Microsoft Defender Antivirus

As of 2021, Microsoft Defender Antivirus is part of the much larger Microsoft Defender brand, which includes several other software and service offerings, including:

• Microsoft Defender XDR (formerly 365 Defender){{Cite web |title=Microsoft 365 Defender - Threat Protection {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-365-defender |access-date=2022-11-26 |website=www.microsoft.com |language=en-us}}
• Microsoft Defender for Cloud{{Cite web |title=Microsoft Defender for Cloud {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud |access-date=2022-11-26 |website=www.microsoft.com |language=en-US}}
• Microsoft Defender Endpoint{{Cite web |title=Microsoft Defender for Endpoint {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint |access-date=2022-11-26 |website=www.microsoft.com |language=en-us}}
• Microsoft Defender for Office 365{{Cite web |title=Microsoft Defender for Office 365 {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-office-365 |access-date=2022-11-26 |website=www.microsoft.com |language=en-us}}
• Microsoft Defender for Identity{{Cite web |title=Microsoft Defender for Identity {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-for-identity |access-date=2022-11-26 |website=www.microsoft.com |language=en-us}}
• Microsoft Defender for Cloud Apps{{Cite web |title=Microsoft Defender for Cloud Apps {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-cloud-apps |access-date=2022-11-26 |website=www.microsoft.com |language=en-US}}
• Microsoft Defender Vulnerability Management{{Cite web |title=Microsoft Defender Vulnerability Management {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/threat-protection/microsoft-defender-vulnerability-management |access-date=2022-11-26 |website=www.microsoft.com |language=en-us}}
• Microsoft Defender for Threat Intelligence{{Cite web |title=Microsoft Defender Threat Intelligence {{!}} Microsoft Security |url=https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-threat-intelligence |access-date=2022-11-26 |website=www.microsoft.com |language=en-us}}
• Microsoft Defender for Individuals{{Cite web |title=Microsoft Defender for Individuals {{!}} Microsoft 365 |url=https://www.microsoft.com/en-us/microsoft-365/microsoft-defender-for-individuals |access-date=2023-03-01 |website=www.microsoft.com |language=en-us}}

Microsoft Defender Antivirus provides several key features to protect endpoints from computer virus. In Windows 10, Windows Defender settings are controlled in the Windows Defender Security Center. Windows 10 Anniversary Update includes several improvements, including a new popup that announces the results of a scan.{{cite web |date=26 July 2016 |title=What's new in Windows Defender for Windows 10 Anniversary Update |url=http://www.windowscentral.com/whats-new-windows-defender-windows-10-anniversary-update |access-date=27 March 2018 |website=windowscentral.com}}

File:Windows Defender EICAR.png, reporting taking action to clean detected malware.]]

In the Windows Defender options, the user can configure real-time protection options. Windows 10's Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed. It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.{{cite web|title=How to enable Windows 10's Block at First Sight protection in Windows Defender|url=http://betanews.com/2016/11/18/windows-10-block-at-first-sight-protection-in-windows-defender/|website=betanews.com|date=18 November 2016|access-date=27 March 2018}}

{{clear}}

File:Microsoft Defender Smartscreen.png

Integration with Internet Explorer and Microsoft Edge enables files to be scanned as they are downloaded to detect malicious software inadvertently downloaded. As of April 2018, Microsoft Defender is also available for Google Chrome via an extension{{Cite web |title=Microsoft Defender Browser Protection |url=https://chromewebstore.google.com/detail/microsoft-defender-browse/bkbeeeffjjeopflfhgeknacdieedcoml |access-date=2023-12-06 |website=chromewebstore.google.com}} and works in conjunction with Google Safe Browsing, but as of late 2022, this extension is now deprecated.{{Cite web |title=Microsoft Defender Browser Protection |url=https://browserdefaults.microsoft.com/extensions/MicrosoftDefender/index.html?extnID=bkbeeeffjjeopflfhgeknacdieedcoml&mkt=en-us&br=gc |access-date=2024-05-31 |website=browserdefaults.microsoft.com}}

{{clear}}

A feature released in early 2018, Windows Defender Application Guard is a feature exclusive to Microsoft Edge that allows users to sandbox their current browsing session from the system. This prevents a malicious website or malware from affecting the system and the browser. Application Guard is a feature only available on Windows 10 Pro and Enterprise. In May 2019, Microsoft announced Application Guard for Google Chrome and Firefox. The extension, once installed, will open the current tabs web page in Microsoft Edge with Application Guard enabled. In April 2024, Microsoft announced that Microsoft Defender Application Guard will be deprecated for Edge for Business. The Chrome and Firefox extensions will not be migrating to Manifest V3 and will be deprecated after May 2024.{{Cite web |last= |date=2024-04-04 |title=Microsoft Edge and Microsoft Defender Application Guard |url=https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard |access-date=2024-05-31 |website=learn.microsoft.com |language=en-us}}

