Windows Defender rated top AV by AV-Test

[GimmeGaming]

1 hour ago, leadeater said:

So do I, we actually have SEPM but I still hate it .

 

But I hate CA eTrust way more because I had to find a way to remove it on mass from every computer and server and replace it, not only was that AV ineffective it's a bitch to remove.

If you run SEPM then you would know SEP 14 is probably the strongest AV for crypto locker protection (unless you use locking down to only running allowed applications from AV vendors. Most vendors can use this to lock down systems including SEP). This would be much more secure but takes 10 times the amount of IT staff time to manage.

Sep 12 was truly awful against crypto malware. This was its biggest weakness, followed by atrocious reporting on the SEPM.

 

Their were some stupid vulnerabilities in SEP in the past though that were much worse than you pointed out. But I'm sure it was the same with other vendors.

 

You mentioned effecting virtualization farms. This is not SEP directly but the poor configuration of the SEP implementation by someone implementing it with a lack of knowledge. If it was configured correctly, you wouldn't have these issue.

I'd be happy to help you with this. If you send a copy of the AV policy, I can point out whats wrong. I won't ask for the exclusion policy for security reasons. I could just send you what to add on to yours. I'm a certified specialist in the product and generally get sent into Symantec's biggest customers in Ireland when they are having issues that Symantec staff couldn't resolve. (I don't work for Symantec). Symantec have me on site for the last 18 months on one of there biggest customers to rebuild all their Symantec product stack to ensure they meet best practices.

[leadeater]

10 minutes ago, GimmeGaming said:

You mentioned effecting virtualization farms. This is not SEP directly but the poor configuration of the SEP implementation by someone implementing it with a lack of knowledge. If it was configured correctly, you wouldn't have these issue.

That is why I qualified it with the default settings, SEPM default are more for client OS but it's not like it's hard to have defaults based on OS type because Microsoft has that information available. I use that with SCCM to create device collections for servers and non servers etc.

 

Nothing is perfect, SEPM does a fine job but that doesn't mean I have to actually like it.

 

I think you're making a mistake by linking my criticisms with it as if I don't know how to use it, those are just amusing things I like to point out as crap I've had to deal with for Symantec, either not by my doing or was a bug I had to report.

10 minutes ago, GimmeGaming said:

If it was configured correctly, you wouldn't have these issue

I'm not.

[GimmeGaming]

5 minutes ago, leadeater said:

That is why I qualified it with the default settings, SEPM default are more for client OS but it's not like it's hard to have defaults based on OS type because Microsoft has that information available. I use that with SCCM to create device collections for servers and non servers etc. 

 

Nothing is perfect, SEPM does a fine job but that doesn't mean I have to actually like it.

 

I think you're making a mistake by linking my criticisms with it as if I don't know how to use it, those are just amusing things I like to point out as crap I've had to deal with for Symantec, either not by my doing or was a bug I had to report.

I'm not.

SEPM default policies should NEVER be used by anything other than testing? You shouldn't be using these settings on client OS's.

They are insecure and waste resources.

Enterprise products never work perfect outside the box like that as they expect you to configure it as needed, security products are no different. Eg balance speed with security.

 

I don't expect you to like it, I don't like it. I'm sick of using it if I'm being honest as I've managed it too much. I'd love to be using Kaspersky more often.

 

If you want to crap on Symantec use the vulnerability they had 3 years ago where you could send a line of code to a sep enabled system and take full control of the system. By far the worst SEP vulnerability

[yolosnail]

The best AV is your brain. 

If you need an AV to save you, you shouldn't be trusted on the internet!

 

My new laptop came with McAfee preinstalled, I didn't realise until the sound of my laptop fans woke me up from it doing a scan in the middle of the night. It woke the laptop up from sleep when it was in my backpack.

The unusual thing was it never popped up to notify me it was even installed, in the past it's popped up on the first boot asking me if I want to pay.

[Matsozetex]

11 hours ago, Froody129 said:

I actually quite like Defender. I've had Norton and McAfee in the past and I just don't see the point of an AV where using it presents the same symptoms as a virus-filled computer. I do still sometimes use things like Malwarebytes though. 

 

Of course, I'm a pretty 'safe' PC user. I have a VPN for when it's necessary and my browsing habits don't include super dodgy sites. 

I can attest to this, I had Trend Micro on my main PC and it gave me huge latency spikes when opening any file / web-page.

[leadeater]

1 hour ago, GimmeGaming said:

SEPM default policies should NEVER be used by anything other than testing? You shouldn't be using these settings on client OS's.

They are insecure and waste resources.

SEPM is government funded for all education providers here and I used to work for an IT company that exclusively serviced the education sector, that's how you encounter so much stupid with SEPM and how you end up not liking it.

 

We had a managed SEPM service that we put our managed/signed agreement clients on and had about 35k managed devices under that, client and server. SEPM handles that rather well, but that's also where we had the major issue crop up of SEP not allowing Mac OS to go in to sleep state so I think you can imagine how many complaints we got about that and how many people were effected.

