows Defender on Windows 10 (Home & Pro).
WD can be easily tweaked via ConfigureDefender in one mouse-click (Defender high settings), and then it can provide a very good protection for most users (as compared to free and paid AVs). Yet, it will generate above average number of false positives.
If the user does not play with testing malware samples, then most cons will be not visible, at all.
Still, the paid AVs with ATP modules, can be also tweaked to get the higher protection, for never-seen malware (more false positives).
Average MT members can use the setup proposed by Evjl's Rain (slightly tweaked by me) :
WD (tweaked by ConfigureDefender) + SysHardener (default settings + tick 3 additional settings for PowerShell + 1 setting to unassociate JAR file extension + 1 setting for Remote Desktop).
The above setup can be made in a few minutes (reboot required).
For the Home users it can be as strong as any AV (free or paid), except the highly tweaked, paid AVs with ATP modules.
It is also true, that for the home users, any AV + SmartScreen + SysHardener, can give pretty much the same result. WD can add here only better system stability & compatibility.
The paid Internet Suites can also have an advantage of the network protection in businesses, and can provide a more comprehensive protection against the targeted attacks.
 
Last edited:

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Average MT members can use the setup proposed by @Evjl's Rain (slightly tweaked by me) :
WD (tweaked by ConfigureDefender) + SysHardener (default settings + tick 3 additional settings for PowerShell + 1 setting to unassociate JAR file extension + 1 setting for Remote Desktop).
The above setup can be made in a few minutes (reboot required).

Oh, this is a nice configuration, very nice. In fact, +1 for NVT SysHardener, something I switched to from OSArmor, which on my machine, is currently not working properly in Windows 1809 (Edge, if ticked, is supposed to be blocked in the OSA interface but opens anyway the first time, whereby OSA's pop-up notification shows after the fact. Possibly the same issue here but w/Internet Explorer--preferably the dev will fix it sometime.)

Lockdown's cons list (oops, what's that pro doing in there?) is so refreshingly unbiased, isn't it? :D :cool:
 
5

509322

True? Definitely.

Some people just cannot face the truth. They just want rainbows and unicorns.

giphy.gif
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Pro:
  • It's free.
Cons:
  • It's very buggy.
  • It's a perpetual beta.
  • It's prone to high false positives.
  • The GUI is atrocious.
  • Usability is atrocious.
  • It's very cryptic and non-intuitive.
  • Virtually no documentation.
  • Conflicting documentation.
  • Incomplete documentation.
  • It's a resource hog.
  • It will slow-down the system at times.
  • The protections have holes by design.
  • All of the advanced settings are hidden.
  • Not all settings or features are available on the Windows Home version.
  • To get the most protection out of it requires a quite advanced level of knowledge not to mention the effort required to obtain all the needed details.
I prepared the similarly true list for any free AV.:giggle:

Pros:
  • It's free
Cons:
  • It's buggy.
  • It's perpetual beta (new version per year) or it's abandoned (no new version per year).
  • Usability is atrocious (very restricted configuration) and there are not external tools to configure it better.
  • Virtually no documentation, about their impact on the system compatibility & stability.
  • No one really knows if the allowed modules work as in the paid versions.
  • Incomplete documentation.
  • It will slow-down the system at times.
  • Does not work well on some computers.
  • The protections have holes by design.
  • All of the advanced settings are hidden or disabled.
  • Can work improperly after any Windows update.
  • Can cause the negative impact on system compatibility & stability.
  • Can cause software incompatibilities (not good if cannot be tweaked).
  • Some are bundled with unwanted applications or Ads.
The free was done free on some reasons.
With the same pessimistic logic, I could also prove that inventing the wheel was not a good idea. So, let's be more optimistic. :oops::emoji_beer:(y)

Edit.
The shortest pros & cons list for any free AV (including WD).
Pros: It's free.
Cons: It's free (for some reasons).
That is why I fully agree with @Lockdown when he says:
"Some people just cannot face the truth. They just want rainbows and unicorns."
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I prepared the similarly true list for any free AV.:giggle:

Pros:
  • It's free
Cons:
  • It's buggy.
  • It's perpetual beta (new version per year) or it's abandoned (no new version per year).
  • Usability is atrocious (very restricted configuration) and there are not external tools to configure it better.
  • Virtually no documentation, about their impact on the system compatibility & stability.
  • No one really knows if the allowed modules work as in the paid versions.
  • Incomplete documentation.
  • It will slow-down the system at times.
  • Does not work well on some computers.
  • The protections have holes by design.
  • All of the advanced settings are hidden or disabled.
  • Can work improperly after any Windows update.
  • Can cause the negative impact on system compatibility & stability.
  • Can cause software incompatibilities (not good if cannot be tweaked).
  • Some are bundled with unwanted applications or Ads.
The free was done free on some reasons.
With the same pessimistic logic, I could also prove that inventing the wheel was not a good idea. So, let's be more optimistic. :oops::emoji_beer:(y)

Just change some things and this list can be used to describe almost every software in the world.