{{clear}}

File:Controlled Folder Access.png

Controlled Folder Access is a feature introduced with Windows 10 Fall Creators Update to protect a user's important files from the growing threat of ransomware. This feature was released about a year later after the Petya family of ransomware first appeared. The feature will notify the user every time a program tries to access these folders and will be blocked unless given access via the user. Windows will warn the user with a User Account Control popup as a final warning if they opt to "Allow" a program to read Controlled Folders.

{{Clear}}

Introduced in Windows 10 version 1903{{Cite web |title=Microsoft Adds Enterprise Windows 10 Tamper Protection Controls |url=https://www.bleepingcomputer.com/news/security/microsoft-adds-enterprise-windows-10-tamper-protection-controls/ |access-date=2025-03-26 |website=BleepingComputer |language=en-us}}, Tamper Protection protects certain security settings, such as antivirus settings, from being disabled or changed by unauthorized programs.

File:Windows AntiSpyware Beta 1.png|alt=]]

Windows Defender was initially based on GIANT AntiSpyware, formerly developed by GIANT Company Software, Inc.{{cite web |url=http://www.giantcompany.com/ |title=Microsoft Acquires Anti-spyware Leader Giant Company Software Inc. |website=www.giantcompany.com |date=December 2004 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20041230171021/http://www.giantcompany.com/ |archive-date=30 December 2004}} The company's acquisition was announced by Microsoft on December 16, 2004.{{cite web

|url=http://winsupersite.com/product-review/microsoft-windows-anti-spyware

|title=Microsoft Windows Anti-Spyware Preview: Paul Thurott's SuperSite for Windows

|first=Paul

|last=Thurrot

|publisher=SuperSite for Windows

|date=6 October 2010

|access-date=21 December 2020

|archive-url=https://web.archive.org/web/20160805131643/http://winsupersite.com/product-review/microsoft-windows-anti-spyware

|archive-date=5 August 2016

}}{{cite web

|url=https://news.microsoft.com/2004/12/16/microsoft-acquires-anti-spyware-leader-giant-company/

|title=Microsoft Acquires Anti-Spyware Leader GIANT Company

|date= 16 December 2004

|access-date=21 December 2020

|website=PressPass

|archive-url=https://web.archive.org/web/20050617082537/http://www.microsoft.com/presspass/press/2004/dec04/12-16GIANTPR.mspx

|archive-date=17 June 2005

|url-status=live

}} While the original GIANT AntiSpyware officially supported older Windows versions, support for the Windows 9x line of operating systems was later dropped by Microsoft.

The first beta release of Microsoft AntiSpyware from January 6, 2005, was a repackaged version of GIANT AntiSpyware. There were more builds released in 2005, with the last Beta 1 refresh released on November 21, 2005.

At the 2005 RSA Security conference, Bill Gates, the Chief Software Architect and co-founder of Microsoft, announced that Microsoft AntiSpyware would be made available free-of-charge to users with validly licensed Windows 2000, Windows XP, and Windows Server 2003 operating systems to secure their systems against the increasing malware threat.{{cite web

|url=http://news.microsoft.com/2005/02/15/gates-highlights-progress-on-security-outlines-next-steps-for-continued-innovation/

|title=Gates Highlights Progress on Security, Outlines Next Steps for Continued Innovation

|date=15 February 2005

|access-date=21 December 2020

|work=PressPass

|archive-url=https://web.archive.org/web/20050606015212/http://www.microsoft.com/presspass/press/2005/feb05/02-15RSA05KeynotePR.mspx

