With the Windows 10 Creators Update which was released back in April, Microsoft delivered an updated Windows Defender Antivirus client which will take advantage of cloud protection service. Whenever the Windows Defender Antivirus client detects suspicious files, it uploads them to the cloud protection service for rapid analysis. The cloud protection service will return information whether the uploaded files are safe or malicious within milliseconds by using cloud-based machine learning models and Microsoft Intelligent Security Graph. Microsoft today highlighted that Windows Defender Antivirus client can detect and remove a never-before-seen malware in just 8 seconds by using cloud protection service.
When a customer clicks a malware program, Windows Defender AV client will scan the file using on-box rules and definitions. If it had not encountered the file before, Windows Defender AV will temporarily prevent the file from running. After that, it will request Windows Defender AV cloud protection service for more information on that particular file. Within milliseconds, the cloud protection service will return an initial assessment. If needed, it will instruct the AV client to send a sample. During this period, the file will continue to be in locked state. By default, the client will wait for up to 10 seconds to get information back from the cloud protection service before allowing the file to run. By using a multi-class machine learning classifier, cloud protection service will identify the file as malicious and sends the information back to client. Based on this info, Windows Defender AV client will apply the cloud signature and quarantine the malware. All this process will be done within 8 seconds!
The best part about Windows Defender AV and its cloud protection service is that it is free. Given the importance around security these days, Microsoft has enabled cloud-based protection by default in Windows Defender AV. You confirm whether it is enabled on your PC, go to the Windows Defender Security Center. Then go to Settings > Virus & threat protection settings, and confirm that Cloud-based protection and Automatic sample submission are both turned On.