Share via


Windows Defender

Applies To: Windows Server 2008

Windows Defender is a security technology used for the detection and mitigation of spyware and other potentially unwanted software. Windows Defender provides advanced system scanning and spyware removal technologies that simplify the removal of spyware and other potentially unwanted software from a computer.

Hierarchy of Managed Entities

Managed Entities

Name Description

Microsoft Antimalware Engine

The Microsoft Antimalware Engine identifies and removes spyware and other potentially unwanted software. It uses a definition database that lists the characteristics of known spyware and other potentially unwanted software.

Windows Defender Real-Time Protection

Real-Time Protection (RTP) is a feature of Windows Defender, running in the context of the logged-on user, that monitors the registry and file system on the computer by using agents that monitor auto-start extensibility points (ASEP). By default, Windows Defender monitors the following ASEPs: applications that are configured to automatically start when the computer boots up, system configuration settings, Internet Explorer Add-ons, Internet Explorer configuration settings, installed services, installed drivers, application registration, and Windows Add-ons.

Windows Defender Definitions

Windows Defender uses definitions, also known as signatures, that contain information about spyware and other potentially unwanted software. All definitions are stored in a definition database and include the changes that are made by spyware and other potentially unwanted software to the operating system. This information is used to detect and remove spyware and other potentially unwanted software.