|archive-date=6 June 2005

|url-status=live

}}

On November 4, 2005, it was announced that Microsoft AntiSpyware was renamed to Windows Defender.{{cite web |url=http://blogs.technet.com/antimalware/archive/2005/11/04/413700.aspx |title=What's in a name?? A lot!! Announcing Windows Defender! |website=blogs.technet.com |last=Garms |first=Jason |date=4 November 2005 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20051123220536/http://blogs.technet.com/antimalware/archive/2005/11/04/413700.aspx |archive-date=23 November 2005}}{{cite web |url=http://blogs.technet.com/stevedod/archive/2005/11/04/413701.aspx |title=Microsoft Windows AntiSpyware is now......"Windows Defender" |website=blogs.technet.com |last=Dodson |first=Steve |date=4 November 2005 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20051124234251/http://blogs.technet.com/stevedod/archive/2005/11/04/413701.aspx |archive-date=24 November 2005}} Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a redesigned user interface. The core engine was rewritten in C++, unlike the original GIANT-developed AntiSpyware, which was written in Visual Basic.{{cite web|url=http://winsupersite.com/article/product-review/windows-defender-beta-2-review|title=Windows Defender Beta 2 Review: Paul Thurrott's SuperSite for Windows|last=Thurrott|first=Paul|publisher=SuperSite for Windows|date=14 February 2006|access-date=21 December 2020|archive-url=https://web.archive.org/web/20150107212718/http://winsupersite.com/article/product-review/windows-defender-beta-2-review|archive-date=7 January 2015}} This improved the application's performance. Also, since Beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the system even when a user is not logged on. Beta 2 also requires Windows Genuine Advantage (WGA) validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1). Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6, including HTTP cookies, web cache, and Windows Media Player playback history. German and Japanese versions of Windows Defender (Beta 2) were later released by Microsoft.{{cite web

|title=Windows Defender: Startseite

|url=http://www.microsoft.com/germany/windows/products/winfamily/defender/default.mspx

|publisher=Microsoft Corporation

|access-date=21 December 2020

|language=de

|archive-url = https://web.archive.org/web/20090130015455/http://microsoft.com/germany/windows/products/winfamily/defender/default.mspx

|archive-date = 30 January 2009

}}{{cite web

|title=マイクロソフト セキュリティ At Home

|url=http://www.microsoft.com/japan/protect/default.mspx

|publisher=Microsoft Corporation

|access-date=21 December 2020

|language=ja

|archive-url = https://web.archive.org/web/20100118105205/http://www.microsoft.com/japan/protect/default.mspx

|archive-date = 18 January 2010

}}

On October 23, 2006, Microsoft released the final version of Windows Defender.{{cite web |url=http://www.microsoft.com/athome/security/spyware/software/about/releasenotes.mspx |title=Windows Defender: Release notes |website=www.microsoft.com |date=23 October 2006 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20061030072057/http://www.microsoft.com/athome/security/spyware/software/about/releasenotes.mspx |archive-date=30 October 2006}} It supports Windows XP and Windows Server 2003; however, unlike the betas, it doesn't run on Windows 2000.{{cite web |url=http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en |title=Windows® Defender |website=www.microsoft.com |date=8 November 2006 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20061118123041/http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en |archive-date=18 November 2006|quote="Windows Defender no longer supports Windows 2000"}} Some of the key differences from the beta version are improved detection, redesigned user interface and delivery of definition updates via Automatic Updates.{{cite web |url=http://www.microsoft.com/athome/security/spyware/software/about/faq.mspx |title=Frequently asked questions about Windows Defender |website=www.microsoft.com |date=13 February 2006 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20061030205728/http://www.microsoft.com/athome/security/spyware/software/about/faq.mspx |archive-date=30 October 2006}}

Windows Defender has the ability to remove installed ActiveX software.{{cite web |title=How to Remove an Active-X Control in Windows |url=https://support.microsoft.com/en-us/help/154850/how-to-remove-an-activex-control-in-windows |access-date=31 December 2017 |work=Microsoft}} Windows Defender featured an integrated support for Microsoft SpyNet that allows users to report to Microsoft what they consider to be spyware,{{Cite book |last=Seagren |first=Eric |title=Secure Your Network for Free |publisher=Syngress |year=2011 |isbn=9780080516813 |pages=197{{ndash}}198}} and what applications and device drivers they allow to be installed on their systems.

Windows Vista included several security functionalities related to the Windows Defender. Some of the functionality was removed in subsequent versions of Windows.{{cite web |url=https://technet.microsoft.com/en-us/library/2006.11.defender.aspx |title=Protect Your PC with New Security Features in Windows Vista |date=November 2006 |publisher=Microsoft |access-date=12 April 2018}}

==== Security agents ====

Security agents which monitor the computer for malicious activities:

• Auto Start – Monitors lists of programs that are allowed to automatically run when the user starts the computer
• System Configuration (settings) – Monitors security-related settings in Windows
• Internet Explorer Add-ons – Monitors programs that automatically run when the user starts Internet Explorer
• Internet Explorer Configurations (settings) – Monitors browser security settings
• Internet Explorer Downloads – Monitors files and programs that are designed to work with Internet Explorer
• Services and Drivers – Monitors services and drivers as they interact with Windows and programs
• Application Execution – Monitors when programs start and any operations they perform while running
• Application Registration – Monitors tools and files in the operating system where programs can register to run at any time
• Windows Add-ons – Monitors add-on programs for Windows

The Advanced Tools section allows users to discover potential vulnerabilities with a series of Software Explorers. They provide views of startup programs, currently running software, network connected applications, and Winsock providers (Winsock LSPs).

