Why Windows Defender Antivirus is the most deployed in the enterprise

Statistics about the success and sophistication of malware can be daunting. The following figure is no different: Approximately 96% of all malware is polymorphic – meaning that it is only experienced by a single user and device before it is replaced with yet another malware variant. This is because in most cases malware is caught nearly as fast as it’s created, so malware creators continually evolve to try and stay ahead. Data like this hammer home how important it is to have security solutions in place that are as agile and innovative as the attacks.

The type of security solution needed has a complex job: It must protect users from hundreds of thousands of new threats every day – and then it must learn and grow to stay ahead of the next wave of attacks. The solution cannot just react to the latest threats; it must be able to predict and prevent malware infections.

Over the last year, we’ve talked about how we’re investing in new innovations to address this challenging threat landscape, what we’ve delivered, and how it will change the dynamics. Today, I want to share the results of our new antivirus capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) which are genuinely incredible because they will directly benefit the work you are doing.

Currently, our antivirus capabilities on Windows 10 are repeatedly earning top scores on independent tests, often outperforming the competition. This performance is the result of a complete redesign of our security solution.

What’s more, this same technology is available for our Windows 7 customers as well, so that they can remain secure during their transition to Windows 10.

It started back in 2015

We’ve been working to make our antivirus capabilities increasingly more effective, and in 2015 our results in two major independent tests (AV-Comparatives and AV-TEST) began to improve dramatically. As you can see in the chart below, beginning in March 2015 our scores on AV-TEST began to rise rapidly, and, over the course of the next five months, we moved from scores averaging 85% on their Prevalence Test to (or near) 100%. Since then, we’ve maintained those types of scores consistently. Our scores on AV-Comparatives experienced a very similar spike, trajectory, and results.

In December 2017, we reached another milestone on AV-TEST, where we achieved a perfect score across both the Prevalence and Real-World based tests. Previously we had only scored a perfect 100% on one of the two tests for a given month. The following chart from the AV-TEST site shows our scores from November and December 2017 on Windows 7. These same scores are also applicable to Windows 10, which shares the same technology (and more).

For AV-Comparatives, we recently achieved another important quality milestone: For five consecutive months we detected all malware samples. Our previous best was four consecutive months. The AV-Comparatives chart below shows our February 2018 results where we scored a perfect 100% block rate.

February 2018 results where we scored a perfect 100% block rate.

While independent antivirus tests are one indicator of a security solution’s capabilities and protections, it’s important to understand that this is only one part of a complete quality assessment.

For example, in the case of Windows Defender ATP (which integrates our antivirus capabilities and the whole Windows security stack), our customers have a much larger set of protection features – none of which are factored into the tests. These features provide additional layers of protection that help prevent malware from getting onto devices in the first place. These features include the following:

If organizations like AV-Comparatives and AV-TEST performed complete security stack tests (i.e., testing against the complete endpoint protection solution) the results would often tell a very different story. For example, in November, we scored a 98.9% based on a single file miss on the Real-World test. The good news, however, is that we would have scored 100% if either Windows Defender Application Guard or Application Control was enabled.

How did we achieve these results?

The short answer is that we completely redesigned our antivirus solutions for both Windows 7 and Windows 10 from the ground up.

To do this, we moved away from using a static signature-based engine that couldn’t scale due to its dependence on constant input from researchers. We’ve now moved to a model that uses predictive technologies, machine learning, applied science, and artificial intelligence to detect and stop malware at first sight. We described the use of these technologies in our recent posts on Emotet and BadRabbit, as well as the recent Dofoil outbreak. These are the types of approaches that can be very successful against the ongoing avalanche of malware threats.

Because of these changes, our antivirus solution can now block malware using local and cloud-based machine learning models, combined with behavior, heuristic, and generic-based detections on the client. We can block nearly all of it at first sight and in milliseconds!

This is incredible.

We’ve also designed our antivirus solution to work in both online and offline scenarios. When connected to the cloud, it’s fed real-time intelligence from the Intelligent Security Graph. For offline scenarios, the latest dynamic intelligence from the Graph is provisioned to the endpoint regularly throughout the day.

We’ve also built our solution to defend against the new wave of fileless attacks, like Petya and WannaCry. To read more about how we protect against these attacks, check out the blog post “Now you see me: Exposing fileless malware.”

What this means to you

Each of these milestones is great, but the thing that makes us the most excited here at Microsoft is very simple: Customer adoption.

Right now, we are seeing big growth in enterprise environments our across all of our platforms:

• 18% of Windows 7 and Windows 8 devices are using our antivirus solution
• Over 50% of Windows 10 devices are using our antivirus solution

These are awesome numbers and proof that customers trust Windows security. What we are seeing is that as organizations are moving to Windows 10 they are also moving to our antivirus as their preferred solution. With our antivirus solution being used on more than 50% percent of the Windows 10 PCs deployed in commercial organizations, it is now the most commonly used antivirus solution in commercial organizations on that platform. This usage is in commercial customers of all sizes – from small and medium-sized businesses to the largest enterprise organizations.

