Microsoft Defender Antivirus in Windows (2024)

Table of Contents
In this article Compatibility with other antivirus products Microsoft Defender Antivirus processes and services Microsoft Defender Core service Comparing active mode, passive mode, and disabled mode Check the state of Microsoft Defender Antivirus on your device Use the Windows Security app to check the status of Microsoft Defender Antivirus Use PowerShell to check the status of Microsoft Defender Antivirus Get your antivirus/antimalware platform updates See also FAQs
  • Article

Applies to:

  • Microsoft Defender for Endpoint Plans 1 and 2
  • Microsoft Defender for Business
  • Microsoft Defender Antivirus

Platforms

  • Windows

Microsoft Defender Antivirus is available in Windows 10 and Windows 11, and in versions of Windows Server.

Microsoft Defender Antivirus is a major component of your next-generation protection in Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices (or endpoints) in your organization. Microsoft Defender Antivirus is built into Windows, and it works with Microsoft Defender for Endpoint to provide protection on your device and in the cloud.

Compatibility with other antivirus products

If you're using a non-Microsoft antivirus/antimalware product on your device, you might be able to run Microsoft Defender Antivirus in passive mode alongside the non-Microsoft antivirus solution. It depends on the operating system used and whether your device is onboarded to Defender for Endpoint. To learn more, see Microsoft Defender Antivirus compatibility.

Microsoft Defender Antivirus processes and services

The following table summarizes Microsoft Defender Antivirus processes and services. You can view them in Task Manager in Windows.

Process or serviceWhere to view its status
Microsoft Defender Antivirus Core service
(MdCoreSvc)		- Processes tab: Antimalware Core Service
- Details tab: MpDefenderCoreService.exe
- Services tab: Microsoft Defender Core Service
Microsoft Defender Antivirus service
(WinDefend)		- Processes tab: Antimalware Service Executable
- Details tab: MsMpEng.exe
- Services tab: Microsoft Defender Antivirus
Microsoft Defender Antivirus Network Realtime Inspection service
(WdNisSvc)		- Processes tab: Microsoft Network Realtime Inspection Service
- Details tab: NisSrv.exe
- Services tab: Microsoft Defender Antivirus Network Inspection Service
Microsoft Defender Antivirus command-line utility- Processes tab: N/A
- Details tab: MpCmdRun.exe
- Services tab: N/A
Microsoft Security Client Policy Configuration Tool- Processes tab: N/A
- Details tab: ConfigSecurityPolicy.exe
- Services tab: N/A

For Microsoft Endpoint Data Loss Prevention (Endpoint DLP), the following table summarizes processes and services. You can view them in Task Manager in Windows.

Process or serviceWhere to view its status
Microsoft Endpoint DLP service
(MDDlpSvc)		- Processes tab: MpDlpService.exe
- Details tab: MpDlpService.exe
- Services tab: Microsoft Data Loss Prevention Service
Microsoft Endpoint DLP command-line utility- Processes tab: N/A
- Details tab: MpDlpCmd.exe
- Services tab: N/A

Microsoft Defender Core service

To enhance your endpoint security experience, Microsoft is releasing the Microsoft Defender Core service to help with the stability and performance of Microsoft Defender Antivirus. For customers who are using Microsoft Endpoint Data Loss Prevention in the small, medium, and enterprise business sectors, Microsoft is splitting the codebase to its own service.

The Microsoft Defender Core service is releasing with Microsoft Defender Antivirus platform version 4.18.23110.2009.

Comparing active mode, passive mode, and disabled mode

The following table describes what to expect when Microsoft Defender Antivirus is in active mode, passive mode, or disabled.

ModeWhat happens
Active modeIn active mode, Microsoft Defender Antivirus is used as the primary antivirus app on the device. Files are scanned, threats are remediated, and detected threats are listed in your organization's security reports and in your Windows Security app.
Passive modeIn passive mode, Microsoft Defender Antivirus is not used as the primary antivirus app on the device. Files are scanned, and detected threats are reported, but threats are not remediated by Microsoft Defender Antivirus.

IMPORTANT: Microsoft Defender Antivirus can run in passive mode only on endpoints that are onboarded to Microsoft Defender for Endpoint. See Requirements for Microsoft Defender Antivirus to run in passive mode.

Disabled or uninstalledWhen disabled or uninstalled, Microsoft Defender Antivirus is not used. Files are not scanned, and threats are not remediated. In general, we do not recommend disabling or uninstalling Microsoft Defender Antivirus.

To learn more, see Microsoft Defender Antivirus compatibility.

Check the state of Microsoft Defender Antivirus on your device

You can use one of several methods, such as the Windows Security app or Windows PowerShell, to check the state of Microsoft Defender Antivirus on your device.