In each Explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites users to submit the program to Microsoft SpyNet for analysis by community members.{{cite web |url=http://windows.microsoft.com/en-us/windows-vista/using-software-explorer-in-windows-defender |title=Using Software Explorer in Windows Defender |publisher=Microsoft |work=Support |archive-url=https://web.archive.org/web/20091014033953/http://windows.microsoft.com/en-us/windows-vista/using-software-explorer-in-windows-defender |archive-date=14 October 2009 |access-date=26 April 2017}}{{cite web |url=http://www.cnet.com/news/software-explorer-keeps-unneeded-apps-from-auto-starting/ |title=Software Explorer keeps unneeded apps from auto-starting |last=O'Reilly |first=Dennis |date=22 April 2008 |publisher=CBS Interactive |work=CNET |access-date=9 May 2015}} The Software Explorer feature has been removed from Windows Defender in Windows 7.{{cite web |url=http://winsupersite.com/article/windows-7/windows-7-annoyances |title=Windows 7 Annoyances |last=Thurrott |first=Paul |date=6 October 2010 |publisher=Penton |work=Supersite for Windows |access-date=9 May 2015 |archive-url=https://web.archive.org/web/20150701150708/http://winsupersite.com/article/windows-7/windows-7-annoyances |archive-date=1 July 2015 |url-status=dead}}

Windows Defender was released with Windows Vista and Windows 7, serving as their built-in anti-spyware component.{{cite web |last1=Shultz |first1=Greg |date=17 November 2016 |title=Windows Defender: Past, present, and future |url=http://www.techrepublic.com/article/windows-defender-past-present-and-future/ |access-date=13 June 2017}} In Windows Vista and Windows 7, Windows Defender was superseded by Microsoft Security Essentials, an antivirus product from Microsoft which provided protection against a wider range of malware. Upon installation, Microsoft Security Essentials disabled and replaced Windows Defender.{{cite web |last=Hau |first=Kevin |title=Windows Defender and Microsoft Security Essentials |url=http://answers.microsoft.com/en-us/protect/forum/protect_start/windows-defender-and-microsoft-security-essentials/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd |work=Microsoft Answers |publisher=Microsoft Corporation |access-date=19 December 2020 |date=23 June 2009}}{{cite news|last=Marius|first=Marius Oiaga|title=Microsoft Security Essentials 1.0 and 2.0 Disable Windows Defender|url=http://news.softpedia.com/news/Microsoft-Security-Essentials-1-0-and-2-0-Disable-Windows-Defender-154342.shtml|access-date=19 December 2020|website=news.softpedia.com|date=30 August 2010}}

In Windows 8, Microsoft upgraded Windows Defender into an antivirus program very similar to Microsoft Security Essentials for Windows 7,{{cite web |url=https://www.digitalcitizen.life/windows-defender-windows-8-and-windows-7-what-s-new-and-different/ |title=Windows Defender in Windows 8 and Windows 7 – What's New & Different? |website=www.digitalcitizen.life |last=Kingsley |first=Robert |date=18 January 2013 |access-date=4 March 2021 |archive-url=https://web.archive.org/web/20201219170833/https://www.digitalcitizen.life/windows-defender-windows-8-and-windows-7-what-s-new-and-different/ |archive-date=19 December 2020}} and it also uses the same anti-malware engine and virus definitions from MSE. Microsoft Security Essentials itself does not run on Windows versions beyond 7. In Windows 8 or later, Microsoft Defender Antivirus is on by default. It switches itself off upon installation of a third-party anti-virus package.{{cite web |url=https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility |title=Microsoft Defender Antivirus compatibility |website=docs.microsoft.com |date=17 December 2020 |access-date=19 December 2020}}{{cite book |last1=Bott |first1=Ed |author-link1=Ed Bott |title=Introducing Windows 8.1 for IT Professionals |year=2013 |publisher=Microsoft Press |publication-date=15 October 2013 |isbn=978-0-7356-8427-0 |url=https://download.microsoft.com/download/E/5/3/E5395265-D2CD-4451-A2BB-B4504C000E80/Microsoft_Press_ebook_Introducing_Windows_ITPro_PDF.pdf|page=8|quote="If you install a different antimalware solution, Windows Defender disables its real-time protection but remains available."}}

