Does Windows Defender Antivirus and Windows Defender Firewall keep my laptop 100% secure?

In regard of the latest new information, would you still trust that the system is clean from malware?

New laptop
Windows 11 S
Windows S mode on
OOBE
MS Defender or McAfee LiveSafe selected as the antivirus - I believe MS Defender was the selected AV from the start
Internet connection for a couple of minutes during OOBE setup

In Windows, internet connection for a couple of minutes, just to turn S mode off
After S mode was turned off - turned off the internet connection
While having internet connection:
Did not open any internet browsers
Did not visit any websites
Did not open any emails

14 days later
Turned on internet connection
Download one software from Microsoft Store
Turned off internet connection again
While having internet connection:
Did not open any internet browsers
Did not visit any websites
Did not open any emails

Internet connection has been permanent off since

30 days later of getting the laptop
Internet connection still turned off
Deep scan with MS Defender - clean

Thank you

Are you any more or less confident than you were on April 7, where you posted nearly the same thing, and said, "I feel confident my system is clean because of all your great answers?" It seems to me, after 60 posts, you're never going to take comfort in your PC being clean, no matter what anyone says.

pseymour said:

Are you any more or less confident than you were on April 7, where you posted nearly the same thing, and said, "I feel confident my system is clean because of all your great answers?" It seems to me, after 60 posts, you're never going to take comfort in your PC being clean, no matter what anyone says.

Click to expand...

I had hoped for some confirmation or directions for what else I could research to make sure my system is clean

Thank you

If the more serious contributors in this forum haven't met your criteria for providing a convincing argument, then next logical steps are:

1. Find a different forum community that you accept as more knowledgeable on security questions. For example, Wilders Security forum or SysNative.
2. Find input from a recognized Windows security researcher, who is a professional.
3. Do your own testing until you're satisfied with the results.

You're asking other folks to confirm a scenario which we can't reproduce. We know how to clean install Windows, we know how to enable S mode. We don't know how your specific PC was shipped from the factory, and what software or changes were applied there. McAfee is a 3rd-party app.

The only way to reproduce this is to order another new PC from your vendor, don't boot it up, but remove the system disk and mount it on another PC. Clone the untouched drive using a disk cloning tool as block-accurate copy, and perform a set of experiments on the cloned image until you're finally satisfied with the investigation. Reset the PC between tests, by restoring your disk from the cloned image.

This is what real security researchers do, they test things to find out what's actually true.

Many windows users feel that Windows Security is enough for a standalone antivirus/internet security suite.

Thank you for your great post

garlin said:

If the more serious contributors in this forum haven't met your criteria for providing a convincing argument, then next logical steps are:

Click to expand...

I take that as confirmation.

I was not sure, if the new added information would change all of your answers.

I thought maybe, the new details could change how all of you answered.

Thank you

The comments along the lines of "I scanned, my AV found nothing, I'm good" always makes me chuckle. If you had a blind security guard watching your house and the criminal was quiet enough would the guard know the bad actor got into your house? The meaning is malware can be very stealthy and employ anti-forensic, evasion and analysis techniques to bypass AV solutions.

I wish I could find the info-graphic that ranks top AV/EDR solutions by bypass/evade difficultly, Defender is near the bottom (mind you this is ranking top enterprise solutions such as Crowdstrike, SentinelOne etc)

I would also beat the point already made many times no AV/EDR is 100% effective which is why security teams in companies never just deploy AV/EDR, but instead deploy many many layers of defenses. Even then security isn't 100% but it becomes increasing difficult for threat actors to get into a network and meet their objectives without setting being blocked and/or triggering alerts and a CSIRT engaged to clean up the threat/breach

My long winded point is the more DIVERSE controls you have deployed the safer you will be.

If you're ok with just basic malware scanning abilities then Defender is probably fine, if you want more coverage then paid solutions will include additional controls such as

• In memory scanning (some malware never writes to disk and is harder to detect)
• We content filtering (this will reduce the risk of spam and phishing)
• DNS filtering (help block 2nd, 3rd... Nth stage malware payloads, spam and phishing)
• Password manager (if you don't already use one) help you have unique passwords per site/application to prevent credential stuffing attacks