About malware definitions

Applies To: Forefront Client Security

Definitions are data about malware and other security issues. Client Security uses definitions to identify malware and other potential security issues.

Client Security can identify malware in various manners. One method is to identify unique binary patterns in the files of the malware. This method is often compared to taking a fingerprint. Another method is to identify malware by its behavior.

Each malware definition includes the category that the malware belongs to, the severity that Microsoft has assigned to the malware, and the default response that Client Security takes if the policy protecting the infected computer does not include a response override for the malware. When you create or edit a Client Security policy, you can view the category, severity, and default response for every type of malware identified in the definitions file. For more information, see Overriding default responses to malware.


Distributing definition and engine updates