Following the consumer-end launch, Windows Server 2016 was the first version of Windows Server to include Windows Defender.{{Cite web |last=Gerend |first=Jason |display-authors=etal |date=11 October 2022 |title=Windows Defender Overview for Windows Server |url=https://learn.microsoft.com/en-us/windows-server/security/windows-defender/windows-defender-overview-windows-server |access-date=2022-12-10 |website=Windows Server documentation |publisher=Microsoft |via=Microsoft Learn}}

Until Windows 10 version 1703, Windows Defender had a dedicated GUI similar to Microsoft Security Essentials. Additionally, Windows Security and Maintenance tracked the status of Windows Defender. With the first release of Windows 10, Microsoft removed the "Settings" dialog box from Windows Defender's GUI in favor of a dedicated page in the Settings app. Then, in the 1703 update, Microsoft tried to merge both Windows Defender's GUI and Windows Security and Maintenance into a unified UWP app called Windows Defender Security Center (WDSC).{{cite web|last1=Lich|first1=Brian|title=Windows Defender Antivirus in the Windows Defender Security Center app|url=https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus|website=docs.microsoft.com|date=18 May 2017|access-date=19 December 2020|archive-url=https://web.archive.org/web/20170803091535/https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus|archive-date=3 August 2017|quote="In Windows 10, version 1703 (also known as the Creators Update), the Windows Defender app is now part of the Windows Defender Security Center."}} Users could still access original GUI by alternative methods,{{cite web|last1=Popa|first1=Bogdan|title=Quick Tip: Use the Old Windows Defender in Windows 10 Creators Update|url=http://news.softpedia.com/news/quick-tip-use-the-old-windows-defender-in-windows-10-creators-update-515104.shtml|website=www.softpedia.com|date=24 April 2017|access-date=5 March 2021|archive-url=https://web.archive.org/web/20170427104337/https://news.softpedia.com/news/quick-tip-use-the-old-windows-defender-in-windows-10-creators-update-515104.shtml|archive-date=27 April 2017|url-status=live}}{{cite web|last1=Williams|first1=Wayne|title=How to get the classic Windows Defender back on Windows 10 Creators Update|url=https://betanews.com/2017/04/24/how-to-get-the-classic-windows-defender-back-on-windows-10-creators-update/|website=BetaNews|date=24 August 2017|access-date=5 March 2021|archive-url=https://web.archive.org/web/20210305134153/https://betanews.com/2017/04/24/how-to-get-the-classic-windows-defender-back-on-windows-10-creators-update/|archive-date=5 March 2021|url-status=live}} until the 1803 update, which saw the UI removed altogether.{{efn|As reported in Microsoft forums,{{cite web |url=https://social.microsoft.com/Forums/security/zh-CN/d29c94a5-8578-4d63-a197-d524b0dd7619/ |website=social.microsoft.com |title=How to Get the Old Windows Defender in Windows 10 Back |quote="There appears to be no way to access the "classic UI" in 1803."}} comments to news articles{{cite web |url=https://www.maketecheasier.com/get-back-old-windows-defender-windows10/ |title=How to Get the Old Windows Defender in Windows 10 Back |date=29 June 2017 |quote="Since the new Windows 10 Update 1803, this no longer works. (Comments section)"}}{{cite web |url=https://winaero.com/classic-windows-defender-windows-10-1703/ |title=Get Classic Windows Defender in Windows 10 Creators Update |date=18 April 2017 |quote="Classic UI its gone on windows 10 enterprise 1803, try other way pls (Comments section)"}} and other forums.{{cite web |url=https://www.windowsbbs.com/goto/post?id=660953 |title=Version 1803 and Windows Defender |quote="In previous versions a link to [...] MSASCui.exe" opened the program in the "classic" user interface but no longer."}}{{cite web |url=https://www.speedguide.net/forums/showthread.php?287736 |title=Windows 10 & Windows Defender Interface |quote="the "Classic" Windows Defender interface has been removed in the 1803 version of Windows 10"}}}} The Security and Maintenance control panel entry however, is still available in Windows 11; it contains links to reliability and performance monitoring, which is of the telemetry (one of the countless Vista major innovations) and allows to examine in depth issues detected, to the maintenance tools, File History, UAC Settings and Recovery (among others).

