How reliable is Windows 11 Defender "Full" scan?

[Fastfishy2]

I was trying to find a new wallpaper for my brand-new Asus TUF A15 laptop. Tried to go onto one of those (extremely annoying) wallpaper hosting sites and it kept asking me to tick a captcha and "allow notifications" which I (stupidly) did. The process kept looping so I gave up and got my wallpaper elsewhere.

Went and played half an hour of Cyberpunk and alt-tabbed out to check messages only to have my chrome notifications going off the hook with fake "VIRUS ALERT" notifications all up the sidebar. I immediately tried to go into my chrome settings to remove the culprit website's notification permissions but the popups were blocking my chrome settings area so I tried to click the "X" on one to make room.

Big mistake. It opened a new chrome tab trying to load some webpage. I closed the tab before it could even display anything, less than a second later.

Once I managed to revoke all permissions from the target webpage everything went away but I was still worried so I had windows defender do a full scan which took about 30 minutes as this laptop still only has a 512gb SSD at the moment. It found no threats.

My question is, how reliable is this? Should I be worried as long as the PC continues to behave normally?

 

[Bill_Bright]

but suffice it to say I do not consider an IT product being banned by the United States government and a limited number of its allies to be any kind of evidence that said product is ineffective or malicious

Nobody said it was. In fact, repeatedly, the product was noted as being effective so why you continue to defend it in this manner is immaterial and a moot point.

And as I already explained, I engaged the other poster because (1), the false claim that Defender was worth just 6/10 and for (2) the irony for touting Kaspersky being much better when facts indicate otherwise.

Regardless, the bans have NOTHING to do with the product and everything to do with the company behind it, and those in the company whose strings (knowingly or not) are being pulled by others in that government.

Me "engaging" does not give you permission to join in and expand the engagement. Two wrongs does not make it right and now your third wrong is even less right.

Malwarebytes was NOT mentioned as an alternative, or superior solution, nor did it open the door to discuss all other possible solutions. Malwarebytes was mentioned as a secondary - second opinion - solution "regardless your primary security solution of choice."

This topic is not about how great or how bad Kaspersky is. So last time, time to move on.

 

[GerKNG]

finding malware with cloud protection is one of the best.
the problem is more the proactive behaviour when you are actively infected with something really bad.
you can always use some second opinion scanners like norton power eraser, HitmanPro and Kaspersky virus removal tool.

 

[Bill_Bright]

finding malware with cloud protection is one of the best.

Assuming you meant "antimalware", then I totally agree. Fortunately, most of the major solutions, including Defender (enabled by default), have cloud protection based features included to support zero-day (zero-minute?) protection from newly discovered threats and suspicious behavior.

 

[John Naylor]

I find it odd saying this as I never thought I would but Windows Defender has been scoring well at avtest.org for a while now. My sister-in-law a few years back was having issues and asked me to check here laptop, I asked what AV she used and she said "the one in Windows." I checked it w/ Kaspersky and found 1200+ infections, uninstalled it and gave it back ... 3 months later, checked it w/ BitDefender and over 500. In 2024 they had a string of less than perfect tests but last one was June 2024. One day I wanna go back and see who has the longest streak of perfect scores ... if I had to bet, ...well, I won't mention for reasons that should be obvious.

 

[io-waiter]

I find it odd saying this as I never thought I would but Windows Defender has been scoring well at avtest.org for a while now. My sister-in-law a few years back was having issues and asked me to check here laptop, I asked what AV she used and she said "the one in Windows." I checked it w/ Kaspersky and found 1200+ infections, uninstalled it and gave it back ... 3 months later, checked it w/ BitDefender and over 500. In 2024 they had a string of less than perfect tests but last one was June 2024. One day I wanna go back and see who has the longest streak of perfect scores ... if I had to bet, ...well, I won't mention for reasons that should be obvious.

Windows Defender is generally good enough and is "free". If you want more security don't use an Administrator account for daily tasks, next step is Whitelisting and execution blocking for all that is not installed under program files or the Windows directory, unfortunately it is a major hassle and rarely worth it. A more viable solution if you have resources to spare is to run "internet" in a separate VM.

Also worth to take a sneak peek on the Enterprise versions at https://evals.mitre.org/results/enterprise

Security is a balance with usability and time spent..

My recommendations apart from being security aware would be:
0. Apply latest patches and aim for latest stable version of your software, always, both for OS and apps.
1. Turn on Windows Defender, and don't disable any functions.
2. Turn on all Memory integrity and driver check settings.
3. Use a secure DNS such as Cisco Umbrella. Note: DNS is latency sensitive,so if internet gets sluggish, maybe don't depending on your needs.
4. Avoid unsigned code and run "not trusted" downloads trough virustotal.com. NOTE: All you upload is available for others to view!
5. Harden your applications, enable secure settings in Office, Adobe etc.
6. Consider a different AV software.
7. Use whitelisting and segmentation, e.g browser in a VM.
8. Buy an exotic AV.

