Windows Defender VERY quiet on my PC

  • Thread starter Thread starter History Fan
  • Start date Start date
H

History Fan

I've been using Windows Defender since it was first taken over by
Microsoft and called Microsoft AntiSpyware Beta 1. The program runs very
quietly on my PC, which generally is a nice feature for computer software.
However, in all those years, I have never gotten a warning or any type of
pop-up message from the program. I suppose that is good news, but it would
be reassuring if Windows Defender could somehow let me know it is still
alive and kicking maybe once a year.

If I open WD and click 'History', there are a few items listed. But
I've never been alerted to these events. If I visit XP's Administrative
Tools, Event History, WD is listed several times. But again, none of this
has ever been reported to me. I am using the default settings with one
exception: I have the WD icon appear permanently in the systray.

WD has also never found anything during a scan. When it was called MS
AntiSpyware Beta 1, it once incorrectly found an item.

Apparently if you sign up for Advanced Microsoft SpyNet membership, WD
will alert you to unknown threats. Well, to test that, I temporarily signed
up for Advanced membership. Then I changed my IE home page. No alerts at
all from Windows Defender. The only difference was that the systray icon
had turned blue. When I clicked on it, I was asked to approve or disapprove
the change.

I appreciate the fact that WD is free, is easy to use, and has free
auto-updates. I just have to wonder if the program does anything useful.

My PC specs: desktop running XP SP2, DSL connection. Pentium D
processor at 3.0Ghz, 2GB of RAM.
 
If you want to test to see if Windows Defender is protecting your system
from spyware in real-time, try EICAR the harmless test file...

This is from Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well, but
that's another issue.
For those of you who want to know what we're talking about, the EICAR group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows Defender
detect something, visit http://eicar.org , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution (that
you should be running *IN ADDITION* to Windows Defender) will also pick it
up."
 
Dave M said:
If you want to test to see if Windows Defender is protecting your system
from spyware in real-time, try EICAR the harmless test file...

This is from Joe Faulhaber [MSFT]:
"We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well,
but
that's another issue.
For those of you who want to know what we're talking about, the EICAR
group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows Defender
detect something, visit http://eicar.org , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution (that
you should be running *IN ADDITION* to Windows Defender) will also pick it
up."
--

Regards, Dave


History said:
I've been using Windows Defender since it was first taken over by
Microsoft and called Microsoft AntiSpyware Beta 1. The program runs very
quietly on my PC, which generally is a nice feature for computer
software.
However, in all those years, I have never gotten a warning or any type of
pop-up message from the program. I suppose that is good news, but it
would
be reassuring if Windows Defender could somehow let me know it is still
alive and kicking maybe once a year.

If I open WD and click 'History', there are a few items listed. But
I've never been alerted to these events. If I visit XP's Administrative
Tools, Event History, WD is listed several times. But again, none of this
has ever been reported to me. I am using the default settings with one
exception: I have the WD icon appear permanently in the systray.

WD has also never found anything during a scan. When it was called MS
AntiSpyware Beta 1, it once incorrectly found an item.

Apparently if you sign up for Advanced Microsoft SpyNet membership,
WD
will alert you to unknown threats. Well, to test that, I temporarily
signed
up for Advanced membership. Then I changed my IE home page. No alerts
at
all from Windows Defender. The only difference was that the systray icon
had turned blue. When I clicked on it, I was asked to approve or
disapprove
the change.

I appreciate the fact that WD is free, is easy to use, and has free
auto-updates. I just have to wonder if the program does anything useful.

My PC specs: desktop running XP SP2, DSL connection. Pentium D
processor at 3.0Ghz, 2GB of RAM.
Click to expand...
Click to expand...


Thanks for the suggestion.

I saved the eicar.com test file to my desktop, and AVG AV went nuts,
warning me repeatedly. I dismissed the warnings, but received no messages
from Windows Defender. I ran a WD scan, it found nothing. I moved the
eicar.com test file to my Startup folder. Again, AVG went nuts, but I told
it to ignore the file. No warnings at all from Windows Defender. I ran
another WD scan. Again, it found nothing. Finally, WinPatrol alerted me to
the new startup entry. Did I want to allow it? I clicked no, and the
eicar.com program was removed.

I'd say Windows Defender failed this test.
 
