Windows 10: Windows Defender (WD) Antivirus (AV)

Applies to:

Windows Server 2019

Windows 10 1809

Windows 10 1803

Windows 10 1709

Windows 10 1703

Windows Server 2016

Windows 10 1607

Updated Mar. 3rd, 2019.

Audience: Security Administrators, and IT Administrators.

I would go on-site with our Microsoft Premier customers, when I mentioned Windows Defender Antivirus (WD AV) , I would hear, Windows Defender?

A lot end-up thinking of Windows Defender from back in the days of Windows XP Service Pack 2, Windows Vista, and Windows 7 which was only an antispyware product.

So where is Windows Defender Antivirus coming from? Started with an acquisition of GeCAD's Reliable Anti-virus (RAV) which became Windows OneCare Live and then Windows Live OneCare.

Windows Live OneCare was replaced with Microsoft Security Essentials (MSE) for consumers and Forefront Endpoint Protection for enterprises which brought Microsoft Active Protection Service (MAPS).

MAPS in the cloud: How can it help your enterprise?

Forefront Endpoint Protection was replaced with System Center Endpoint Protection (SCEP).


And finally in Windows 8 (circa 2012), we merged Microsoft Security Essentials (MSE) and System Center Endpoint Protection (SCEP) for enterprises together to form Windows Defender Antivirus which was built-in to the O.S.. MAPS becomes “Cloud Protection”.

"We have made acquisition a part of Microsoft’s security strategy – since 2013 we’ve acquired companies like Aorato, Secure Islands, Adallom, and most recently Hexadite."
A decade inside Microsoft Security

And in Windows 10 we kept on investing on Windows Defender Antivirus (WD AV). See below on what changes that we made.

[Why WD AV?]

Top scoring in industry tests (Jan to Dec of 2018, and continuing in 2019).

March-April 2018 test results: More insights into industry AV tests

Adding transparency and context into industry AV test results

Protecting the protector: Hardening machine learning defenses against adversarial attacks

Some of you might ask, what did you guys do to improve on your 3rd party test scores?

  • Improved Machine Learning (ML) and Heuristics
  • New Deep ML targeting Behavioral anomalies



“Cloud Protection + Block at First Sight (BaFS)”


Another way of looking at it:Detonation-based-ML-diagram

Leading it to be next-generation antivirus.

Why Windows Defender Antivirus is the most deployed in the enterprise

Antivirus evolved

Windows Security Whitepaper - Windows 10 - Windows Defender Antivirus

The Evolution of Malware Prevention (Machine Learning) whitepaper

Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware

Windows Defender Antivirus can now run in a sandbox

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

[What’s new?]

What are some of the highlights for both the WDAV library and other additions and changes to security in Windows 10, versions:

What's new in Windows 10, version 1809 for IT Pros - Security

What's new in Windows 10, version 1803 IT Pro content - Security

What's new in Windows 10, version 1709 IT Pro content - Security

What's new in Windows 10, version 1703 IT pro content - Security

What's new in Windows 10, version 1607 - Security

What's new in Windows 10, versions 1507 and 1511 - Security

[Test / Deploy WD AV]

Windows Defender compliance mapping whitepaper

Windows Defender Antivirus & Exploit Guard protection evaluation guide

Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment

Partnering with the industry to minimize false positives

Give Windows Defender Antivirus, the Next-Gen Protection a try.

Next in this series:

Windows 10: Windows Defender Exploit Guard-Exploit Protection

Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules

Windows 10: Windows Defender Exploit Guard-Network Protection

Anti-ransomware in Windows 10: Windows Defender Exploit Guard-Controlled Folder Access




Lifecycle information on both Windows Defender Antivirus and SCEP are outlined at

Recommended settings for VDI desktops

A great Microsoft Ignite 2018 recording that goes over WDAV:

Windows Defender ATP machine learning: Detecting new and unusual breach activity - BRK3375