How Windows Defender Antivirus Blocks Unknown Malware in Just 10 Seconds

[tao]

 

 

Redmond details the method used to block new malware

Windows Defender has evolved a lot in the latest versions of Windows, and while third-party security vendors badmouth the antivirus, Microsoft keeps praising it occasionally, with an in-depth analysis published today detailing the way it can block unknown malware.

Microsoft says it takes a maximum of 10 seconds for Windows 10 to analyze a file that might be infected with a never-before-seen malware, which then helps protect not only the user who submits the sample, but also all the other users who rely on Windows Defender to keep systems protected.

The software giant highlights that the cloud power is what makes Windows Defender react so quickly and efficiently in the case of unknown malware, explaining that while it inspects files for possible infections, it also prevents possible malicious behavior on target systems.

10-second malware analysis process

As described in the infographic that you can see here, when suspicious files are detected, they can be submitted to the cloud for an in-depth analyst and once the cloud assesses that the file is unknown, it requests a sample for future inspection. The client holding the file then uploads the sample automatically, with Microsoft’s cloud systems processing it and checking against machine learning classifiers.

The cloud then generates a signature and sends it to the client, with the Windows 10 system blocking the file and reporting back to the cloud to help protect all the other users.

The whole process takes place in less than 10 seconds, Microsoft explains, and the full protection is offered once the cloud analysis is enabled from the Settings app.

“When enabled, Windows Defender AV locks a suspicious file for 10 seconds by default, while it queries the Windows Defender AV cloud protection service. Administrators can configure Windows Defender AV to extend the timeout period up to one minute to give the cloud service time to perform even more analysis and apply additional techniques to detect new malware,” Microsoft says.

It goes without saying that these features are only available in the latest version of Windows 10, which right now is the Creators Update, but with more improvements coming in the next update due in September.

< Source >

[Phantomboxe]

 

[tao]

30 minutes ago, 0bin said:

Do a video review on test environment, please.

Sorry.      Bots are incapable.      

[Batu69]

Topic edited: Copied full article & linked to article source.

[steven36]

Why I don't recommend Windows Defender -The PC Security Channel [TPSC]

 

 

 

 

 

 

[tao]

7 minutes ago, 0bin said:

Not true, I know machines that do behavioral analysis good way.

For you -- you know machines very well. 

[Sylence]

5 hours ago, steven36 said:

Why I don't recommend Windows Defender -The PC Security Channel [TPSC]

 

 

 

 

 

 

 

 

Don't believe whatever you see, there are many details missing. and of course he can modify the Windows Defender settings through registry and/or group policy yet the options shows in there can stay the same. also the Windows Defender version can be faked. and another thing, he seems to be using a previous version of Windows and not the creators update, which the post says this technologies is integrated into Windows since that update. there's no proof he is using Enterprise edition. many doubts in this video.

[steven36]

4 minutes ago, saeed_dc said:

 

 

Don't believe whatever you see, there are many details missing. and of course he can modify the Windows Defender settings through registry and/or group policy yet the options shows in there can stay the same. also the Windows Defender version can be faked. and another thing, he seems to be using a previous version of Windows and not the creators update, which the post says this technologies is integrated into Windows since that update. there's no proof he is using Enterprise edition. many doubts in this video.

Spoken like a true fanboy , why would someone with a well respected security forum  stage a act like that? .. You have any proof  he staged it ?  if you haven't then don't waste my time.

[Sylence]

5 minutes ago, steven36 said:

Spoken like a true fanboy , why would someone with a well respected security forum  stage a act like that? .. You have any proof  he staged?  if you dont waste my time.

 

fanboys don't go into details  that's more like you. there is no proof it's real either. or are you actually fooled by a simple video?

 

the more knowledge he possesses, the more you should expect from him, not less.

 

why would someone with a well respected security forum  stage a act like that? Why Wouldn't???

