What's New in Windows Defender

Applies To: Windows 7

Windows Defender helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Windows Defender is available in all editions of Windows® 7.

Windows Defender features include:

  • A monitoring system that recommends actions against spyware when the spyware is detected.

  • Scanning options that allow you to schedule scans on a regular basis and to choose alert levels and actions that you want to take when potential spyware is detected during a scan.

Who will want to use Windows Defender?

Windows Defender helps home users protect their computers by detecting and removing spyware and unwanted software.

What are the benefits of the new and changed features?

Protection

  • Process monitoring is based on Event Tracing for Windows (ETW) for process starts, .dll and driver loading, and generating notifications of known or potential spyware and other unwanted software to the service.

  • Integration with the IOfficeAntiVirus interface helps protect against downloading malicious software (malware) from the Internet and in e-mail attachments, even if the Windows Defender user interface is not running.

  • An automatic process scan when services start or when the signature is updated helps catch missed threats.

  • Threats that are categorized as severe or high can be removed from the system automatically even if the Windows Defender interface is not running.

  • You can join Microsoft SpyNet, an online community that helps you choose how to respond to potential spyware threats. It also helps stop the spread of new spyware infections by giving you access to information about signatures created for programs submitted by other users.

User experience

  • The new Options page enumerates the different settings categories and eliminates the scrollbar for easier use.

  • The improved real-time detection view allows users to view threat details and to choose actions on a per-threat basis. Updated action choices are easier to understand.

  • The enhanced signature scan page provides better scan progress feedback and notifies the user during the scan if potential threats are found instead of waiting until the scan is finished.

Performance enhancements

  • The system file cache is used for the scan to avoid scanning system files.

  • Unique threat identification is assigned for each unknown file and kept in the cache. This helps avoid performance-intensive scanning for unknown threats.

  • A maximum cache size is maintained. Threats that no longer exist are removed from the cache.

  • To be less intrusive to the user, the scan schedule is based on idle time notification from the Task Scheduler.

Windows integration

  • Windows Defender now integrates with the Windows Action Center to consolidate system health notification and to reduce the number of icons in the notification area. All notifications for Windows Defender, such as critical alerts that require immediate action, are forwarded to the Windows Action Center for a unified user experience.

  • Additional Group Policy settings provide better Windows Defender management.

  • The new privacy option integrates with User Account Control (UAC) and restricts who can view history items by presenting the UAC prompt. Standard users must provide administrative credentials to view history.