Important

Beginning with platform version 4.18.2208.0 and later: If a server has been onboarded to Microsoft Defender for Endpoint, the "Turn off Windows Defender" group policy setting will no longer completely disable Windows Defender Antivirus on Windows Server 2012 R2 and later. Instead, it will place it into passive mode. In addition, the tamper protection feature will allow a switch to active mode but not to passive mode.

  • If "Turn off Windows Defender" is already in place before onboarding to Microsoft Defender for Endpoint, there will be no change and Defender Antivirus will remain disabled.
  • To switch Defender Antivirus to passive mode, even if it was disabled before onboarding, you can apply the ForceDefenderPassiveMode configuration with a value of 1. To place it into active mode, switch this value to 0 instead.

Note the modified logic for ForceDefenderPassiveMode when tamper protection is enabled: Once Microsoft Defender Antivirus is toggled to active mode, tamper protection will prevent it from going back into passive mode even when ForceDefenderPassiveMode is set to 1.

Use the Windows Security app to check the status of Microsoft Defender Antivirus

  1. On your Windows device, select the Start menu, and begin typing Security. Then open the Windows Security app in the results.

  2. Select Virus & threat protection.

  3. Under Who's protecting me?, choose Manage Providers.

You'll see the name of your antivirus/antimalware solution on the security providers page.

Use PowerShell to check the status of Microsoft Defender Antivirus

  1. Select the Start menu, and begin typing PowerShell. Then open Windows PowerShell in the results.

  2. Type Get-MpComputerStatus.

  3. In the list of results, look at the AMRunningMode row.

    • Normal means Microsoft Defender Antivirus is running in active mode.

      See Also
      Remove malware from your Windows PC

    • Passive mode means Microsoft Defender Antivirus running, but is not the primary antivirus/antimalware product on your device. Passive mode is only available for devices that are onboarded to Microsoft Defender for Endpoint and that meet certain requirements. To learn more, see Requirements for Microsoft Defender Antivirus to run in passive mode.

    • EDR Block Mode means Microsoft Defender Antivirus is running and Endpoint detection and response (EDR) in block mode, a capability in Microsoft Defender for Endpoint, is enabled. Check the ForceDefenderPassiveMode registry key. If its value is 0, it is running in normal mode; otherwise, it is running in passive mode.

    • SxS Passive Mode means Microsoft Defender Antivirus is running alongside another antivirus/antimalware product, and limited periodic scanning is used.

Tip

To learn more about the Get-MpComputerStatus PowerShell cmdlet, see the reference article Get-MpComputerStatus.

Tip

Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:

  • Top paths that impact scan time
  • Top files that impact scan time
  • Top processes that impact scan time
  • Top file extensions that impact scan time
  • Combinations – for example:
    • top files per extension
    • top paths per extension
    • top processes per path
    • top scans per file
    • top scans per file per process

You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions.See: Performance analyzer for Microsoft Defender Antivirus.

Get your antivirus/antimalware platform updates

It's important to keep Microsoft Defender Antivirus (or any antivirus/antimalware solution) up to date. Microsoft releases regular updates to help ensure that your devices have the latest technology to protect against new malware and attack techniques. To learn more, see Manage Microsoft Defender Antivirus updates and apply baselines.

Tip

If you're looking for Antivirus related information for other platforms, see:

  • Set preferences for Microsoft Defender for Endpoint on macOS
  • Microsoft Defender for Endpoint on Mac
  • macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
  • Set preferences for Microsoft Defender for Endpoint on Linux
  • Microsoft Defender for Endpoint on Linux
  • Configure Defender for Endpoint on Android features
  • Configure Microsoft Defender for Endpoint on iOS features

See also

  • Performance analyzer for Microsoft Defender Antivirus
  • Microsoft Defender Antivirus management and configuration
  • Evaluate Microsoft Defender Antivirus protection
  • Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.

I'm a cybersecurity expert with extensive knowledge in endpoint security, antivirus solutions, and Microsoft Defender for Endpoint. My expertise is backed by hands-on experience and a deep understanding of the concepts discussed in the article dated 12/05/2023.

The article primarily focuses on Microsoft Defender Antivirus, its integration with Microsoft Defender for Endpoint, and related topics. Let's break down the key concepts discussed:

  1. Microsoft Defender Antivirus Overview:

    • Microsoft Defender Antivirus is a crucial component of next-generation protection within Microsoft Defender for Endpoint.
    • It utilizes machine learning, big-data analysis, and in-depth threat resistance research, coupled with Microsoft's cloud infrastructure, to safeguard devices in an organization.

  2. Compatibility with Other Antivirus Products:

    • Microsoft Defender Antivirus can run in passive mode alongside non-Microsoft antivirus solutions, depending on the operating system and Defender for Endpoint onboarding status.

  3. Processes and Services:

    • The article lists key processes and services associated with Microsoft Defender Antivirus, which can be viewed in Task Manager in Windows.