Thanks for the suggestion.
I saved the eicar.com test file to my desktop, and AVG AV went nuts,
warning me repeatedly. I dismissed the warnings, but received no messages
from Windows Defender. I ran a WD scan, it found nothing. I moved the
eicar.com test file to my Startup folder. Again, AVG went nuts, but I
told it to ignore the file. No warnings at all from Windows Defender. I
ran another WD scan. Again, it found nothing. Finally, WinPatrol alerted
me to the new startup entry. Did I want to allow it? I clicked no, and
the eicar.com program was removed.

I'd say Windows Defender failed this test.
Click to expand...

For the record, these were 'Quick Scans' I had Windows Defender run.
 
:

However, in all those years, I have never gotten a warning or any type of
pop-up message from the program. I suppose that is good news, but it would
be reassuring if Windows Defender could somehow let me know it is still
alive and kicking maybe once a year.
Click to expand...

Dave M's advice is topnotch, and the eicar test he recommends will tell you
whether Defender is really working or not. But also - you don't say whether
you have any other antispyware protection, and I wouldn't myself want to be
relying on Defender alone. Could I recommend that you install at least one
(and preferably several) additional antispyware programs, and do a scan with
them to check that they agree with Defender's silent running? One of the most
frequently recommended programs around here is Superantispyware, and you can
get it here for free (use the blue button for the free version):
http://www.superantispyware.com/
 
Alan D said:
:



Dave M's advice is topnotch, and the eicar test he recommends will tell
you
whether Defender is really working or not. But also - you don't say
whether
you have any other antispyware protection, and I wouldn't myself want to
be
relying on Defender alone. Could I recommend that you install at least one
(and preferably several) additional antispyware programs, and do a scan
with
them to check that they agree with Defender's silent running? One of the
most
frequently recommended programs around here is Superantispyware, and you
can
get it here for free (use the blue button for the free version):
http://www.superantispyware.com/
Click to expand...


For antispyware protection, I also use SpywareBlaster, Spybot S&D,
Ad-Aware SE, and Win-Patrol.
 
History Fan said:
For antispyware protection, I also use SpywareBlaster, Spybot S&D,
Ad-Aware SE, and Win-Patrol.
Click to expand...

During this period of Defender's silent running, did Spybot or AdAware ever
pick up anything (apart from cookies) that Defender missed?
 
Alan D said:
During this period of Defender's silent running, did Spybot or AdAware
ever
pick up anything (apart from cookies) that Defender missed?
Click to expand...


Spybot never finds anything. Although I suppose its Immunization
feature is useful. AdAware SE finds nothing but tracking cookies.

I have just uninstalled Windows Defender, a task I've been
contemplating for quite a while. I'm fairly cautious about my Internet
surfing, and I also use Firefox as my default browser. That plus the other
security programs I use will hopefully keep my computer protected.
 
You missed this:
"protecting your system from spyware in real-time" (although Defender will
pick EICAR up from a scan as well.)

"Your AV solution (that you should be running *IN ADDITION* to Windows
Defender) will also pick it up."

That your AV picked it up first, and either deleted it or quarantined it,
is actually good news, because it means that Defender is not in conflict
with your AV even though both detect EICAR. Use this safe technique to see
Defender's alert without your AV eliminating the threat before Defender
reports it:

Copy it to memory from the EICAR.org site.
Disconnect from the internet
Shut off or disable your real-time AV
Paste it into a new.txt file in your startup folder and save it.
Turn your AV back on after the WD detection
Reconnect to the internet

There are probably other ways to do this but the above came to mind first.
Everyone should know what a Defender alert looks like... and
congratulations on your Safe Hex if you don't already.
 
History Fan said:
Spybot never finds anything. Although I suppose its Immunization
feature is useful. AdAware SE finds nothing but tracking cookies.
Click to expand...

That's good news as far as it goes - and taken at face value, it suggests
that Defender has been - perfectly correctly - finding nothing. If your
internet activities are careful, and given that you have SpywareBlaster and
Spybot's immunisation, then it's perfectly reasonable that you haven't picked
up any spyware. I've never had any either, on my machine.
I have just uninstalled Windows Defender
Click to expand...

I think you may now have created a kind of hole in the layering of your
defences. Although SpywareBlaster and Spybot's immunisation will give you
passive protection, and I believe Winpatrol monitors your system for changes
(I haven't used it myself so I'm not familiar with it), I think you're now
missing the antispyware equivalent of AVG's resident shield - that is, a
signature-based real-time scanner for antispyware. (I hope someone will
correct me if I'm wrong, here.) That doesn't sound like a good idea to me,
unless you're going to pay for the real-time protection of AVG Antispyware,
or SuperAntispyware Pro.

