Microsoft Defender Antivirus uses several methods to provide threat protection: Cloud protection for near-instant detection and blocking of new and emerging threats Always-on scanning, using file and process behavior monitoring and other heuristics (also known as “real-time protection”) Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research You […]
When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the Microsoft Defender Antivirus cloud service. The default period that the file is blocked is 10 seconds. If you’re a security administrator, you can specify more time to wait before the file is allowed to run. Extending the cloud block […]
This article describes an antivirus/antimalware feature known as “block at first sight”, and describes how to enable block at first sight for your organization. Tip This article is intended for enterprise admins and IT Pros who manage security settings for organizations. If you are not an enteprise admin or IT Pro but you have questions […]
Tamper protection is available for devices that are running one of the following versions of Windows: Windows 10 Windows 11 Windows 10 Enterprise multi-session Windows 11 Enterprise multi-session Windows Server 2019 Windows Server 2022 Windows Server, version 1803 or later Windows Server 2016 Windows Server 2012 R2 Note Tamper protection in Windows Server 2012 R2 […]
To ensure Microsoft Defender Antivirus cloud-delivered protection works properly, your security team must configure your network to allow connections between your endpoints and certain Microsoft servers. This article lists the connections that must be allowed, such as by using firewall rules, and provides instructions for validating your connection. Configuring your protection properly helps ensure that […]
Microsoft Defender Antivirus uses many intelligent mechanisms for detecting malware. One of the most powerful capabilities is the ability to apply the power of the cloud to detect malware and perform rapid analysis. Cloud protection and automatic sample submission work together with Microsoft Defender Antivirus to help protect against new and emerging threats. If a […]
Cloud protection works together with Microsoft Defender Antivirus to deliver protection to your endpoints much faster than through traditional security intelligence updates. You can configure your level of cloud protection by using Microsoft Endpoint Manager (recommended) or Group Policy. Note Selecting High, High +, or Zero tolerance could cause some legitimate files to be detected. If that happens, you […]
Cloud protection in Microsoft Defender Antivirus delivers accurate, real-time, and intelligent protection. Cloud protection should be enabled by default; however, you can configure cloud protection to suit your organization’s needs. Methods to configure cloud protection You can turn Microsoft Defender Antivirus cloud protection on or off by using one of several methods: Microsoft Endpoint Manager, which […]
Microsoft Defender Antivirus cloud protection helps protect against malware on your endpoints and across your network. We recommend keeping cloud protection turned on, because certain security features and capabilities in Microsoft Defender for Endpoint only work when cloud protection is enabled. The following table summarizes the features and capabilities that depend on cloud protection: TABLE […]
Next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To identify new threats dynamically, next-generation technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. Cloud protection works together with Microsoft Defender Antivirus […]