[steven36]

35 minutes ago, saeed_dc said:

 

fanboys don't go into details  that's more like you. there is no proof it's real either. or are you actually fooled by a simple video?

I be darn if they don't i been watching them every since June 2015 over 2 years trying too defend Windows 10 when in the end Microsoft is going too blacklist  there old hardware at lest I do own a computer that have real windows 10 support . He has more proof than you and it's not uncommon for some AVs too miss on new samples. All it takes is one miss and you're infected and even it happen too me before Microsoft even had a antivirus using a well known product that is known for scoring very high in AV test.   

 

Instead telling me without any proof why don't you go tell him here is the original topic?

https://forum.thepcsecuritychannel.com/t/why-i-dont-recommend-windows-defender/1156

 

 

[straycat19]

29 minutes ago, steven36 said:

at lest I do own a computer that have real windows 10 support

 

I own lots of computers that have Windows 10 support but I am not going to screw them up by actually installing it on them.  There is not one reason under the sun to run Windows 10 on anything, not one!

[steven36]

37 minutes ago, straycat19 said:

 

I own lots of computers that have Windows 10 support but I am not going to screw them up by actually installing it on them.  There is not one reason under the sun to run Windows 10 on anything, not one!

I don't care what you do bro, nether do the other 36.6 % of Windows users but they may start caring once they blacklist there old hardware

http://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide

Do i win a prize for staying on old windows? no i dont.  ,  Do you pay for everyone's computers ? no you don't ..The world don't just evolve around Windows 10 haters and there opinions . I dislike haters worse than I do fanboys.  At lest fanboys do standup for the future and the products they use , while haters are stuck in the past and dreading the future and hate the people who make the products they use.  I don't have too have Windows I'm above all that because I also use Linux too ... I only use windows because I can

 

You know just  in recent  years fanboyism  of windows have hit a all time high with Windows pirates ..many Pirates  stayed on XP for 10 or 12 years  because Microsoft use too make it a habit of killing fixes  and no one trusted them. One day what is old will be new again and i never trusted them, but I never hated them and that's why I only use legal versions of Windows ... 

[dcs18]

41 minutes ago, straycat19 said:

I own lots of computers <snip>

You're probably aware that those who truly own "lots of computers" do not find it necessary to advertise the same . . . . . . repeatedly???

[steven36]

Yes but any test ran on windows 7 is not testing it with WD  unless they installed  it  .. I never got infected with malaware on Windows 7 , Windows 8.1 or  windows 10 and not using windows defender .. Unless you are faced with a real threat  all those N and Y don't  be nothing because someone on Windows 7 may be running security programs  that will block stuff Windows 10 default protection can't . last I got infected was like 2008 on XP and it was because my Antivirus  didn't have the signature yet and at the time  it always ranked very high in AV test..

[steven36]

6 minutes ago, 0bin said:

They never attempt to exploit you?

Yes attempting and doing is two different things i ran scans  with several antimalware programs on demand besides my real time for many years and these scanner never found nothing but false positives that I got sick of using them. Being hacked and being infected is 2 different things.. There is no Antimalware or OS that can protect you from being hacked that I know of.. But avoiding most malware is just common sense.

[steven36]

40 minutes ago, 0bin said:

You learn Linux, and don't listen only one bell. That is the important thing.

I learned this from using Linux while it has very little malware  you can still be hacked and I dont keep nothing on this PC they can take.  So what makes you think all these programs are going too protect you on Windows were most hacks occur ?

 

If they can hack trough my Firewalls ,AV, security addons ,and my connection with Data encryption: AES-256, Data authentication: SHA256 ,Handshake: RSA-4096

On 24/7 a day,  good luck and if they do get by i don't put my personal info on the internet or do I do online banking on this machine when I buy something i just give the money too someone else and they do it on there machine. You can't draw blood out of a turnip . 

[Phantomboxe]

Windows Defender failed to blocked new ransomeware