With the release of Windows Server 2016, Microsoft introduced a Defender module for PowerShell, which allows interacting with Windows Defender via a command-line interface (CLI).{{Cite web |last=Gerend |first=Jason |date=20 December 2016 |title=Defender Module for Windows Server 2016 |url=https://learn.microsoft.com/en-us/powershell/module/defender/ |access-date=2022-12-10 |website=PowerShell documentation |via=Microsoft Learn}}

Microsoft continued to decouple the management front-end from the core antivirus. In addition, to WDSC and PowerShell, it is possible to manage the antivirus via Windows Admin Center, Group Policy, WMI, Microsoft Endpoint Manager, and Microsoft Intune's "tenant attach" feature.{{Cite web |last=Vangel |first=Denise |date=20 October 2022 |title=Configure Microsoft Defender Antivirus features |url=https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features |access-date=2022-12-10 |website=Microsoft Defender for Endpoint documentation |publisher=Microsoft |via=Microsoft Learn |quote=Applies to: ... Microsoft Defender Antivirus}}

In Windows 10 version 1703, Microsoft renamed Windows Defender, calling it Windows Defender Antivirus.{{cite web |url=https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1703 |title=What's new in Windows 10, version 1703 for IT Pros |website=docs.microsoft.com |date=9 May 2017 |access-date=19 December 2020 |archive-url=https://web.archive.org/web/20170602091134/https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1703 |archive-date=2 June 2017|quote="Windows Defender is now called Windows Defender Antivirus"}} Windows Firewall and Microsoft SmartScreen also saw their names changed to Windows Defender Firewall and Windows Defender SmartScreen.{{Cite web |last=Hoffman |first=Chris |title=How to Enable Windows Defender Application Guard for Microsoft Edge |url=https://www.howtogeek.com/357937/how-to-enable-windows-defender-application-guard-for-microsoft-edge/ |access-date=2022-12-10 |website=How-To Geek |date=3 July 2018 |language=en-US}} Microsoft added other components under the "Windows Defender" brand name, including Windows Defender Application Guard (WDAG), Windows Defender Exploit Guard (WDEG), Windows Defender Application Control,{{Cite web |last=Gerend |first=Jason |display-authors=etal |date=8 September 2022 |title=What's new in Windows Server 2016 |url=https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2019 |website=Windows Server documentation |via=Microsoft Learn}} and Windows Defender Advanced Threat Protection (Defender ATP).

A year later, Microsoft began dissolving the Windows Defender brand in favor a of the cloud-oriented "Microsoft Defender" brand. The company removed WDSC from the brand in the 1809 update, renaming it Windows Security Center (WSC).{{cite web |url=https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809 |title=What's new in Windows 10, version 1809 for IT Pros |website=docs.microsoft.com |date=September 2018 |access-date=19 December 2020 |archive-url=https://web.archive.org/web/20201111200803/https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809 |archive-date=11 November 2020 |url-status=live|quote="Windows Defender Security Center is now called Windows Security."}} The 2004 update renamed Windows Defender Antivirus, calling it Microsoft Defender Antivirus, as Microsoft extended Defender ATP's capabilities beyond the Windows OS.{{cite web|title=Announcing Windows 10 Insider Preview Build 18945|url=https://blogs.windows.com/windowsexperience/2019/07/26/announcing-windows-10-insider-preview-build-18945|website=Windows Experience Blog|date=26 July 2019|access-date=19 December 2020|archive-url=https://web.archive.org/web/20190726190211/https://blogs.windows.com/windowsexperience/2019/07/26/announcing-windows-10-insider-preview-build-18945/|archive-date=26 July 2019|url-status=live}}{{cite web |url=https://www.microsoft.com/en-us/windows/comprehensive-security |title=Windows Security: Microsoft Defender Antivirus & More |website=www.microsoft.com |date=June 2020 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20200630184817/https://www.microsoft.com/en-us/windows/comprehensive-security |archive-date=30 June 2020 |quote="Formerly known as Windows Defender, Microsoft Defender Antivirus still delivers the [...]"}}

Windows Defender Offline (formerly known as Standalone System Sweeper){{cite web|url=https://technet.microsoft.com/en-us/library/hh547009.aspx|title=Utility Spotlight: Repair Your PC Infection|first=Lance|last=Whitney|website=technet.microsoft.com|date=31 August 2016 |access-date=16 April 2018}} is a stand-alone anti-malware program that runs from bootable removable media (e.g. CD or USB flash drive) designed to scan infected systems while the Windows operating system is offline.{{cite web|url=https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc|title=Help protect my PC with Windows Defender Offline|website=support.microsoft.com|access-date=16 April 2018}} Since Windows 10 Anniversary Update in 2016, the option to boot into Windows Defender Offline can be initiated from within Windows itself, negating the need for the separate boot disk.

