Windows Defender

Discussion in 'Windows 10' started by MS-BOSS, Nov 5, 2019.

  1. MS-BOSS

    MS-BOSS MDL Novice

    Jun 24, 2015
    39
    6
    0
    Hi,

    I've been using a free AV from a 3rd party/company for a long time but it was overkill with my security setup and it also became too itrusive, spying and bloated with time...

    So I removed it and am now trying to use Windows Defender. So far I have 2 questions:

    1. Do you recommend using the Cloud-based protection? I have it set to disabled (I disabled MAPS in the Group Policy right after the Windows installation). If you do recommend it, what does it do exactly?

    2. Virus definition updates - I'm getting like 1 or 2 a day, or not even then. If I check for them manually, I can get like 5 a day or so... Is it a good idea to set a task running every 2 hours, manually checking for virus definition updates?

    Thanx.
     
  2. MELERIX

    MELERIX MDL Addicted

    Nov 7, 2011
    991
    467
    30
    1 - it should be enabled, because it protects you against 0-day malware that could be not present in daily definitions always.

    2 - it updates automartically at least 1 time per day, you don't need to manually upgrade unless you ar ereally paranoid xD
     
  3. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    881
    775
    30
    People concerned about spying should not use AV at all. Just use an offline scanner to scan downloaded files and PC time to time, like Emsisoft Emergency Kit or Kaspersky removal tool.
     
  4. MS-BOSS

    MS-BOSS MDL Novice

    Jun 24, 2015
    39
    6
    0
    People concerned about spying should not use a lot of things I guess. XD

    Windows Defender is not my primary means of defense against malware, that's why I'd think it's OK with cloud disabled.

    Are there any downsides to having the cloud protection disabled? Will it work if I at least leave the auto sample submission disabled? Thank you.
     
  5. MS-BOSS

    MS-BOSS MDL Novice

    Jun 24, 2015
    39
    6
    0
    I do care. So having cloud protection on and auto submit off should do what exactly? Create more FPs and a bit more frequent virus definition update? Then I'd rather have it disabled and create a task taht checks for updates manually, every 2 hours or so.

    I'm not worried about PUAs and PUPs, I'm careful with what I install.

    Thank you.
     
  6. BAU

    BAU MDL Senior Member

    Feb 10, 2009
    462
    780
    10
    Pretty much.
    There are hundreds of millions of windows 10 users that help microsoft by having default settings on, plus machine learning - so you're not missing out on Defender protection much, since it's gonna get updated shortly anyway.

    But if you somehow are exposed to 0-day threats (by virtue of place where you leave, where you work, political and media exposure), I would not rely on Microsoft since they care less about consumer data, and more about stopping large botnets. Avira has been my choice for sensitive machines for more than a decade.

    @TairikuOkami, don't pull numbers out of your bottom. There is hardly any commercial AV without some form of complicated, machine-learning heuristic engine. Disabling cloud support for Defender does not disable heuristics! It simply disables the social/community-driven manual warning/trust system (and microsoft's one is really lame, cares more about kms stuff than actual pesky stuff, and the whole concept is flawed as it's reputation-based from a bunch of morons just like the feedback hub, resulting in very high number of False-Positive's while allowing s**t just because it's nicely packaged).

    Also, what moron is supposed to use an exe to configure his AV?
    Author could not write a few lines batch script, a few more lines powershell script or simply make a 20 slides image gallery guide to the required policies?!
     
  7. MS-BOSS

    MS-BOSS MDL Novice

    Jun 24, 2015
    39
    6
    0
    I was thinking of enabling just the cloud protection, without file submission... But now I'm thinking about leaving it both disabled. And maybe setting an automated definitions update every 2 hours.

    I've noticed (I've only been using Defender for a week now) that sometimes when I manually try to update the definitions by checking for updates, it gets stuck and just keeps rolling "checking for updates".

    Last time that happened it only updated itself 2 days later. Anyone experienced this before? Makes me want to get an other AV...