 

I just prefer to bitch about things that have actually impacted me and directly caused me work.

[XenosTech]

14 hours ago, leadeater said:

I'd still rather use Defender than Symantec though, they earned my hatred many times lol

Slowest bulkiest POS I've ever had the misfortune to work with

[SimplyChunk]

3 hours ago, captain_to_fire said:

And yet my current university deployed SEP to all computers in the library as well as staff workstations. I think Symantec charges cheaper for their enterprise security solutions than their competitors with higher rating scores but I could be wrong.

 

I think on medium to large enterprise, in order to manage Windows Defender AV they need to buy Intune for cloud management or Windows 10 E5 for on-premise management which I think costs more. How I wish Windows Defender has a webcam protection where in it will notify me which application is using the webcam and an option to block access.

I've noticed Win10 in general (Not defender) brings up an icon in the app tray to let you know your microphone is being used (by say, Skype)  Maybe a camera option is in the works too.  It may already do this i haven't had a webcam hooked up to my computer for ages

[mr moose]

1 hour ago, leadeater said:

I just prefer to bitch about things that have actually impacted me and directly caused me work.

 

You must feel really out of place on these forums. 

[5x5]

And people on here told me I was stupid when I tried explaining why Defender is superior to most freeware junk. Guess I got the last laugh. HA!

[TheNamelessOne]

Nice to see that's doing better than it used to, but I still won't use it for my main rig. To me what matters is my experience with it, and it's not being a good one. I've used it on several machines for some years now, ones that I didn't want to get a paid version of something better, and Microsoft's version has always been slow whether it's in scanning speed or just slowing down the machine, ignoring preferences like exclusions, and one that I was surprised that even now years later still hasn't been fixed where sometimes it gets stuck in loop of searching for updates but not finding anything and it just uses resources in search of nothing until you restart the machine. This one has destroyed me on older laptops.

Which is why I don't care about what numbers some independent organization (that probably got paid off) show.

 

By the way, does anyone know how to completely uninstall it from Windows?  

[Guest]

20 hours ago, IntMD said:

You appear to have forgotten the /s there.

Must be a Windows command, Macs only have useful features.

[GimmeGaming]

8 hours ago, leadeater said:

SEPM is government funded for all education providers here and I used to work for an IT company that exclusively serviced the education sector, that's how you encounter so much stupid with SEPM and how you end up not liking it.

 

We had a managed SEPM service that we put our managed/signed agreement clients on and had about 35k managed devices under that, client and server. SEPM handles that rather well, but that's also where we had the major issue crop up of SEP not allowing Mac OS to go in to sleep state so I think you can imagine how many complaints we got about that and how many people were effected. 

 

I just prefer to bitch about things that have actually impacted me and directly caused me work.

But my point was your blaming Sep on IT admins not knowing how to do there job (Snooze setting for Mac OS scans not set by default).

Its like saying your 2080 ti is shit as its getting low frame rates but its caused by a pentium 4 that you have teamed it up with.

Unlike the 2080 ti, Sepm can be a pain for many other valid reasons outside of your control, just not the ones highlighted, mostly of them are on the sepm server side and not the sep client.

 

That's why I used an actual bug that caused chaos as an example. Such a stupid bug needed to be removed as soon as possible. I was called in to help on upgrading over 250,000 users after it happened (150,000 company, 120,000 company and a few smaller 10-17k companies). You can imagine the nightmare being pulled between such large jobs.

[leadeater]

20 minutes ago, GimmeGaming said:

But my point was your blaming Sep on IT admins not knowing how to do there job (Snooze setting for Mac OS scans not set by default).

This had nothing to do with scan settings and was a bug with SEPM, one we logged and got fixed.

[GimmeGaming]

7 minutes ago, leadeater said:

This had nothing to do with scan settings and was a bug with SEPM, one we logged and got fixed.

Unless I'm mistaken, this was when they originally added the feature to change it? After upgrading to the version with the ability to manage it, it was set to don't sleep by default so users got caught out as they didn't review the upgrade instructions. Its possible it was another issue but I can't find any bug fix notes on it.

[leadeater]

Just now, GimmeGaming said:

Unless I'm mistaken, this was when they originally added the feature to change it? After upgrading to the version with the ability to manage it, it was set to don't sleep by default so users got caught out as they didn't review the upgrade instructions. Its possible it was another issue but I can't find any bug fix notes on it.

It was years ago. From memory it was the Liver Updater application constantly kicking up and resetting the idle timer. It was never allowing the OS to detect it was idle so never went to sleep. Upgrading the client software resolved the problem.

[Vorg]

I have Emsisoft Anti-Malware and it's not even listed

[ZacoAttaco]

This is report is encouraging to hear. I'll probably just uninstall AVG now and use Windows Defender instead... I'll keep Malwarebytes though.