Should you run Windows Defender and the Malicious Software Removal Tool?
Microsoft has created several security solutions in the past that are either available as standalone downloads or integrated in Windows directly.
The most common ones are Windows Defender, which Microsoft included in Windows Vista and successive versions of the Windows operating system, Microsoft Security Essentials, which is offered as a standalone version for versions of Windows prior to Windows 8, and the Malicious Software Removal Tool which is also available as a standalone version.
Windows Defender is a real-time antivirus solution that is active by default on systems running Windows 8 and newer. While some protection is better than none usually, it is fairly limited when it comes to protecting Windows from attacks and ranks low in independent antivirus tests.
The Malicious Software Removal Tool on the other hand has been designed specifically to remove malware from systems that are already infected (hence the name).
One of the core differences between Windows Defender and the Malicious Software Removal Tool is therefore purpose. Windows Defender has been designed to block malicious code from being executed on the system to prevent infection of the system, while the Malicious Software Removal Tool's purpose is to remove infections on systems that are already infected.
Another difference is that Windows Defender runs all the time on the system like any other active antivirus solution while the Malicious Software Removal Tool only when the user activates it.
Last but not least, updates are released regularly for Windows Defender which update the definition database while updates for the Malicious Software Removal Tool are usually only released once a month on Microsoft's Patch Day (second Tuesday of each month).
So, do you need both?
Microsoft's security solutions don't necessarily share information when it comes to the detection of threats. I asked Microsoft Support specifically about Windows Defender and MSRT and I was told that MSRT may support the removal of malicious software that Windows Defender cannot block.
I'm not sold on that 100% though considering that Windows Defender is listed as an option to detect and remove threats whenever a new MSRT update comes along.
While it is possible to list all the threats that Microsoft's Malicious Software Removal Tool supports, there seems to be no way to do the same for Windows Defender's definitions database.
It won't hurt obviously to run the Malicious Software Removal Tool once a month after it has been updated on Patch Day to make sure nothing slipped by.
Windows Defender was designed to deactivate automatically when another security solution is installed. That's where Microsoft's Software Removal Tool may come in handy as the installed security solution may not detect or remove all threats that Microsoft's tool supports.
Both programs are not providing the same level of protection that many third-party solutions offer due to their limited threat detection. While you may run them in addition to third-party security software, it is generally not recommended to run them exclusively on the system.
Now You: What's your experience in this regard?
I don’t know how reliable ‘Windows Defender Firewall’, because here on Windows 7 with the OS’s firewall, some applications phone home although I’ve added an inbound and an outbound rule to block them. For instance, ‘EditPad’ Lite which attempts to connect to connect to news.jgsoft.com and which fails to do so only because I block that connection with a DNSCrypt-proxy blacklist rule, and here what shows DNSCrypt-proxy query log :
127.0.0.1 news.jgsoft.com A REJECT 0ms quad9-dnscrypt-ip4-filter-pri
quad9 is the DNS used with DNSCrypt-proxy. This means that Windows Firewall does not prevent an application added to its filters to connect to the Web, not always anyway.
So I do hope Windows Defender Firewall does a better job.
Hi Tom,
You write:”I don’t know how reliable ‘Windows Defender Firewall….”.
Let me tell you, based on my own experience, that firewall is really a POS (Piece Of Shit). It is really unreliable
Every software is able to write a firewall condition under windows i think, Windows Firewall is a trash
The first software that i always install (when i need internet in vboxed windows) is Simple Wall.
https://github.com/henrypp/simplewall
I also really like his version of Chromium https://github.com/henrypp/chromium
https://github.com/henrypp/simplewall
I also, “Simple Wall” is a favorite. That’s enough.
henrypp/chromium: Chromium builds with codecs | GitHub
https://github.com/henrypp/chromium
Chromium builds with codecs https://chromium.woolyss.com/
Download latest stable Chromium binaries (64-bit and 32-bit) |
https://chromium.woolyss.com/
It is very interesting.
And, “Notes” There are must-see value.
https://chromium.woolyss.com/#notes
There’s an easy page for blocking/allowing programs to go out in the main firewall window, click on:
Allow and App or feature through Windows Firewall.
Otherwise, good overview of rules creation. I’ve never had a program sneak out if its rule is set up right.
Yes, Windows defaults to letting most anything through as do other firewalls I’ve used. Probably preferrable to blocking everything except in critical security situations.
To quickly achieve the same end result as the steps above, I always install “OneClickFirewall” – less complex than anything like WFC, it just gives you a right click context menu on any exe for “Block internet access” and “Restore internet access”. Very handy!
https://winaero.com/download.php?view.1886
@ B
I downloaded the OCF program but I did not install it.
Virus Total found one two red engines:
Antiy-AVL – Trojan/Win32.Fuerboos
and
MaxSecure – Trojan.Malware.7164915.susgen
Nice article Ashwin.
Sometimes I like to quit (disable the Internet connection temporarily) all internet connection than I use the free software program for windows Net disabler v.1. 0 ( Latest release ’17-02-21).
https://www.sordum.org/9660/net-disabler-v1-0/
Here is the easiest methode to block Windows programs from accessing the internet ; Application name is FAB (Firewall Application blocker) it is a Portable freeware , usage is just drag and drop the Application icon
https://www.sordum.org/8125/firewall-app-blocker-fab-v1-6/
Thanks Ashwin. I always forget about the internals of Windows Firewall.
Just set up some outbound rules to block some apps that shouldn’t have internet access. Thanks again!
Ashwin, it doesn’t work.
Try this. Install steam and login. Rules wil be automatically created to allow steam.
Now log out and close steam. Change the firewall rules to block.
Open steam again and login in.
Go back to the firewall to find new allow rules created for it.
Basically, anyone willing to pay microsoft to be added to a “trusted list” gets a free ticket past the windows firewall wether you want them to or not.
Now go get Windows Firewall Control (I reccomend finding a pre MWB version) and install it and setup it up. Then turn on secure rules. Now repaet the steps with Steam and it will stay blocked.
Fast, free and simple solution for the beginners and non-professional: Firewall App Blocker https://www.sordum.org/8125/firewall-app-blocker-fab-v1-6/
Sordum’s Firewall App Blocker is great. Just right-click any exe file and it gets blocked in Windows Firewall, without going through all those steps. Also note, this feature is also in Sordum’s Easy Context Menu. All free.
https://www.tweakhound.com/2018/11/30/blocking-a-programs-internet-access-via-the-windows-firewall/
The heck with all of that. Just use a superior and much easier to use front end for the built in firewall. Malwarebytes Windows Firewall Control is excellent.
I’ll just put this here: TinyWall
What gets me most is that large number of windows processes is trying to get access to internet. Why? Windows DOES not need access to internet even to install it and can run without internet. The only possible exception being network management.
Just another case of spyware?
MS should be legislated to provide full description and reasons for those services demand for access as it is potentially abusing privacy.
@Jafp
Your logic is sketchy and lacks reasonable facts. Perhaps you need to be legislated.