Windows Defender ATP Review | Summary and Q&A
TL;DR
Windows Defender Advanced Business Version has mixed results in detecting and blocking threats, with heavy reliance on cloud lookups and a lag in reporting alerts.
Key Insights
- πΆβπ«οΈ Windows Defender Advanced Business Version heavily relies on cloud lookups for threat detection, which may result in missed threats when offline.
- π₯³ The detection ratio for potentially unwanted programs (pups) is higher with the Advanced Business Version.
- π€ The software introduces a new detection category called unwanted Enterprise software, which blocks non-malware items in an Enterprise environment.
- π There is a lag in reporting alerts and incidents, affecting the integration experience.
- π€¨ The software provides detailed information about system processes and commands, allowing users to analyze suspicious behavior.
- π€¨ In simulated tests, suspicious actions were allowed by default, but flagged as alerts.
- π€ Some false positives were observed with the software, creating additional workload for users.
Transcript
hello and welcome to the PC security channel for the last few days I've been testing the advanced business version of Windows Defender that comes with Microsoft 365. as is apparent by the number of alerts you can see here well in our automated test against ransomware and this is known ransomware it did miss a few samples as you can see also it seem... Read More
Questions & Answers
Q: Is Windows Defender Advanced Business Version effective against ransomware?
In automated tests, Windows Defender Advanced Business Version missed some samples of known ransomware, indicating its effectiveness may be limited.
Q: Does Windows Defender Advanced Business Version have a smooth integration experience?
While the software provides a lot of information about system activity and processes, there is a significant lag between events occurring on the system and them being reported as alerts or incidents, affecting the integration experience.
Q: Can Windows Defender Advanced Business Version block suspicious actions by default?
In simulated tests, it was found that the software allows suspicious actions by default, but flags them as alerts. Custom rules and advanced hunting may be required to effectively block such actions.
Q: Does Windows Defender Advanced Business Version provide easy customization options?
The user interface of the software does not offer extensive customization options, especially when it comes to modifying the basic engine settings. The ability to change alert preferences and enable email notifications is provided, but more advanced customization may be lacking.
Summary & Key Takeaways
-
Windows Defender Advanced Business Version missed some samples of known ransomware in automated tests, and its detection ratio for potentially unwanted programs (pups) is higher.
-
The software heavily depends on cloud lookups for threat detection, meaning it may miss threats when not connected to the internet.
-
The detection system includes a new feature called unwanted Enterprise software, which blocks game installers and other non-malware items in an Enterprise environment.
Share This Summary π
Explore More Summaries from The PC Security Channel π
