alphaspirit - Fotolia

How does Windows Defender Antivirus protect against malware?

Microsoft offers Windows Defender Antivirus as its native tool to prevent malware attacks. Discover how it works and what advanced protections it provides.

With the constant and evolving threat of malware, Windows Defender Antivirus employs a series of technologies to keep Windows Server protected.

While malware incidents can disrupt the workplace when they infect laptops, that impact is relatively minimal compared to the problems that occur when viruses infect servers. If a server succumbs to ransomware, it could severely damage the company.

To protect these critical server systems, Microsoft offers a native antimalware tool called Windows Defender Antivirus that also works on the Windows client operating system.

How Windows Defender Antivirus works

Windows Defender Antivirus prevents malware from entering systems to disrupt, control, steal or damage data. It uses heuristic scanning, protection updates and cloud-based services to block infected downloads. It works continuously in the background to check downloads, watch for suspicious behavior and identify potential malware based on heuristic principles.

Heuristics establish a baseline to compare activities. If a file attempts to perform an action outside of the baseline, the activity is flagged as suspicious, potentially signaling an infection or attack. Windows Defender Antivirus uses heuristics to issue alerts for suspicious activities, such as an attempt to make unusual changes to files, registry keys or startup locations.

The key to adequate protection is frequent signature updates, which scan and compare files against known threats.

Windows Defender Antivirus requires regular updates to maintain protection against emerging threats. Microsoft generally delivers engine updates every month to optimize features and performance.

The key to adequate protection is frequent signature updates, which scan and compare files against known threats. Microsoft issues new malware definitions as threats arise.

Microsoft employs the cloud to add further protection

Windows Defender Antivirus enlists additional help to protect enterprises with the Windows Defender Antivirus cloud protection service, formerly called Microsoft Active Protection Service. Microsoft says the cloud protection service employs analytics and machine learning to detect threats to protect endpoints faster than definition updates.

Windows Defender uses this cloud protection service to block suspicious files before they reach the system to help prevent infections from zero-day threats.

The Windows 10 and Windows Server 2016 difference

Windows Defender Antivirus is available for Windows 10 and Windows Server 2016. The features, functionality and management of Windows Defender Antivirus are largely the same for both.

When the antimalware product runs on Windows Server 2016, however, it will apply automatic exclusions based on specific Windows Server 2016 server roles, and Windows Defender Antivirus continues to run even if the OS uses another antimalware product.

Dig Deeper on Microsoft messaging and collaboration