{"id":81089,"date":"2018-03-22T09:58:23","date_gmt":"2018-03-22T16:58:23","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=81089"},"modified":"2023-05-15T23:12:50","modified_gmt":"2023-05-16T06:12:50","slug":"why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/03\/22\/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise\/","title":{"rendered":"Why Windows Defender Antivirus is the most deployed in the enterprise"},"content":{"rendered":"
Statistics about the success and sophistication of malware can be daunting. The following figure is no different: Approximately 96%<\/strong> of all malware is polymorphic<\/a> \u2013 meaning that it is only experienced by a single user and device before it is replaced with yet another malware variant. This is because in most cases malware is caught nearly as fast as it\u2019s created, so malware creators continually evolve to try and stay ahead. Data like this hammer home how important it is to have security solutions in place that are as agile and innovative as the attacks.<\/p>\n The type of security solution needed has a complex job: It must protect users from hundreds of thousands of new threats every day<\/em> \u2013 and then it must learn and grow to stay ahead of the next wave of attacks. The solution cannot just react to the latest threats; it must be able to predict and prevent malware infections.<\/p>\n Over the last year, we\u2019ve talked about how we\u2019re investing in new innovations to address this challenging threat landscape, what we\u2019ve delivered, and how it will change the dynamics. Today, I want to share the results<\/em> of our new antivirus capabilities<\/a> in Windows Defender Advanced Threat Protection (Windows Defender ATP<\/a>) which are genuinely incredible because they will directly benefit the work you are doing.<\/p>\n Currently, our antivirus capabilities on Windows 10 are repeatedly earning top scores on independent tests, often outperforming the competition. This performance is the result of a complete redesign of our security solution.<\/p>\n What\u2019s more, this same technology is available for our Windows 7 customers as well, so that they can remain secure during their transition to Windows 10.<\/p>\n We\u2019ve been working to make our antivirus capabilities increasingly more effective, and in 2015 our results in two major independent tests (AV-Comparatives<\/a> and AV-TEST<\/a>) began to improve dramatically. As you can see in the chart below, beginning in March 2015 our scores on AV-TEST<\/a> began to rise rapidly, and, over the course of the next five months, we moved from scores averaging 85%<\/strong> on their Prevalence Test to (or near) 100%<\/strong>.\u00a0 Since then, we\u2019ve maintained those types of scores consistently.\u00a0 Our scores on AV-Comparatives<\/a> experienced a very similar spike, trajectory, and results.<\/p>\n <\/p>\n In December 2017, we reached another milestone on AV-TEST, where we achieved a perfect score<\/strong> across both the Prevalence and Real-World based tests. Previously we had only scored a perfect 100% on one of the two tests for a given month. The following chart<\/a> from the AV-TEST site shows our scores from November and December 2017 on Windows 7. These same scores are also applicable to Windows 10, which shares the same technology (and more).<\/p>\n <\/p>\n For AV-Comparatives, we recently achieved another important quality milestone:\u00a0 For five consecutive months we detected all malware samples<\/strong>. \u00a0Our previous best was four consecutive months. The AV-Comparatives chart below shows our February 2018 results where we scored a perfect 100% block rate.<\/p>\n February 2018 results where we scored a perfect 100% block rate.<\/p>\n While independent antivirus tests are one indicator of a security solution\u2019s capabilities and protections, it\u2019s important to understand that this is only one part of a complete quality assessment.<\/p>\n For example, in the case of Windows Defender ATP<\/a> (which integrates our antivirus capabilities and the whole Windows security stack), our customers have a much larger set of protection features \u2013 none of which are factored into the tests.\u00a0 These features provide additional layers of protection that help prevent malware from getting onto devices in the first place. These features include the following:<\/p>\n If organizations like AV-Comparatives<\/a> and AV-TEST<\/a> performed complete security stack tests (i.e.,<\/em> testing against the complete endpoint protection solution) the results would often tell a very different story. For example, in November, we scored a 98.9%<\/strong> based on a single file miss on the Real-World test. The good news, however, is that we would have scored 100%<\/strong> if either Windows Defender Application Guard or Application Control was enabled.