[https://www.microsoft.com/microsoft-365/microsoft-defender-for-individuals Microsoft Defender for Individuals] was released to the general public in June 2022 for Windows 10, Windows 11, Mac OS, Android, and iOS devices.{{Cite web |last=Jakkal |first=Vasu |date=2022-06-16 |title=Making the world a safer place with Microsoft Defender for individuals |url=https://www.microsoft.com/en-us/security/blog/2022/06/16/making-the-world-a-safer-place-with-microsoft-defender-for-individuals/ |access-date=2023-03-01 |website=Microsoft Security Blog |language=en-US}}{{Cite web |title=Microsoft's Defender online security tool is now available to consumers |url=https://www.engadget.com/microsoft-defender-for-individuals-release-date-155704052.html |access-date=2023-03-01 |website=Engadget |date=16 June 2022 |language=en-US}} On Windows it works alongside Microsoft's first and third-party antivirus solutions, such as Microsoft Defender Antivirus.

Microsoft Defender for Individuals requires a Microsoft 365 personal or family license.{{Cite web |title=Microsoft Defender for Individuals FAQ reference 1 |url=https://www.microsoft.com/en-ca/microsoft-365/microsoft-defender-for-individuals |access-date=2023-03-01 |website=www.microsoft.com |language=en-ca}}

Microsoft Defender for Individuals is a stand-alone app that adds central management with visibility of family devices, as well as Identity Theft Monitoring (in supported regions{{Cite web |title=Microsoft Defender for Individuals FAQ reference 2 |url=https://www.microsoft.com/en-ca/microsoft-365/microsoft-defender-for-individuals |access-date=2023-03-01 |website=www.microsoft.com |language=en-ca}}) to existing anti-malware features on Windows devices. On macOS and Android, the app includes its own anti-malware protection and on Android and iOS it also includes web protection (malicious link detection).{{Cite web |title=Microsoft Defender for Individuals FAQ - section Security |url=https://www.microsoft.com/en-ca/microsoft-365/microsoft-defender-for-individuals |access-date=2023-03-01 |website=www.microsoft.com |language=en-ca}}

All supported platforms share a common user interface, which is also accessible from a web browser through Microsoft's [https://mydefender.microsoft.com My Defender portal].

On May 5, 2017, Tavis Ormandy, a vulnerability researcher from Google, discovered a security vulnerability in the JavaScript analysis module (NScript) of Microsoft Antimalware Engine (MsMpEngine) that impacted Windows Defender, Microsoft Security Essentials and System Center Endpoint Protection. By May 8, 2017, Microsoft had released a patch to all affected systems. Ars Technica commended Microsoft for its unprecedented patching speed and said that the disaster had been averted.{{cite web|last1=Anthony|first1=Sebastian|title=Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable|url=https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/|website=Ars Technica|publisher=Condé Nast|date=9 May 2017}}{{cite web|title=Microsoft Security Advisory 4022344|url=https://technet.microsoft.com/en-us/library/security/4022344|website=TechNet|publisher=Microsoft|date=8 May 2017}}

During a December 2017 test of various anti-malware software carried out by AV-TEST on Windows 10, Windows Defender earned 6 out of 6 points in detection rate of various malware samples, earning its "AV-TEST Certified" seal.{{cite web|title=The best antivirus software for Windows Home User|url=https://www.av-test.org/en/antivirus/home-windows/windows-10/december-2017/|work=AV-TEST.org|publisher=AV-TEST|access-date=12 April 2018|year=2018}}

During a February 2018 "Real-World Protection Test" performed by AV-Comparatives, Windows Defender achieved a 100% detection rate of malicious URL samples, along with 3 false positive results.{{cite web|title=Real-World Protection Test|url=https://www.av-comparatives.org/wp-content/uploads/2018/03/avc_factsheet2018_02.pdf|work=AV-Comparatives.com|publisher=AV-Comparatives|access-date=12 April 2018|year=2018}}

An AV-TEST test of Windows Defender in October 2019 demonstrated it provides excellent protection both against viruses and 0-day / malware attacks.{{cite web|access-date=2020-09-04|title=Test Microsoft Windows Defender 4.18 for Windows 10 (194015)|url=https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2019/microsoft-windows-defender-4.18-194015/|website=www.av-test.org}}

On December 1, 2021, AV-TEST gave Defender a maximum protection score of 34 points after successfully managing to detect ten out of ten ransomware samples in a lab test.{{cite web|title=9 Security Packages for Consumer Users in an Advanced Threat Protection Test against Ransomware|url=https://www.av-test.org/en/news/9-security-packages-for-consumer-users-in-an-advanced-threat-protection-test-against-ransomware|work=AV-TEST.org|publisher=AV-TEST|access-date=1 December 2021|year=2021}}