But if you're not, then the question is: what harm was Defender doing? It's
light on resources. You said yourself it wasn't troubling you. Why dispense
with its real-time protection, just because it hasn't found anything - when
quite probably there was simply nothing to find?

If you'd scanned with other programs and found genuine spyware (as opposed
to false positives) that Defender had missed, then that of course would be a
different matter, and another story.
 
But if you're not, then the question is: what harm was Defender doing?
It's
light on resources. You said yourself it wasn't troubling you. Why
dispense
with its real-time protection, just because it hasn't found anything -
when
quite probably there was simply nothing to find?
Click to expand...

Windows Defender wasn't doing any harm, but as far as I could tell from
the 2.5 years I had it installed on my PC's, it wasn't doing anything useful
either. The failure of Defender to detect the Eicar.com test file was the
last straw.

Also, I like to keep my PC as lean and light as possible....within safe
boundaries, of course.
 
Dave M said:
You missed this:
"protecting your system from spyware in real-time" (although Defender
will pick EICAR up from a scan as well.)

"Your AV solution (that you should be running *IN ADDITION* to Windows
Defender) will also pick it up."
Click to expand...

I told AVG to ignore the eicar.com file, so it wasn't deleted. I
received no alerts from Defender regarding eicar.com. Finally, I ran two
Quick-Scans with Defender, and it did not detect anything. Even though the
eicar.com file was on my XP desktop, and then on the 2nd scan I moved it to
the Startup folder. No threats found. Win-Patrol came to the rescue and
alerted me to the new Startup entry and (with my permission), deleted the
eicar.com file.
Copy it to memory from the EICAR.org site.
Disconnect from the internet
Shut off or disable your real-time AV
Paste it into a new.txt file in your startup folder and save it.
Turn your AV back on after the WD detection
Reconnect to the internet
Click to expand...

I've since uninstalled WD so I can't try this, but I appreciate the
help anyway.
 
Alan is right
you need something in realtime other than an antivirus program to protect
you from malware/spyware and anything else AVG might miss.

I use AVG antivirus and in realtime I use WD and either Superantispyware or
AVG antispyware. AVG antispyware works a bit better in Vista that
Superantispyware now only because it has a problem with the standard user
and the UCP in vista and it asks for permission to update in the
administrator side but in XP it doesn't have this problem.
Superantispyware is working on this issue to fix this in Vista.
Both programs work well on XP.
Superantispyware Pro gives you life time updates after the first yr when
you renew and AVG Antispyware Pro gives a 1 yr subscription for the same
price. (if you pay I believe $10 more it will give you a 2yr subscriton.
Both give you a 30 day trial.
Actually if you purchase Superantispyware through me, I can get it for
$19.95 instead of $29.95 with lifetime updates but you would have to email
me for the link and what to do., but I still suggest you trial it first. I
will not put the link in here.

Both of them work nicely with WD even though WD is in realtime.

Which one do I favor? I actually like them both and have them both.
depending on the computer. Every computer has its own "shtick" so you might
find one works better for you than the other- it is trial and error,
basically.
I have put AVG antispyware on computers that it did not play nice and others
it did with no problems at all.
Same with Superantispyware, that is why i try them out.

I favor Superantispyware for xp only because it grabbed stuff that none of
the others found.
You basically need to see which one works better on your computer.
Just so you know if you go for AVG antispyware you can turn it into a manual
program by taking out the option to boot on startup (right click on the
residential shield and you will see this) once the trial period is over.
superantispyware you need to either get the free version if you do not want
the residential shield or get the pro-trial it for 30days then uninstall it
and get the free version.
AVG antispyware can be picked up here:

http://www1.grisoft.com/doc/products-avg-anti-spyware-freecnv/us/crp/0?lcpd=12m
click on Download for the trial

SUPERantispyware here:
http://www.superantispyware.com/

Good luck and let us know how it worked for you

robin
 
also, for everyone else, I do not make any money on superantispyware.
Because i do seminars on Vista and antispyware programs especially AVG
antispyware & Superantispyware, nick was gracious enough to give me this
link (and no i do not make any commisssion or anything on his product). I
am just trying to save you all a bit of money.
Anyone will tell you here I do not promote a product unless I have tested
it, used it and feel it is worthy enough.
I am a distributor for AVG products but i make a big $4.00 per product in
commission, which will definetly not make me rich! and only if you get it
through my website when you purchase it.

robin

wrote in message
 
robinb said:
Alan is right
you need something in realtime other than an antivirus program to protect
you from malware/spyware and anything else AVG might miss.
Click to expand...