<\/p>\n <\/p>\n Read:\u00a0Adding transparency and context into industry AV test results<\/strong><\/a><\/p>\n The short answer is that we completely redesigned our antivirus solutions for both Windows 7 and Windows 10 from the ground up.<\/p>\n To do this, we moved away<\/strong> from using a static signature-based engine that couldn\u2019t scale due to its dependence on constant input from researchers. We\u2019ve now moved to<\/strong> a model that uses predictive technologies, machine learning, applied science, and artificial intelligence to detect and stop malware at first sight.\u00a0 We described the use of these technologies in our recent posts on Emotet<\/a> and BadRabbit<\/a>, as well as the recent Dofoil<\/a> outbreak.\u00a0 These are the types of approaches that can be very successful against the ongoing avalanche of malware threats.<\/p>\n Because of these changes, our antivirus solution can now block malware using local and cloud-based machine learning models, combined with behavior, heuristic, and generic-based detections on the client. We can block nearly all of it at first sight and in milliseconds!<\/p>\n This is incredible.<\/p>\n <\/p>\n We\u2019ve also designed our antivirus solution to work in both online and offline scenarios.\u00a0 When connected to the cloud, it\u2019s fed real-time intelligence from the Intelligent Security Graph<\/a>. \u00a0For offline scenarios, the latest dynamic intelligence from the Graph is provisioned to the endpoint regularly throughout the day.<\/p>\n We\u2019ve also built our solution to defend against the new wave of fileless attacks, like Petya and WannaCry.\u00a0 To read more about how we protect against these attacks, check out the blog post \u201cNow you see me: Exposing fileless malware<\/em><\/a>.\u201d<\/p>\n Each of these milestones is great, but the thing that makes us the most excited here at Microsoft is very simple:\u00a0 Customer adoption.<\/p>\n Right now, we are seeing big growth in enterprise environments our across all of our platforms:<\/p>\n These are awesome numbers and proof that customers trust Windows security. \u00a0What we are seeing is that as organizations are moving to Windows 10 they are also<\/em> moving to our antivirus as their preferred solution.\u00a0 With our antivirus solution being used on more than 50% percent of the Windows 10 PCs deployed in commercial organizations, it is now the most commonly used antivirus solution in commercial organizations on that platform<\/strong>.\u00a0 This usage is in commercial customers of all sizes \u2013 from small and medium-sized businesses to the largest enterprise organizations.<\/p>\n Over the past couple of months I\u2019ve shared this data with multiple customers, and often I\u2019m asked why we\u2019ve seen such a positive increase. The answer is simple:<\/p>\n While we\u2019ve made excellent progress with our antivirus solution, I\u2019m even more excited about the protection and management capabilities we will deliver to our customers in the near future. In the meantime, one of the best ways to evaluate our antivirus capabilities is when you run it with Windows Defender ATP<\/a>. With Windows Defender ATP, the power of the Windows security stack provides preventative protection, detects attacks and zero-day exploits, and gives you centralized management for your end-to-end security lifecycle.<\/p>\n Sign up<\/strong><\/a> to try Windows Defender ATP for yourself!<\/p>\n March-April 2018 test results: More insights into industry AV tests<\/a><\/p>\n Adding transparency and context into industry AV test results<\/a><\/p>\n Machine learning vs. social engineering<\/a><\/p>\n Questions, concerns, or insights on this story? Join discussions at the Microsoft community<\/a> and Windows Defender Security Intelligence<\/a>.<\/p>\n Follow us on Twitter @WDSecurity<\/a> and Facebook Windows Defender Security Intelligence<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" The type of security solution needed has a complex job: It must protect users from hundreds of thousands of new threats every day \u2013 and then it must learn and grow to stay ahead of the next wave of attacks.<\/p>\n","protected":false},"author":61,"featured_media":81131,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3681],"products":[3690],"threat-intelligence":[],"tags":[3819],"coauthors":[1916],"yoast_head":"\nIt started back in 2015<\/h2>\n
\n
How did we achieve these results?<\/h2>\n
What this means to you<\/h2>\n
\n
\n
Related blog posts:<\/strong><\/h4>\n
\nTalk to us<\/strong><\/h4>\n