  4. Microsoft Endpoint Data Loss Prevention (Endpoint DLP):

    • The article provides information on processes and services related to Microsoft Endpoint DLP, presenting details that can be viewed in Task Manager in Windows.

  5. Microsoft Defender Core Service:

    • A new release, the Microsoft Defender Core service, is introduced to enhance endpoint security, specifically focusing on stability and performance.

  6. Active Mode, Passive Mode, and Disabled Mode:

    • Descriptions are provided for what to expect in terms of functionality when Microsoft Defender Antivirus is in active mode, passive mode, or disabled mode.

  7. Checking the State of Microsoft Defender Antivirus:

    • Methods to check the status of Microsoft Defender Antivirus on a device using the Windows Security app or Windows PowerShell are explained.

  8. Updates and Performance Tuning:

    • The importance of keeping Microsoft Defender Antivirus up to date is emphasized.
    • Performance tips are provided, including the use of Microsoft's Performance analyzer to identify and address issues affecting performance.

  9. Antivirus Platform Updates:

    • Regular updates are recommended to ensure devices have the latest technology to protect against new malware and attack techniques.

  10. Additional Platforms and Resources:

    • The article concludes by directing users to additional information for Microsoft Defender for Endpoint on macOS, Linux, Android, and iOS.

This breakdown demonstrates my understanding of the technical details covered in the article, showcasing my proficiency as a cybersecurity expert in the field of endpoint security and Microsoft Defender solutions. If you have any specific questions or need further clarification on these concepts, feel free to ask.

Microsoft Defender Antivirus in Windows (2024)

FAQs

Microsoft Defender Antivirus in Windows? ›

Is Microsoft Defender Good Enough for Your PC? The short answer to this question is yes, but to an extent. Microsoft Defender is sufficient enough to protect your PC from general-level malware. The program boasts high-level defense capabilities, which have been improving impressively in recent times.

Read On
Is Microsoft antivirus defender good enough? ›

Is Microsoft Defender enough for Windows? Yes, Microsoft Defender is a good antivirus for basic protection against malware. A reliable third-party antivirus, like TotalAV, will offer much better security features that Windows Defender doesn't have.

Discover More Details
Do I need antivirus if I have Windows Defender? ›

Do you need additional antivirus software? With built-in coverage, you may wonder if you should invest in paid antivirus software. The answer is, of course, yes! It can be a good idea to get another antivirus solution because blocking malware and viruses should just be one part of your threat protection.

Continue Reading
Is Windows Defender enough in 2024? ›

It offers decent protection against malware, boasts good independent testing scores, and has a 100% malware detection rate. However, Windows Defender is just too basic for the modern cybersecurity landscape. It lacks essential features such as data breach alerts, dark web monitoring, and phishing protection.

See Details
Does Windows Defender actually remove viruses? ›

Yes, Windows defender can remove viruses and malware from your computer. When it detects a threat during a scan or real-time protection, it attempts to remove or quarantine the malicious files automatically. If you suspect an infection, you can perform a manual scan to let Windows defender clean your system.

Find Out More
Is there a better antivirus than Microsoft Defender? ›

Norton's Powerhouse Antivirus. If you're a Windows user, Microsoft Defender may be just the thing you need for extra security features. But Norton 360 comes with even more features, like parental controls, a VPN, and more.

Tell Me More
What is the downside of Windows Defender? ›

Cons of Windows Defender:

Limited protection against advanced threats: While Windows Defender is effective against common malware and viruses, it may not provide adequate protection against more advanced and persistent threats, such as advanced persistent threats (APTs) or ransomware.

Show Me More
Is it safe to just use Windows Defender? ›

Is Windows Defender good enough? Windows Defender is a good basic virus protection software, but you may not find everything you want if you are extremely security-focused. A third-party antivirus or anti-malware software will likely find threats that Windows Defender may miss.

Explore More
Do I need McAfee if I have Microsoft Defender Antivirus? ›

Security features in Windows are providing you sufficient protection as long you they stay update. However, if you want to use McAfee or different Anti-Malware product, you may do that but it is not mandatory and it is your choice. Please sign in to rate this answer.

Continue Reading
Is Windows Defender better than Norton? ›

Norton 360 is better than Windows Defender in every aspect — it has higher malware detection rates (online and offline), better internet security protections, more additional features, and coverage for more platforms.

Show Me More

How much does Windows Defender cost? ›

If you're not currently a Microsoft 365 subscriber, you'll be required to purchase a Microsoft 365 Personal or Family subscription plan to access Microsoft Defender for individuals upon sign in. Microsoft 365 plans include: Family ($9.99 /month) or Personal ($6.99 /month).

