Does Windows Defender Antivirus and Windows Defender Firewall keep my laptop 100% secure?

Cromax said:

it does use 200 mb and more and i dont have nothing confidential on my pc i literally dont care just can nuke whole installation and restore..

Click to expand...

Aw...
No airbag
We die like men

Sheikh said:

Aw...
No airbag
We die like men

Click to expand...

yes i learned in 30 years of using pcs av's are scam especially third party ones.. if you are scared use defender if you are not strip everything out

Cromax said:

yes i learned in 30 years of using pcs av's are scam especially third party ones.. if you are scared use defender if you are not strip everything out

Click to expand...

As I'm working for a website in my country to provide latest windows apps, have to use some popular AVs on my virtual machine to ensure users won't get into any troubles during installation. but I agree with you. maybe we can say AV is a virus itself because it uses resources like a virus. and every time a new virus, trojan or ransomware released, all AVs acted like blind police :)

Into_Oblivion1 said:

If the fileless malware writes something to the disk, would MS Defender then detect that happening, and then scan the file?
Or when would MS Defender scan it and act upon it?

Click to expand...

Modern security products are embedded as kernel filter drivers. They spy on system activity, and have heuristics to detect "suspicious" patterns of behavior related to system calls or file activity. In some cases, they can block a process from doing something.

Into_Oblivion1 said:

The offline laptop only has had internet connection for about 15 minutes in total.

It had internet connection for 5-10 minutes during the initial Windows setup (choose languge, create user etc) - but here it said it was searching for updates etc.
And then internet connection again for about 5 minutes after logged in and entered Windows for the first time.
After that, I turned of its Wifi in Windows and disabled its Networks adapters in Device Manager.

So I am not sure, that it managed to download all the latest updates for Windows and MS Defender, before I cut its internet connection.
Therefor I want to know, if it has more than just a basic version of Windows 11 MS Defender pre-installed?

Click to expand...

There's always a base version of Defender in every install image, it's presumed that Windows Update will eventually catch up and prioritize downloading platform and signature updates as soon as possible.

The solution to better security is to install the latest Defender updates into the install image, so while it still may be out of date, is less outdated than having Defender files from a few months or a year ago. IT pros for large organizations will do this.

A PC purchased from a large vendor (ie. Dell, HP, Lenovo, etc.) will have a factory install image that's refreshed periodically. But sometimes there's a lag between when it's imaged and gets into your hands.

The bottom line: If you're concerned about security, then take concrete actions to manage it yourself. Speculating about this or that random security imperfection isn't going to change anything. Either learn how to make your own updated install images, or after your first desktop logon -- immediately don't do anything except to open Settings -> Windows Update and scan for new updates.

Sheikh said:

copy everything on your main system with a good AV like Kaspersky or Bit defender or ESET or Norton or ...

use parted magic bootable version (Linux) to create a bootable USB drive.

Click to expand...

Thank you for your input

If the fileless malware starts writing something to the disk, would MS Defender then detect that happening and stop it from writing to disk?

And what about the data the filess malware wrote to the disk? Will MS Defender take care of it?

garlin said:

Modern security products are embedded as kernel filter drivers. They spy on system activity, and have heuristics to detect "suspicious" patterns of behavior related to system calls or file activity. In some cases, they can block a process from doing something.

Click to expand...

So you would trust, that MS Defender protects against fileless malware?

Thank you

Into_Oblivion1 said:

fileless malware

Click to expand...

what do you mean "fileless malware"?

Sheikh said:

what do you mean "fileless malware"?

Click to expand...

"Unlike traditional malware, which typically requires a file to be downloaded and installed, fileless malware operates in memory or manipulates native tools, making it harder to detect and remove."

"Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove."

Microsoft Defender Antivirus protects against fileless malware through these capabilities:

• Detecting script-based techniques by using AMSI, which provides the capability to inspect PowerShell and other script types, even with multiple layers of obfuscation
• Detecting and remediating WMI persistence techniques by scanning the WMI repository, both periodically and whenever anomalous behavior is observed
• Detecting reflective DLL injection through enhanced memory scanning techniques and behavioral monitoring

I believe its good enough

Into_Oblivion1 said:

"Unlike traditional malware, which typically requires a file to be downloaded and installed, fileless malware operates in memory or manipulates native tools, making it harder to detect and remove."

"Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove."

Microsoft Defender Antivirus protects against fileless malware through these capabilities:

• Detecting script-based techniques by using AMSI, which provides the capability to inspect PowerShell and other script types, even with multiple layers of obfuscation
• Detecting and remediating WMI persistence techniques by scanning the WMI repository, both periodically and whenever anomalous behavior is observed
• Detecting reflective DLL injection through enhanced memory scanning techniques and behavioral monitoring

Anti-malware Scan Interface (AMSI) integration with Microsoft Defender Antivirus - Microsoft Defender for Endpoint

Describes fileless malware and how Microsoft Defender Antivirus uses AMSI to protect against hidden threats.

learn.microsoft.com

I believe its good enough

Click to expand...

Understood.
I think "Memory integrity" option in windows defender is for this kind of malwares. as I know it uses virtualization to prevent those "fileless" malwares. not sure sorry.