Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016 Windows Defender Antivirus Microsoft Docs Skip to main content. Forefront Client Security, Microsoft's antivirus entry in the enterprise security market, goes into its first round of widespread beta testing on Tuesday.
In Windows 10, Windows Defender has been rapidly revamped for corporate use - to the point where it’s actually become a bit unfriendly for home users. The best way to get a sense of what’s happened is to page through the current documentation:
Block at First Sight (Seen):
Windows Defender can now immediately block a suspicious or unknown file; upload a sample for analysis; and generate a signature – all within a matter of seconds.And we can use PowerShell to upgrade the default level of protection for this feature:
Windows Defender Exploit Guard:
The exploit protection features that were previously provided by EMET are now integrated into Windows 10; and most users shouldn’t need to modify the default settings for these:
Attack Surface Reduction:
Microsoft Enterprise Antivirus
We also have the ability to add Attack Surface Reduction rules in Version 1709, but the only practical way to add these rules in Windows 10 Home is with the PowerShell Set-MpPreference cmdlet:
Controlled Folder Access:
Controlled Folder Access is turned off by default; so you’ll need to turn it on in the Windows Defender Security Center app > Virus & threat protection > Virus & threat protection settings. Once Controlled Folder Access is turned on, standard Windows document folders will be protected by default, and you’ll also be able to add ransomware protection for additional folders, as well as whitelist trusted applications in order to allow them access to your protected folders. If you have trouble whitelisting a friendly app, then you can set this feature to run in Audit Mode, where it will identify access events, but won’t block them.
There’s already a lot of confusion about allowing apps through Controlled Folder Access, and some “Windows experts” are responding to this with a just-turn-it-off “solution”. Now I’ll admit that a dialog with “Block” and “Allow” buttons would make this a whole lot friendlier – but if you just jot down the blocked app’s file path that appears in the “Unauthorized changes blocked” notification; and then click on the notification, this will bring up the “Allow an app through Controlled folder access” window, where you can quickly add the blocked app to the whitelist:
PUA Protection:
Windows Defender has actually been able to detect and block Potentially Unwanted Applications for some time now, but many people still don’t know that this feature is disabled by default and needs to be enabled by running this command line at the Administrator PowerShell prompt:
Set-MpPreference -PUAProtection 1
Windows Defender Advanced Threat Protection
The Advanced Threat Protectionserviceis also an available option for enterprise environments:
Defender is currently performing quite well in the AV-Comparatives Real-World Protection Test. But it also clearly has the largest user-dependent protection segment in that test, as well as the highest number of false positives:
So if you decide to use it, you might want to consider configuring it for maximum protection with the settings that I’ve recommended in this recent discussion:
My personal observation is that these comparative evaluation requests only turn up very infrequently in the Technet forum. I did notice this thread the other day on the second page of the Technet Windows 10 Security forum (my link is filtered for “Windows Defender' – most recent post) – but then I saw that the last reply was on August 17, 2017 – and that the thread was started February 24, 2017.
That being said, I’m most certainly not averse to giving these guys another chance to answer the question.