Android free Apps version:


Pros:
  • It's free
Cons:
  • It's buggy.
  • It's perpetual beta (new version per week) or it's abandoned (no new version per week).
  • Usability is atrocious (very restricted configuration) and there are not external tools to configure it better.
  • Virtually no documentation, about their impact on the system compatibility & stability.
  • No one really knows if the allowed modules work as in the paid versions.
  • Incomplete documentation.
  • It will slow-down the system at times.
  • Does not work well on some smartphones.
  • All of the advanced settings are hidden or disabled.
  • Can work improperly after a major system update.
  • Can cause the negative impact on system compatibility & stability.
  • Can cause software incompatibilities (not good if cannot be tweaked).
  • Some are bundled with unwanted applications or Ads.

Are Android free apps and Windows Defender that bad? Not even close, it is just a very very subjective opinion.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
hmmm

Pros:
- no need for 3rd party spyware av

Cons:
- Web filter to other browsers than edge ( some system level would be nice, but aint happening)
- settings to decide between normal-advanced user to harden config without 3rd party tools could be added


Defender is probably enough for advanced user without any tools/ tweaks, but when 3rd party avs simply perform better why wouldnt you install them?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
hmmm

Pros:
- no need for 3rd party spyware av

Cons:
- Web filter to other browsers than edge ( some system level would be nice, but aint happening)
- settings to decide between normal-advanced user to harden config without 3rd party tools could be added


Defender is probably enough for advanced user without any tools/ tweaks, but when 3rd party avs simply perform better why wouldnt you install them?
Advanced users can use any security, even without AV.
It is hard to prove what is better for the home users, so it will be a user decision.
There is no the one & true answer, that would be generally accepted by most home users.
There is the answer for businesses and organizations - do not use free AVs (even tweaked WD + SysHardener). The attack surface of businesses and organizations is very different as compared to the Home environment.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Advanced users can use any security, even without AV.
It is hard to prove what is better for the home users, so it will be a user decision.
There is no the one & true answer, that would be generally accepted by most home users.
There is the answer for businesses and organizations - do not use free AVs (even tweaked WD + SysHardener). The attack surface of businesses and organizations is very different as compared to the Home environment.
Every coin has two sides

no matter what av i use, i would always do the tweaks like syshardener + osa / cf since every av can be bypassed somehow

What i just noticed by installing win10 freshly back, downloading applications is very slow, because of smartscreen scanning them its somehow buggy
 
  • Like
Reactions: Weebarra

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Every coin has two sides

no matter what av i use, i would always do the tweaks like syshardener + osa / cf since every av can be bypassed somehow

What i just noticed by installing win10 freshly back, downloading applications is very slow, because of smartscreen scanning them its somehow buggy
They are not scanned by SmartScreen, but by "Block at first sight" feature. In the default settings they should be scanned up to 10s. The "Block at first sight" is that WD feature which makes it to score very well in AV-Comparatives tests, with a very low rate of user dependent actions. It is not a simple file reputation service like SmartScreen. The file is checked against WD offline signatures, next by the local WD AI, and if the file is suspicious, then file metadata is checked in the cloud against the fresh malware fingerprints and often analyzed by advanced AI in the cloud (based on machine learning).
If you think that 10s-60s is annoying, then think how much time you would spend when seeing the quick alert: "Be careful, this file is suspicious and can be dangerous".
 
Last edited:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
They are not scanned by SmartScreen, but by "Block at first sight" feature. In the default settings they should be scanned up to 10s. The "Block at first sight" is that WD feature that makes it to score very well in AV-Comparatives tests, with a very low rate of user dependent actions. It is not a simple file reputation service like SmartScreen. The file is checked against WD offline signatures, next by the local WD AI, and if the file is suspicious, then file metadata is often analyzed in the cloud by AI (based on machine learning).
If you think that 10s-60s is annoying, then think how much time you would spend when seeing the quick alert: "Be careful, this file is suspicious and can be dangerous".
Thanks for clarifying this, well the smaller files like whatsapp, spotify etc are scanned such fast, but the client i was downloading took well over minute, wich is only 50mb and still signed file, not sure why the downloads wont finish sometimes, and sometimes theyre just skyrocketing no matter wich browser i use...

Kinda stupid question, but are those well known signed files more trusted by WD than some uncommon ones, wich would affect into scanning speed?

If the WD offline signatures have such reputation service
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top