- Content source
- https://youtu.be/snImtCq-WBw
Windows Defender vs Ransomware 2024 (TPSC)
- Thread starter Lymphocyte
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Extremely glad to see, the improved results with Defender UI option added
Windows Defender is getting better but also been heavy on the system for quite some time.
Last edited:
Leo still had cloud block level at default. Kind of defeats the purpose, aside from the enabled ASR rules.
Last edited:
I think it's mentioned in one AV-Comparatives report.
I have never seen any sort of slowdown that those reports ever show. That's why I'm curious.
You can find out by running benchmarking software and doing things like running apps or browsing folders with lots of files in external drives. In my case, Kaspersky is usually the lightest and Defender the heaviest, with the rest in between. YMMV.
Methodology, etc., for one test:
Performance Test October 2023
AV-Comparatives released the Performance Test report October 2023 for consumer security products under Microsoft Windows 10.
www.av-comparatives.org
Harden MS defender with DefenderUI or Configure Defender , Rocksolid !
Although Leo's "video tests" are among the best AV reviews, I am afraid that they have nothing to do with real protection.
The "video test" results are usually much better compared to real attacks. The crucial detection problem follows from 0-hour malware, fileless methods, and loaders (droppers). Those factors are mostly ignored in Leo's "video tests". In a real attack, the ransomware is usually a payload delivered by another malware (like a loader). The loader usually does not execute ransomware in a standard way as a child process, but uses advanced/stealthy methods that are much harder to detect.
any.run
So, the real protection follows from detecting the malware types and execution methods mostly skipped in Leo's tests.
The "video test" results are usually much better compared to real attacks. The crucial detection problem follows from 0-hour malware, fileless methods, and loaders (droppers). Those factors are mostly ignored in Leo's "video tests". In a real attack, the ransomware is usually a payload delivered by another malware (like a loader). The loader usually does not execute ransomware in a standard way as a child process, but uses advanced/stealthy methods that are much harder to detect.
Loader | Malware Trends Tracker
Loaders are a type of malware that infiltrates devices to deliver additional malicious payloads.
any.run
So, the real protection follows from detecting the malware types and execution methods mostly skipped in Leo's tests.
Last edited:
So in other words he finds another way to bash Defender 
Intentionally, I don't think he does. Andy may have, does have, more insight than Leo?So in other words he finds another way to bash Defender
So in other words he finds another way to bash Defender
He usually underestimates the Defender's protection, but when you take this video as a presentation (not a real test), the results are probably OK.
Of course, the presentation does not prove anything except the author's beliefs, but a good presentation can show some real aspects/problems.
In other words, if we want to show that Defender can be improved by tweaking, then it must miss on default settings one sample or more.
Last edited:
Just follow results like those from AV-Comparatives and others, which are similar.
RoboMan
Level 38
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
Tools like ConfigureDefender, DefenderUI, even Hard_Configurator are excellent examples that Microsoft really cares about security, but just doesn't deploy it natively, probably to avoid user confusion or users having to deal with blockings...
That one miss wouldn't have happened if he manually ran each sample one by one. So, it's nothing to do with increasing Defender's protection. The gangbang approach is a faulty method as we have discussed before. In a perfect scenario of course, Defender should have stopped that ransomware since they already have signatures for it. So, it's a strange behavior to miss that because products like Avast, Bitdefender, ESET, Kaspersky, etc. don't miss detecting samples for which they already have local signatures. But since this testing method is not a real-world scenario, we can somewhat ignore it. Defender have other dangerous issues like malware adding exclusions to it.
Yeah I was thinking flooding the cloud signatures with requests probably lead to it going past the timeout window. With a good internet connection the 10 second timeout should be sufficient for most people who come across malware.
I know these continue to come up and get fixed, but I thought this wasn't an issue on W11 and fixed on W10 right now?
Yeah, that happens but in this case, Leo tested old samples. So pretty sure that the signature for that ransomware was already present locally. So, the issue is a bit different. Maybe it gets overwhelmed by all that malware at once and let one or two slip away sometimes. This doesn't happen with all products.
Tamper protection has become stronger but from what I see, that doesn't cover exclusions. So, exclusions can still be added on Windows 11 systems. If such malware can bypass Defender's pre-execution static analysis, then it can't stop them from adding exclusions to it. Even some legit programs do this to avoid performance impact.
You may also like...
-
Ultimate Antivirus Showdown | Windows Defender Antivirus vs Bitdefender Antivirus | 2024- Started by NB InfoTech
- Replies: 4
-
Video... Windows Hardening Guide 2025 Edition- Started by annaegorov
- Replies: 3
-
Microsoft Defender Antivirus feat AI Defender- Started by Shadowra
- Replies: 13
-
Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
- Started by NB InfoTech
- Replies: 4
-
AVG vs Symantec Antivirus: This One Cleaned Better- Started by Khushal
- Replies: 57