Update on Windows Defender, It’s Actually Very Good Now!

Nov 2, 2018

On May 3rd, I wrote a post discussing the modern management of Windows. In it, I discussed how we need to change our thinking around how to manage Windows and modernize it for both simplicity and security. In this new post, I want to try to get people to change their thinking around Windows Anti-Virus (AV). Historically Microsoft has relied on partners for Windows security solutions like AV. Even after developing their own Windows AV many years ago, little effort was made to make that product first class. Over the past few years, this attitude has changed, and Windows Defender is now recognized as one of the best AV solutions on Windows.

Adding to the basic Windows Defender that ships with Windows, Microsoft has added an enterprise offering called ATP, or Advanced Threat Protection. Much like how O365 ATP protects users from phishing emails and malicious attachments, Defender ATP monitors Windows (much like how a flight recorder monitors an airplane) and protects users from malicious links and downloads found online. In addition, this data is reported to a private Azure storage space and analyzed by Microsoft, both by machine learning and even hands on security experts. ATP reporting provides IT with the ability to track attacks on Windows PC’s even if other PC’s/Servers have been affected. Note that data analyzed by Microsoft is anonymous in order to protect IP and privacy. More information on Defender ATP can be found here.

If Defender ATP wasn’t cool enough, just this past week Microsoft announced that Windows Defender will be the first AV solution to run in a sandbox. Simply put, this means if the bad guys exploit a bug in Defender (all software has bugs,) they will not be able to use that exploit to attack the system. While this new feature is being tested with Windows Insiders, current Windows 10 users (1703+) can enable it by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) in an Admin CMD Prompt and restarting the machine. For more information on this feature, check out Microsoft’s blog post here.

The motivation for writing this post was to educate customers that they could save money by replacing their current AV with Defender which comes with Windows. Obviously this can’t be done in a day but moving forward, I would recommend a POC to determine if it meets requirements. Planet has several offerings around deploying Windows Defender. Please contact us if we can be of service. Follow us on Twitter at @PlanetCloudStrt