Over the past couple of months I’ve shared this data with multiple customers, and often I’m asked why we’ve seen such a positive increase. The answer is simple:

1. Our antivirus capabilities are a fantastic solution! The test results above really speak for themselves. With five months of top scores that beat some of our biggest competitors, you can be confident that our solution can protect you from the most advanced threats.
2. Our solution is both easier and operationally cheaper to maintain than others. Most enterprise customers use Config Manager for PC management of Windows 7 and Windows 10 security features, including antivirus. With Windows 10, the antivirus capabilities are built directly into the operating system and there’s nothing to deploy. Windows 7 didn’t include antivirus capabilities by default, but it can be deployed and configured in Config Manager. Now organizations do not have to maintain two infrastructures – one for PC management and another for antivirus. Several years ago, our Microsoft IT department retired the separate global infrastructure that was used to manage Microsoft’s antivirus solution – and now you can too! With our solution there’s less to maintain and secure.
3. Our solution enables IT to be more agile. On Windows 10 there’s no agent – security is built into the platform. When a new update of Windows 10 is released, you don’t need to wait for a 3 rd party to certify and support it; instead, you have full support and compatibility on day one. This means that new releases of Windows and all the latest security technologies can be deployed faster. This allows you to get current, stay current, and be more secure.
4. Our solution offers a better user experience. It’s designed to work behind the scenes in a way that is unobtrusive to end users and minimizes power consumption. This means longer battery life – and everyone wants more battery life!

While we’ve made excellent progress with our antivirus solution, I’m even more excited about the protection and management capabilities we will deliver to our customers in the near future. In the meantime, one of the best ways to evaluate our antivirus capabilities is when you run it with Windows Defender ATP. With Windows Defender ATP, the power of the Windows security stack provides preventative protection, detects attacks and zero-day exploits, and gives you centralized management for your end-to-end security lifecycle.

Sign up to try Windows Defender ATP for yourself!

Защита компьютера с помощью автономного Microsoft Defender

Автономный Microsoft Defender — это мощный автономный инструмент проверки, который можно запустить из доверенной среды без загрузки ОС. В этом разделе описываются способы использования автономного Microsoft Defender в Windows 10, Windows 8.1 и Windows 7.

В каких случаях следует использовать автономный Microsoft Defender?

Запустите автономный Microsoft Defender, если:

Безопасность Windows (в предыдущих версиях Windows — «Центр безопасности Защитника Windows») обнаруживает на вашем компьютере пакеты программ rootkit или сложно удаляемые вредоносные программы и оповещает вас о необходимости запуска автономного Microsoft Defender. Возможно, появится сообщение о том, что на вашем устройстве обнаружена вредоносная программа, или в системе безопасности Windows появляется сообщение о том, что требуется дополнительная очистка.

Вы подозреваете, что на вашем компьютере есть вредоносные программы, которые скрываются, но программа для обеспечения безопасности не обнаруживает ничего. В этом случае можно запустить проверку компьютера автономным Microsoft Defender, перейдя в раздел «Параметры» меню «Безопасность Windows». Для этого выполните следующие действия.

Нажмите кнопку Пуск и выберите Параметры > Обновление и безопасность > Безопасность Windows > Защита от вирусов и угроз .

На экране «Защита от вирусов и угроз» выполните одно из следующих действий:

В последней версии Windows 10: в разделе текущие угрозывыберите Параметры сканирования.

В предыдущих версиях Windows: в области Ж урнал угроз выберите Запустить новое расширенное сканирование.

Выберите Проверка автономного Microsoft Defender, а затем — Проверить сейчас.

Вам будет предложено выйти из Windows. После этого компьютер должен выполнить перезапуск. Загрузится автономный Microsoft Defender, и он выполнит быструю проверку компьютера в среде восстановления. После завершения проверки (как правило, она занимает около 15 минут) компьютер автоматически выполнит перезапуск.

Перед использованием автономного Microsoft Defender сохраните все открытые файлы и закройте все приложения и программы.

Обычно требуются права администратора на компьютере, на котором планируется запустить автономный Microsoft Defender.

При возникновении неустранимой системной ошибки на синем экране во время автономной проверки выполните принудительный перезапуск и попробуйте еще раз запустить проверку автономного Microsoft Defender. Если ошибка на синем экране снова исчезнет, обратитесь в службу поддержки Майкрософт.

Где найти результаты проверки?

Чтобы просмотреть результаты проверки автономного Microsoft Defender:

Нажмите кнопку Пуск и выберите параметры > Обновление & безопасность > Безопасность Windows > вирус & защита от угроз .

На экране Защита от вирусов & угроз в Windows 10 в разделе текущие угрозывыберите Параметры сканирования, а затем выберите Журнал защиты (в предыдущих версиях Windows это может сказать История угроз).

Использование автономного Защитника Windows в Windows 7 и Windows 8.1

Примечание: В более ранних версиях Windows автономный защитник Майкрософт по-прежнему вызывается старым именем: автономный защитник Windows

Если вы используете автономный Защитник Windows в Windows 7 или Windows 8.1, выполните эти четыре простых действия.

Скачайте автономный Защитник Windows и установите его на компакт-диск, DVD-диск или USB-устройство флэш-памяти.

Перезагрузите компьютер, используя носитель, содержащий автономный Защитник Windows. Это означает, что компакт-диск, DVD-диск или устройство флэш-памяти, созданное на шаге 1, должно быть установлено в компьютер во время перезапуска. Следуйте указаниям для загрузки с диска, содержащего данный носитель.

Проверьте компьютер на предмет наличия вирусов и других вредоносных программ.

Удалите все вредоносные программы, обнаруженные на компьютере.

Автономный Защитник Windows предоставит пошаговые указания по выполнению этих четырех действий. Если Microsoft Security Essentials или Центр безопасности Защитника Windows предлагает скачать и запустить автономный Защитник Windows, важно это сделать. Это поможет обеспечить сохранность данных и компьютера.

Для начала найдите пустой компакт-диск или DVD-диск либо USB-устройство флэш-памяти, на котором свободно не менее 250 МБ, а затем скачайте и запустите средство по созданию съемного носителя. Вам будут предложены подробные указания для создания съемного носителя.

Примечание: Рекомендуется скачивать автономный Защитник Windows и создавать компакт-диск, DVD-диск или USB-устройство флэш-памяти на компьютере, который не заражен вредоносными программами, поскольку они могут препятствовать созданию носителя.