Microsoft Defender has often been subjected to criticisms related to privacy concerns, performance issues, and intrusive behavior in recent versions of Microsoft Windows operating systems. Microsoft Defender features cloud file analysis and file submission under Microsoft Spynet Membership which eventually became Microsoft Advanced Protection Service (MAPS) when opted in with basic or advanced membership collects user data and sends to Microsoft which arises privacy concerns among users.{{Cite web |last=denisebmsft |date=2023-11-06 |title=Cloud protection and Microsoft Defender Antivirus |url=https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-worldwide |access-date=2023-11-20 |website=learn.microsoft.com |language=en-us}}{{Cite web |last=mjcaparas |date=2023-08-23 |title=Microsoft Defender for Endpoint data storage and privacy |url=https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-worldwide |access-date=2023-11-20 |website=learn.microsoft.com |language=en-us}} The cloud integration of Microsoft Defender also raised concerns among privacy advocates. The MsmpEngine of Microsoft Defender in recent versions of Windows was found to be using high amounts of system resources, especially CPU Resources when Real-time protection and scheduled scan is configured to be turned on.{{Cite web |title=Resolving High Hard Disk Drive and CPU Usage During Scans by Windows Defender {{!}} Dell US |url=https://www.dell.com/support/kbdoc/en-us/000128249/windows-defender-resolving-high-hard-disk-drive-and-cpu-usage-during-scans |access-date=2023-11-20 |website=www.dell.com}} This issue is more apparent in PCs with Intel CPUs.{{Cite web |title=Intel CPU Performance Takes a Big Hit Due to Windows Defender Bug |url=https://www.pcmag.com/news/intel-cpu-performance-takes-a-big-hit-due-to-windows-defender-bug |access-date=2023-11-20 |website=PCMAG |language=en}} Microsoft defender is configured by default to take up 50% of the system's CPU resources available by default, although this can be configured using Group Policy Editor along with limiting the process of MsmpEngine to use a Low Priority Process during a Realtime Scan and customizing scheduled scans.{{Cite web |last=denisebmsft |date=2023-05-24 |title=Configure Microsoft Defender Antivirus with Group Policy |url=https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-worldwide |access-date=2023-11-20 |website=learn.microsoft.com |language=en-us}}{{Cite web |last=Bashkarla |date=2019-10-27 |title=How to Limit Windows Defender CPU Usage |url=https://windowsloop.com/limit-windows-defender-max-cpu-usage/ |access-date=2023-11-20 |website=WindowsLoop |language=en-us}} Recent Windows Versions also deeply integrated Microsoft Defender with the operating system using mechanisms like Early Boot Anti-Malware, Tamper Protection, etc., making it almost impossible to remove or uninstall. Although these are useful to prevent malware from disabling or removing the antivirus itself, they also lead to frustration among users who utilize and seek 3rd party alternatives.{{Cite web |title=Turn off Defender antivirus protection in Windows Security - Microsoft Support |url=https://support.microsoft.com/en-us/windows/turn-off-defender-antivirus-protection-in-windows-security-99e6004f-c54c-8509-773c-a4d776b77960 |access-date=2023-11-20 |website=support.microsoft.com}}{{Cite web |last=tedhudek |date=2022-03-17 |title=Overview of Early Launch AntiMalware - Windows drivers |url=https://learn.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware |access-date=2023-11-20 |website=learn.microsoft.com |language=en-us}}{{Cite web |title=Prevent changes to security settings with Tamper Protection - Microsoft Support |url=https://support.microsoft.com/en-us/windows/prevent-changes-to-security-settings-with-tamper-protection-31d51aaa-645d-408e-6ce7-8d7f8e593f87 |access-date=2023-11-20 |website=support.microsoft.com}}{{Cite web |last=denisebmsft |date=2023-10-27 |title=Protect security settings with tamper protection |url=https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide |access-date=2023-11-20 |website=learn.microsoft.com |language=en-us}} In late-July 2020, Microsoft Defender began to classify modifications of the hosts file that blocks Microsoft telemetry and data collection servers as being a severe security risk.{{Cite web |title=Windows 10: HOSTS file blocking telemetry is now flagged as a risk |url=https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ |access-date=2023-11-20 |website=BleepingComputer |language=en-us}}{{Cite web |title=Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data |url=https://www.zdnet.com/article/windows-10-telemetry-secrets/ |access-date=2023-11-20 |website=ZDNET |language=en}}

• Security and safety features new to Windows Vista
• Windows Security Center

{{Notelist}}

{{Reflist}}

• {{Official website|https://www.microsoft.com/security/}}

{{Microsoft Security Products}}

{{Microsoft Windows components}}

{{Antivirus software}}

Category:2006 software

Defender Antivirus

Category:Microsoft Windows security technology

Category:Spyware removal

Category:Windows components

Category:Windows-only freeware

Category:Windows security software

Category:Antivirus software