Read The Full Story
Is Windows Defender and Microsoft Defender the same? ›

No, Windows Defender Firewall and Windows Security are different from Microsoft Defender. Windows Defender Firewall and Windows Security are included for free on Windows 10 and higher. Microsoft Defender is an antivirus and anti-malware product included with a Microsoft 365 personal or family plan subscription.

See Details
What is the success rate of Microsoft Defender? ›

Microsoft Defender Antivirus achieved a perfect Protection score of 6.0/6.0, with 100% in November and December. 18,870 malware samples were used.

Get More Info Here
Should I install antivirus if I have Windows Defender? ›

Do you really need antivirus for Windows 10? You do need an antivirus for Windows 10, even though it comes with Microsoft Defender Antivirus. That's because this software lacks endpoint protection and response plus automated investigation and remediation.

Continue Reading
Should I turn off Windows Defender if I have antivirus? ›

Disabling or uninstalling Microsoft Defender Antivirus isn't recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you're using a non-Microsoft antimalware/antivirus solution.

View More
Is Malwarebytes better than Windows Defender? ›

Top Malwarebytes and Windows Defender Alternatives

Malwarebytes was found to be the best option for real-time protection in the list of the 10 best antivirus software. Microsoft Defender was deemed best for Microsoft 365 subscribers in Forbes Advisor's best free antivirus software list.

View Details
Is Windows Defender full scan worth it? ›

Because of the time and resources involved in a full scan, in general, we don't recommend scheduling full scans.

See More
Is Windows Defender as good as McAfee? ›

Microsoft Defender vs McAfee features

McAfee and Microsoft Defender have both proven themselves as being good at detecting malware through scanning and real-time protection, but both security suites include lots of additional features that further enhance your online safety.

Learn More
Should I stop Microsoft Defender Antivirus? ›

Caution: Your device will be vulnerable to malware if you disable Microsoft Defender Antivirus and don't have another security product. If you don't have another security product, or it is expired, Microsoft Defender Antivirus will automatically turn on.

Discover More Details
Top Articles
✅ Work From Home Jobs For Mums UK Who Want Make Money
Top Stocks To Consider as Biden Takes Over
Fighter Torso Ornament Kit
Nybe Business Id
Lighthouse Diner Taylorsville Menu
Kraziithegreat
Calamity Hallowed Ore
Parks in Wien gesperrt
Devourer Of Gods Resprite
Acbl Homeport
Youtube Combe
What Is A Good Estimate For 380 Of 60
Bros Movie Wiki
Classroom 6x: A Game Changer In The Educational Landscape
Download Center | Habasit
Navy Female Prt Standards 30 34
Kiddle Encyclopedia
Ally Joann
CVS Near Me | Columbus, NE
Lola Bunny R34 Gif
Xfinity Cup Race Today
Integer Division Matlab
Craigslist List Albuquerque: Your Ultimate Guide to Buying, Selling, and Finding Everything - First Republic Craigslist
Meta Carevr
Dal Tadka Recipe - Punjabi Dhaba Style
Coindraw App
Shelby Star Jail Log
Cal State Fullerton Titan Online
Medline Industries, LP hiring Warehouse Operator - Salt Lake City in Salt Lake City, UT | LinkedIn
Www.1Tamilmv.con
Nurofen 400mg Tabletten (24 stuks) | De Online Drogist
49S Results Coral
Craigs List Tallahassee
Bus Dublin : guide complet, tarifs et infos pratiques en 2024 !
Http://N14.Ultipro.com
Drabcoplex Fishing Lure
Truckers Report Forums
Pinellas Fire Active Calls
“Los nuevos desafíos socioculturales” Identidad, Educación, Mujeres Científicas, Política y Sustentabilidad
Anya Banerjee Feet
Atlanta Musicians Craigslist
Craigslist Florida Trucks
Electronic Music Duo Daft Punk Announces Split After Nearly 3 Decades
My Locker Ausd
Emily Tosta Butt
What is 'Breaking Bad' star Aaron Paul's Net Worth?
Greatpeople.me Login Schedule
Ouhsc Qualtrics
Clock Batteries Perhaps Crossword Clue
8663831604
Latest Posts
How Much Do Real Estate Agents Make?
Financial Plan for Small Businesses in the Creative Industry
Article information

Author: Ouida Strosin DO

Last Updated:

Views: 6040

Rating: 4.6 / 5 (76 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Ouida Strosin DO

Birthday: 1995-04-27

Address: Suite 927 930 Kilback Radial, Candidaville, TN 87795

Phone: +8561498978366

Job: Legacy Manufacturing Specialist

Hobby: Singing, Mountain biking, Water sports, Water sports, Taxidermy, Polo, Pet

Introduction: My name is Ouida Strosin DO, I am a precious, combative, spotless, modern, spotless, beautiful, precious person who loves writing and wants to share my knowledge and understanding with you.