Microsoft Defender lacks offline detection capabilities, says AV-Comparatives

In the context: Microsoft Defender debuted as a free downloadable anti-spyware program during the Windows XP days. Eventually, Microsoft evolved into a complete antivirus solution (it had several different names and iterations), integrating software into the operating system. However, years later, Defender still has a hard time detecting malware when the computer is offline.

AV-Comparatives, a leading security software testing organization, recently released its latest anti-malware test for consumer antivirus software. The test compared major antivirus products against a specific set of malware samples, collecting logs and results about the software’s ability to detect and protect users from infection.

List of tested products in September 2022 Anti-Malware Test includes well-known security names such as Avira, AVG, Avast (now part of the Norton LifeLock family of products), Bitdefender, Kaspersky and many more. Microsoft Defender, Windows’ built-in security system, was also included, though the final results weren’t as brilliant compared to some of the best third-party antiviruses on the market.

According to AV-Comparatives, Microsoft Defender received the third lowest score for offline detection capabilities (69.8%), just behind Panda (52.8%) and Trend Micro (41.1%).

Conversely, Defender’s detection and protection capabilities matched some of the best Windows antivirus programs (98.1%, 99.99%) when using online cloud features.

AV-Comparatives recently changed its testing methodology to focus on protection rather than just detection capabilities. In short, the tests now check if the antivirus software can prevent the malware from making any actual changes to the system, even after it has already arrived on the target machine in an inactive state.

Faced with 10,019 malware samples used for testing, Microsoft Defender was able to block almost all but one of them, but only when the antivirus was able to access Redmond’s cloud servers. Avast, AVG, G Data, and McAfee scored a perfect 100% protection rate, while Trend Micro was in last place with 259 successful infections.

AV-Comparatives grouped all tested antivirus products into four different groups, giving each group different awards in proportion to the number of false positives each antivirus found.

Microsoft Defender found “many” false positives even with its networking capabilities (19), so Windows’ built-in antivirus protection could only receive the “Advanced” protection award, even though it received a better score (Advanced+) in previous tests.