- Jul 22, 2014
- 63
- Content source
- https://youtu.be/snImtCq-WBw
Windows Defender vs Ransomware 2024 (TPSC)
- Thread starter Lymphocyte
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 26, 2014
- 1,058
Extremely glad to see, the improved results with Defender UI option added
- Mar 13, 2021
- 418
Windows Defender is getting better but also been heavy on the system for quite some time.
Last edited:
- Apr 1, 2019
- 2,788
- Mar 29, 2018
- 7,120
Leo still had cloud block level at default. Kind of defeats the purpose, aside from the enabled ASR rules.
Last edited:
- Mar 9, 2014
- 545
I think it's mentioned in one AV-Comparatives report.
- Apr 1, 2019
- 2,788
I have never seen any sort of slowdown that those reports ever show. That's why I'm curious.
- Mar 9, 2014
- 545
You can find out by running benchmarking software and doing things like running apps or browsing folders with lots of files in external drives. In my case, Kaspersky is usually the lightest and Defender the heaviest, with the rest in between. YMMV.
Methodology, etc., for one test:
Performance Test October 2023
AV-Comparatives released the Performance Test report October 2023 for consumer security products under Microsoft Windows 10.
www.av-comparatives.org
- Jul 14, 2015
- 734
Harden MS defender with DefenderUI or Configure Defender , Rocksolid !
- Dec 23, 2014
- 8,146
Although Leo's "video tests" are among the best AV reviews, I am afraid that they have nothing to do with real protection.
The "video test" results are usually much better compared to real attacks. The crucial detection problem follows from 0-hour malware, fileless methods, and loaders (droppers). Those factors are mostly ignored in Leo's "video tests". In a real attack, the ransomware is usually a payload delivered by another malware (like a loader). The loader usually does not execute ransomware in a standard way as a child process, but uses advanced/stealthy methods that are much harder to detect.
any.run
So, the real protection follows from detecting the malware types and execution methods mostly skipped in Leo's tests.
The "video test" results are usually much better compared to real attacks. The crucial detection problem follows from 0-hour malware, fileless methods, and loaders (droppers). Those factors are mostly ignored in Leo's "video tests". In a real attack, the ransomware is usually a payload delivered by another malware (like a loader). The loader usually does not execute ransomware in a standard way as a child process, but uses advanced/stealthy methods that are much harder to detect.
Loader | Malware Trends Tracker
Loaders are a type of malware that infiltrates devices to deliver additional malicious payloads.
any.run
So, the real protection follows from detecting the malware types and execution methods mostly skipped in Leo's tests.
Last edited:
- Jul 14, 2015
- 734
So in other words he finds another way to bash Defender
- Mar 2, 2023
- 794
Intentionally, I don't think he does. Andy may have, does have, more insight than Leo?So in other words he finds another way to bash Defender
- Dec 23, 2014
- 8,146
So in other words he finds another way to bash Defender
He usually underestimates the Defender's protection, but when you take this video as a presentation (not a real test), the results are probably OK.
Of course, the presentation does not prove anything except the author's beliefs, but a good presentation can show some real aspects/problems.
In other words, if we want to show that Defender can be improved by tweaking, then it must miss on default settings one sample or more.
Last edited:
- Mar 9, 2014
- 545
Just follow results like those from AV-Comparatives and others, which are similar.
- Jun 24, 2016
- 2,400
Tools like ConfigureDefender, DefenderUI, even Hard_Configurator are excellent examples that Microsoft really cares about security, but just doesn't deploy it natively, probably to avoid user confusion or users having to deal with blockings...
- Mar 16, 2019
- 3,637
That one miss wouldn't have happened if he manually ran each sample one by one. So, it's nothing to do with increasing Defender's protection. The gangbang approach is a faulty method as we have discussed before. In a perfect scenario of course, Defender should have stopped that ransomware since they already have signatures for it. So, it's a strange behavior to miss that because products like Avast, Bitdefender, ESET, Kaspersky, etc. don't miss detecting samples for which they already have local signatures. But since this testing method is not a real-world scenario, we can somewhat ignore it. Defender have other dangerous issues like malware adding exclusions to it.
- Apr 1, 2019
- 2,788
Yeah I was thinking flooding the cloud signatures with requests probably lead to it going past the timeout window. With a good internet connection the 10 second timeout should be sufficient for most people who come across malware.
- Apr 1, 2019
- 2,788
I know these continue to come up and get fixed, but I thought this wasn't an issue on W11 and fixed on W10 right now?
- Mar 16, 2019
- 3,637
Yeah, that happens but in this case, Leo tested old samples. So pretty sure that the signature for that ransomware was already present locally. So, the issue is a bit different. Maybe it gets overwhelmed by all that malware at once and let one or two slip away sometimes. This doesn't happen with all products.
- Mar 16, 2019
- 3,637
Tamper protection has become stronger but from what I see, that doesn't cover exclusions. So, exclusions can still be added on Windows 11 systems. If such malware can bypass Defender's pre-execution static analysis, then it can't stop them from adding exclusions to it. Even some legit programs do this to avoid performance impact.
Similar threads