The number of detections is a dual edged sword, you want detections, but you also want a good signal to noise ratio, or you will get alert fatigue.
E.g. If you have two malwares and one PUP you want one high level alert for each of the malwares that they are detected and dealt with (or a critical if only detected) and one lower level alert for the PUP.

 

[John Naylor]

My only comment as related to the fact that while Defender is *now* good enough but that that wasn't always the case. I wouldn't have said that 18 months ago. Back in the early 90s, managed (Wizop) the on-line forums for Time Warner and some PC Hardware / Software Forums. These all had libraries where we'd store "How To" articles, spreadsheets, tool etc. Th "web"and Netscape didn't exist yet. We usually had 4-5 Sysops who'd help w/ library management and a file didn't get into a library w/o being scanned by two AVs. One being "on-line" and another"off-line". Wasn't too burdensome as the AV companies had their own forums and gave free licenses to all staff. Now if ya look at AVtest, almost every vendor is scoring 100% in all detection categories ...a year ago and often before, Defender wasn't making the "Detected 100%" cut:

Test Microsoft Defender Antivirus (Consumer) 4.18 for Windows 10 (241315)

The current test Microsoft Defender Antivirus (Consumer) 4.18 for Windows 10 (241315) from June 2024 of AV-TEST, the leading international and independent service provider for antivirus software and malware.

www.av-test.org

Test Microsoft Defender Antivirus (Enterprise) 4.18 for Windows 10 (242414)

The current test Microsoft Defender Antivirus (Enterprise) 4.18 for Windows 10 (242414) from August 2024 of AV-TEST, the leading international and independent service provider for antivirus software and malware.

www.av-test.org

Kaspersky consistently detected 100% more so than any other vendor going back as far as I can remember; it was also inexpensive and easy to administer, no infections / no false positives. A week ago I could have gotten a license for 25 devices for$60 ...didn't bother because Defender had been getting good test results.that I didn't bother renewing it .. to much hassle (Requires VPN to installing US). I'll stick w/ Defender unless they start missing things again.

 

[Alyux]

I immediately tried to go into my chrome settings to remove the culprit website's notification permissions but the popups were blocking my chrome settings area so I tried to click the "X" on one to make room.

You might already know this, but you can stop this from happening in the future by unregistering the browser service worker(s) that the site creates when notifications are allowed in chrome://serviceworker-internals.

It's a feature asking to be abused and the site in question can just redirect you as it sees fit. Above all, just always click "Block" and these sites can't send you rogue push notifications anymore. It's an embarrassment to modern browsers that this is still a problem.

 

[R-T-B]

I agree with bill about Kaspersky products. It's not so much that the product is an immediate threat, but that the russian government has too much state-level influence to separate it from their products.

Beyond that is indeed politics, and I won't be commenting there, but that's my personal and professional view of it.

Regardless, defender should be fine for almost all use cases.

 

[vgm]

@Fastfishy2 Have you tried Defender Offline scan which will boot into WinPE to do full scan. You can try AV LiveCD from BitDefender, Dr. Web/Kaspersky, AVG, Avira etc. I found Emsisoft Emergency Kit (EEK) as on-demand scanner to remove some pesky worms/malware.

 

[Bill_Bright]

My only comment as related to the fact that while Defender is *now* good enough but that that wasn't always the case. I wouldn't have said that 18 months ago.

I would have said that 18 months ago - and did. The "truth" is, Defender has been a suitable anti-malware solution, going way back to when it was called Microsoft Security Essentials (MSE) for Windows 7. The ONLY thing preventing that from becoming common knowledge was all the MS haters refusing to accept that - despite the evidence - who were spewing falsehoods and misinformation about it. Sadly, that unfounded nonsense persists today.

Is Defender perfect? Of course not. But no solution is. Nevertheless, Defender has consistently scored at or near the top for some time now. And if it was not effective there would be 100s of millions of unhappy users yelling and screaming, with nearly that many MS haters parroting those complaints.

And that is not happening.

 

[Easo]

I would have said that 18 months ago - and did. The "truth" is, Defender has been a suitable anti-malware solution, going way back to when it was called Microsoft Security Essentials (MSE) for Windows 7. The ONLY thing preventing that from becoming common knowledge was all the MS haters refusing to accept that - despite the evidence - who were spewing falsehoods and misinformation about it. Sadly, that unfounded nonsense persists today.

Is Defender perfect? Of course not. But no solution is. Nevertheless, Defender has consistently scored at or near the top for some time now. And if it was not effective there would be 100s of millions of unhappy users yelling and screaming, with nearly that many MS haters parroting those complaints.

And that is not happening.

Look into comments under each news post about something Microsoft and especially Windows related, that should be answer enough about people's minds.
P.S.
Purely from my work experience (few hundred PC's) Defender works pretty well, we have had no reason to buy AV for over a decade already.

