Windows 10: Windows Defender (WD) Antivirus (AV)


Applies to:

Windows Server 2019

Windows 10 1809

Windows 10 1803

Windows 10 1709

Windows 10 1703

Windows Server 2016

Windows 10 1607


Updated Mar. 3rd, 2019.

Audience:  Security Administrators, and IT Administrators.

I would go on-site with our Microsoft Premier customers, when I mentioned Windows Defender Antivirus (WD AV), I would hear, Windows Defender?

A lot end-up thinking of Windows Defender from back in the days of Windows XP Service Pack 2, Windows Vista, and Windows 7 which was only an antispyware product.

So where is Windows Defender Antivirus coming from?  Started with an acquisition of GeCAD's Reliable Anti-virus (RAV) which became Windows OneCare Live and then Windows Live OneCare.

Windows Live OneCare was replaced with Microsoft Security Essentials (MSE) for consumers and Forefront Endpoint Protection for enterprises which brought Microsoft Active Protection Service (MAPS).

MAPS in the cloud: How can it help your enterprise?

https://www.microsoft.com/security/blog/2015/01/14/maps-in-the-cloud-how-can-it-help-your-enterprise/

Forefront Endpoint Protection was replaced with System Center Endpoint Protection (SCEP).

MAPS_

And finally in Windows 8 (circa 2012), we merged Microsoft Security Essentials (MSE) and System Center Endpoint Protection (SCEP) for enterprises together to form Windows Defender Antivirus which was built-in to the O.S..  MAPS becomes “Cloud Protection”.


"We have made acquisition a part of Microsoft’s security strategy – since 2013 we’ve acquired companies like Aorato, Secure Islands, Adallom, and most recently Hexadite."
     Reference:
     A decade inside Microsoft Security
    https://www.microsoft.com/security/blog/2017/11/09/a-decade-inside-microsoft-security/

And in Windows 10 we kept on investing on Windows Defender Antivirus (WD AV).  See below on what changes that we made.


[Why WD AV?]

Top scoring in industry tests (Jan to Dec of 2018, and continuing in 2019).

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests

March-April 2018 test results: More insights into industry AV tests

https://www.microsoft.com/security/blog/2018/07/20/march-april-2018-test-results-more-insights-into-industry-av-tests/

Adding transparency and context into industry AV test results

https://www.microsoft.com/security/blog/2018/05/24/adding-transparency-and-context-into-industry-av-test-results/

Protecting the protector: Hardening machine learning defenses against adversarial attacks

https://www.microsoft.com/security/blog/2018/08/09/protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks/

Some of you might ask, what did you guys do to improve on your 3rd party test scores?


  • Improved Machine Learning (ML) and Heuristics
  • New Deep ML targeting Behavioral anomalies

layered-machine-learning-models-funnel-3

Windows10CU-updated



“Cloud Protection + Block at First Sight (BaFS)”

Windows-Defender-cloud-instant-protection-1083x609

Another way of looking at it:Detonation-based-ML-diagram

Leading it to be next-generation antivirus.


Why Windows Defender Antivirus is the most deployed in the enterprise

https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/


Antivirus evolved

https://cloudblogs.microsoft.com/microsoftsecure/2017/05/08/antivirus-evolved/


Windows Security Whitepaper - Windows 10 - Windows Defender Antivirus

http://info.microsoft.com/rs/157-GQE-382/images/Windows%2010%20Security%20Whitepaper.pdf


The Evolution of Malware Prevention (Machine Learning) whitepaper

https://info.microsoft.com/Windows-Defender-ML-Whitepaper-Registration.html


Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware

https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/windows-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/?source=mmpc


Windows Defender Antivirus can now run in a sandbox

https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

https://www.microsoft.com/security/blog/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/


[What’s new?]


What are some of the highlights for both the WDAV library and other additions and changes to security in Windows 10, versions:

What's new in Windows 10, version 1809 for IT Pros - Security

https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809#security

What's new in Windows 10, version 1803 IT Pro content - Security

https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1803#security

What's new in Windows 10, version 1709 IT Pro content - Security

https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1709#security

What's new in Windows 10, version 1703 IT pro content - Security

https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1703#security

What's new in Windows 10, version 1607 - Security

https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1607#security

What's new in Windows 10, versions 1507 and 1511 - Security

https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1507-and-1511#security


[Test / Deploy WD AV]

Windows Defender compliance mapping whitepaper

http://download.microsoft.com/download/C/7/7/C778B7BB-0783-42D7-93A9-B86DFB5A7BAD/Coalfire_Branded_Windows_Defender_Whitepaper_EN_US.pdf

Windows Defender Antivirus & Exploit Guard protection evaluation guide

https://www.microsoft.com/en-us/download/details.aspx?id=54795

Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus

Partnering with the industry to minimize false positives

https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives/


Give Windows Defender Antivirus, the Next-Gen Protection a try.


Next in this series:

Windows 10: Windows Defender Exploit Guard-Exploit Protection

https://blogs.technet.microsoft.com/yongrhee/2019/02/21/windows-10-windows-defender-exploit-guard-exploit-protection/


Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules

https://blogs.technet.microsoft.com/yongrhee/2019/02/24/windows-10-windows-defender-exploit-guard-attack-surface-reduction-rules/


Windows 10: Windows Defender Exploit Guard-Network Protection

https://blogs.technet.microsoft.com/yongrhee/2019/02/26/windows-10-windows-defender-exploit-guard-network-protection/


Anti-ransomware in Windows 10: Windows Defender Exploit Guard-Controlled Folder Access

https://blogs.technet.microsoft.com/yongrhee/2019/03/02/anti-ransomware-in-windows-10-windows-defender-exploit-guard-controlled-folder-access/


Thanks,

Yong

Resources:

http://aka.ms/wdavtechnet

http://www.microsoft.com/mmpc

https://aka.ms/mmpcblog

Lifecycle information on both Windows Defender Antivirus and SCEP are outlined at https://support.microsoft.com/lifecycle/search


Recommended settings for VDI desktops

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-vdi-recommendations


A great Microsoft Ignite 2018 recording that goes over WDAV:

Windows Defender ATP machine learning: Detecting new and unusual breach activity - BRK3375


Comments (0)

Skip to main content