Is if defender is "running in the background?

[Guest]

I have installed windows defender and it did pick up some spyware. My
questions is if defender is "running in the background" and actively check
for spyware - like a virus program.

Thanks
Jonas

 

[Guest]

Hello Jonas,

Defender does both real-time protection, on demand, and scheduled scªnning.

You should see MSASCui.exe (the user interface), and MsMpEng.exe (the
service executable) running, with the Task Manager.

In Windows Defender--real-time protection is done by a system service,
starting at boot time--that's the Windows Defender service, whose executable
is MsMpEng.exe.

MpCmdRun.exe monitors for the existence of new signatures and is responsible
initiating the updating process when new signatures are available. ...

For the benefit of the community reading this post, please rate the pºst.

I hope this post is helpful.

Let us know how it works ºut.

Еиçеl
-

 

[Bill Sanderson MVP]

Yes it is. It runs as a system service and starts at startup. To see an
example of this open Windows Defender, and set it doing a full scan of the
system. Then click the red X in the upper right corner of the window.

Re-open Windows Defender, and you should see the scan continuing.

 

[Guest]

I too have had WD loaded on my machine ever since it’s been available from
MS. Just recently “MpCmdRun.exe†has been showing up in Zone Alarm asking for
permission to access the Internet. My question is should I allow it to access
or not? So far I’ve denied and have allowed it to do so and it hasn’t made
any difference. I sure hope one of you follows can help me out here.

Thanks very much,
jlt50z
PS: I saw Engel and Bill Sanderson replied to the post as I'm hoping one of
you will answer my question here as well.

 

[Dave M]

What level of Spynet membership did you select under Tools > Microsoft
SpyNet? I believe that's Defender "phoning home" with the actions applied
to various software detections... so you probably should allow it, unless
you picked the option to not join SpyNet.

 

[Bill Sanderson MVP]

If you have the setting checked to update definitions before a scheduled
scan, MPCMDrun would be trying to do that. There may be other reasons as
well--not sure when MPCMDRUN might be sending information if you've chosen
advanced spynet membership, for example.

You wouldn't see any difference from blocking these, except that definitions
might not be updated until AutoUpdate gets around to it.

--

 

[Guest]

Bill . Once again you come through with great help! Thanks again.

DaveM. I'm not a member of Spynet, therefore I shouldn't be getting this
message for this reason. Thanks for the suggestion anyway as it would make
sense if I was a member indeed. Regards

 

[Dave M]

Good to hear that you got it straightened out... Yeap, I'd forgotten about
the update before scan checkbox, and that traffic would sure sound an alarm
if it wasn't already permitted.