 

[Bill_Bright]

Look into comments under each news post about something Microsoft and especially Windows related, that should be answer enough about people's minds.

Sorry but I don't understand this comment. It certainly could be me misunderstanding you.

If you look at typical comments whenever someone even mentions Microsoft or any of their products, you typically see inaccurate, unfounded often off-topic claims about how Microsoft is evil, stealing all of our personal information, bogging down our systems and making them totally insecure, and causing our sinks to clog up and cars to stop running too.

And if you look at most of those comments, many are just repeating the same issue, taking the issue to viral status, making it appear major and widespread - when in fact, it is not. The vast majority of users have not experienced that issue at all!

The problem is, if just 1/10th of 1% of the 1.6 billion Windows users have the problem, that is still 1.6 million upset users. And 1.6 million users can make a lot of noise - especially when amplified and repeated over and over again by all the haters, bloggers and wannabe journalists in the IT media.

Is Microsoft perfect? Of course not. Name a company that is!

Has Microsoft done evil things? Yes! Absolutely! Some may remember their totally misguided marketing scheme of using "Outreach Teams" to, in effect, spam technical support forums with posts that did nothing but promote Microsoft products.

But that and other marketing nonsense was done by their greedy, misguided "marketing weenies" and "C-level execs" enabling devious, misguided marketing schemes and setting misguided policies. Not the "developers"!

The developer teams, on the other hand, were and still are groups of dedicated professional programmers set out to make the best possible products. Their problem is, they don't control the purse strings. The C-level execs do, with the evil marketing weenies constantly whispering in their ears, telling them what to do.

Plus, MS got caught. And they know they are so closely watched, scrutinized, criticized, and blamed (deserving or not), that they will always get caught which results in bad publicity they don't want - and frankly, can't afford.

So, MS today is NOT the MS from XP days when they really were trying to rule the world - when, at the same time, up through W7 and still today , they were relentlessly blamed for the truly evil actions of the bad guys, and the incompetence of the security industry at the time. Note it was Norton, McAfee, CA, TrendMicro, ZA/Check Point - and others who whined and cried to Congress and the EU about MS wanting to put A/V code in XP. And that it was their job to stop malware. And we see how well that went ! And so Congress and the EU forced MS to take out the A/V code they wanted to put in XP, or risk being split up Ma Bell style.

And what happened? First, the [totally unexpected by all] explosion of broadband to the home happened. And second, the unchecked proliferation of the bad guys due to the total incompetence of Norton, McAfee and the others to stop them.

Ask yourself this. What incentive does Norton, McAfee, BitDefender, and the others have to rid the world of malware? If malware goes away, they go out of business. They need malware to continue to thrive, or they go under.

MS, on the other hand, who provides Defender for no extra cost in Windows, is NOT pushing users to pay for a premium version with expensive, recurring, renewal fees. In fact, there is no premium version for standard home users.

The incentive for Microsoft to want malware to go away is simple. They will stop getting blamed (and relentless bad press) for the security mess the bad guys and the failure of the security industry put us in today!

To be sure - and once again - I really don't care what solution users use, as long as they use one and keep it and Windows current, and don't be click-happy on unsolicited links; the exact same precautions regardless solution of choice!

All of the popular solutions available to day are capable of keeping our systems secure. In fact, and rightly so, Defender will automatically and graciously step aside when users install a 3rd party solution and that 3rd party solution "registers" itself in Windows Security.

What I do care about is fairness, and putting blame where blame is due, and stop with the falsehoods. Opinions are fine and I will defend with equal vigor the rights of those to express them. Just base them on the facts, not falsehoods.

Purely from my work experience (few hundred PC's) Defender works pretty well, we have had no reason to buy AV for over a decade already.

100s of PCs (suggesting 100s of different users with all levels of experience), over 10 years of use, and there has been "no reason" to buy an alternative solution! And you say it works "pretty well"?

I guess if you are Spock, that's "satisfactory".

But I would say it has worked much better than "pretty well". And to me, that ho-hum review illustrates much of Microsoft's publicity problem today, doesn't it? Since for many, especially when it comes to any with the Microsoft brand on it, "pretty well" is not near "good enough", or "perfect".

Oh well. Moving on.

 

[Easo]

Sorry but I don't understand this comment. It certainly could be me misunderstanding you.

That wall of text is a bit too big.

Yes, I basically meant what you wrote, it was a comment about people having truly ridiculous hateboners regarding *insert company here* and refusal to listen to logic/facts/experience.

 

[Bill_Bright]

That wall of text is a bit too big.

Sorry if it was too much for you to read through. While I agree it is a bit lengthy, sadly, I've learned if you don't totally explain yourself, especially on controversial topics, someone, often a troll, is apt to come in and accuse you of saying something you didn't.

In any case, no one forced you to read it all but thanks for clarifying what you meant.