14 DAY TRIAL // Windows Defender has evolved a lot in Windows 10, there’s no doubt about that, and in the Creators Update, the antivirus officially became the Windows Defender Security Center to group everything security in the operating system.
But in addition to all the improvements that everyone can see when launching the application, Microsoft also focused a lot on the detection engine, trying to make it as advanced as possible in an attempt to block malware and keep users secure.
In a paper called the Evolution of malware prevention, Microsoft explains how the standard definition of the antivirus has become outdated, pointing out that today’s security software shouldn’t block only malware but also a wider variety of threats that expose users and their data.
More than just basic protection
The Windows Defender team worked mostly on this in the last couple of years, and the Windows antivirus can now provide one of the most advanced detection engines on the market. Approximately 97 percent of the malware is detected locally by the client, while the rest of 3 percent can be blocked with machine learning and a mix of features that involve a cloud protection system.
“Heuristic detections, behavioral analysis, and client-based machine learning models work together to identify these potential threats and send them to the cloud protection system for its high-power computational capability. Our most intensive machine learning models live in our cloud protection system. These models can apply enormous computing power to machine learning models that could never run efficiently on the client. We have quick, linear models, of course, in addition to more intensive models like Deep Neural Networks,” Microsoft explains.
The software giant goes on to explain that Windows Defender uses not only a traditional defense system to detect and remove threat but also machine learning working in the cloud and more advanced features that are bundled with the operating system, like application isolation, control, and exploit mitigation.
Windows Device Guard, for instance, locks down the system to run only trusted apps, while Windows Application Guard isolates threats to a single container, blocking it from infecting files stored on the PC.
These are all features that are integrated into the Windows 10 Creators Update, which is currently available for everyone running Windows 10 already. Windows Defender is getting regular updates, and new advanced security features are likely to be added in the Redstone 3 update due in September.