Windows 10’s integrated Windows Defender antivirus has some “cloud” features, like other modern antivirus applications. By default, Windows automatically uploads some suspicious-looking files and reports data about suspicious activity so new threats can be detected and blocked as quickly as possible.
These features are part of Windows Defender, the antivirus tool included with Windows 10. Windows Defender is always running unless you’ve installed a third-party antivirus application tool to replace it.
These two features are enabled by default. You can view whether they’re currently enabled by launching the Windows Defender Security Center. You can find it by searching for “Windows Defender” in your Start menu, or by locating “Windows Defender Security Center” in the list of apps. Navigate to Virus & threat protection > Virus & threat protection settings.
Both Cloud-based protection and Automatic sample submission can be disabled here, if you like. However, we recommend you leave these features enabled. Here’s what they do.
Cloud-Based Protection
The Cloud-based protection feature “provides increased and faster protection with access to the latest Windows Defender Antivirus protection data in the cloud”, according to the Windows Defender Security Center interface.
This appears to be a new name for the latest version of the Microsoft Active Protection Service, also known as MAPS. It was formerly known as Microsoft SpyNet.
Think of this as a more advanced heuristics feature.
With typical antivirus heuristics, an antivirus application watches that programs do on your system and decides whether their actions look suspicious. It makes this decision entirely on your PC.With the cloud-based protection feature, Windows Defender can send information to Microsoft’s servers (“the cloud”) whenever suspicious-looking events occur. Rather than making the decision entirely with the information available on your PC, the decision is made on Microsoft’s servers with access to the latest malware information available from Microsoft’s research time, machine-learning logic, and large amounts of up-to-date raw data.
Microsoft’s servers send a near-instant response, telling Windows Defender that the file is probably dangerous and should be blocked, requesting a sample of the file for further analysis, or telling Windows Defender that everything is fine and the file should be run normally.
By default, Windows Defender is…
The post How Do Windows Defender’s “Automatic Sample Submission” and “Cloud-Based Protection” Work? appeared first on FeedBox.