Well, I still have WinPatrol keeping an eye on things. It is far more
pro-active and alert than Windows Defender ever was, at least on my PC.

Plus I update and run weekly scans using Spybot S&D, Ad-Aware SE. I
also keep SpywareBlaster updated.
 
All I can say is that's very bizarre. I just got through running some
tests with it and Defender alerted me both in real time and during a quick
scan. Win-Patrol alerts too, but after the Defender real-time alert. I
even tried to dummy down the application by accepting the default actions
and also turning off SpyNet membership, same thing. The only effect that
seems to matter is unchecking real-time protection, but even then the quick
scan catches it when I run a scan afterward.

I know your competent in this area, and you're in here somewhat regularly,
so I don't think you'd ignore updates for over six months, which is how
long that EICAR signature has been in the updates. All I can conclude is
that your copy of Defender must have been corrupted.

A real-time Defender detection results in a red popup asking what you want
to do about that file. The on-demand quick scan detection results in a red
alert bar at the top of the scan activity page. I'm not going to suggest
that everyone test this out immediately, but I'm at a loss as to why it
wouldn't work in your case.
 
History Fan said:
Windows Defender wasn't doing any harm, but as far as I could tell from
the 2.5 years I had it installed on my PC's, it wasn't doing anything useful
either. The failure of Defender to detect the Eicar.com test file was the
last straw.
Click to expand...

There are two separate issues here. The failure of the eicar test is a
serious problem - but as Dave points out, it almost certainly means that your
particular installation of Defender was corrupted. Defender, operating
correctly, should detect it, as you would be able to check by reinstalling it.

Laying that aside, however, and assuming that you did have a properly
working Defender installed, what would it take to persuade you that it was
doing something useful? If, because of your safe practices, you're not
getting exposed to any malware, what should Defender do except remain silent?
If you want it to keep reminding you that it's there, just tick the two
'notify me of changes' boxes under 'Options' (as I do). I get lots of little
popups from Defender telling me about every system change I make - all
completely useless of course, but it reassures me that if if a change was
made by malware, then it would be detected. (I presume this is why you find
Winpatrol reassuring?)

I use AdAware and Spybot myself, but also a range of other scanners. When
you've seen SuperAntispyware remove infections from a computer that were
completely ignored by both Defender and Spybot (not on my machine, but
someone else's), it does drive home the limitations of some of these programs.
 
I just got through running some tests with it and Defender alerted me both
in real time and during a quick scan. Win-Patrol alerts too, but after
the Defender real-time alert.
Click to expand...

Was this a one-off experiment, or do you have both Winpatrol and Defender
running as a matter of course, Dave? Would you recommend that?
 
but as Dave points out, it almost certainly means that your
particular installation of Defender was corrupted. Defender, operating
correctly, should detect it, as you would be able to check by reinstalling
it.
Click to expand...

Well, maybe so, but I've installed and re-installed Windows Defender
several times on my two PC's over the years, and its behavior has always
been the same. Maybe something on my two Dell computers is messing it up.

After WD has finished installing for the first time, a small window
appears from the systray announcing it will check for updates. The message
disappears. I can tell from the lights on my DSL modem that something is
downloading. Another small window pops up from the systray, announcing WD
is fully updated with new definitions and engine upgrades. The message
disappears, and from that moment on, Windows Defender stops communicating
with me.

If I do a manual check for updates with Windows Defender, the program
does look, but I receive no pop-up message from Defender stating this. And
as I've mentioned, no other changes to my computer results in messages from
Defender. I've changed my IE home page, changed the HOSTS file, tried the
EICAR test, signed up for SpyNet advanced membership, no messages at all
from Defender. When I briefly signed up for Advanced SpyNet membership and
changed my IE home page, the WD icon changed to blue. That's all. Not much
of a notification.
 
If you want it to keep reminding you that it's there, just tick the two
'notify me of changes' boxes under 'Options' (as I do). I get lots of
little
popups from Defender telling me about every system change I make
Click to expand...

That option is enabled by default, isn't it? If so, I never changed
it. The only settings change I made to WD was to have the icon showing all
the time, and I changed the time of the auto-scan.
 
Back
Top