Does Windows Defender Antivirus and Windows Defender Firewall keep my laptop 100% secure?

In regard of the latest new information, would you still trust that the system is clean from malware?

New laptop
Windows 11 S
Windows S mode on
OOBE
MS Defender or McAfee LiveSafe selected as the antivirus - I believe MS Defender was the selected AV from the start
Internet connection for a couple of minutes during OOBE setup

In Windows, internet connection for a couple of minutes, just to turn S mode off
After S mode was turned off - turned off the internet connection
While having internet connection:
Did not open any internet browsers
Did not visit any websites
Did not open any emails

14 days later
Turned on internet connection
Download one software from Microsoft Store
Turned off internet connection again
While having internet connection:
Did not open any internet browsers
Did not visit any websites
Did not open any emails

Internet connection has been permanent off since

30 days later of getting the laptop
Internet connection still turned off
Deep scan with MS Defender - clean

Thank you

Are you any more or less confident than you were on April 7, where you posted nearly the same thing, and said, "I feel confident my system is clean because of all your great answers?" It seems to me, after 60 posts, you're never going to take comfort in your PC being clean, no matter what anyone says.

pseymour said:

Are you any more or less confident than you were on April 7, where you posted nearly the same thing, and said, "I feel confident my system is clean because of all your great answers?" It seems to me, after 60 posts, you're never going to take comfort in your PC being clean, no matter what anyone says.

Click to expand...

I had hoped for some confirmation or directions for what else I could research to make sure my system is clean

Thank you

If the more serious contributors in this forum haven't met your criteria for providing a convincing argument, then next logical steps are:

1. Find a different forum community that you accept as more knowledgeable on security questions. For example, Wilders Security forum or SysNative.
2. Find input from a recognized Windows security researcher, who is a professional.
3. Do your own testing until you're satisfied with the results.

You're asking other folks to confirm a scenario which we can't reproduce. We know how to clean install Windows, we know how to enable S mode. We don't know how your specific PC was shipped from the factory, and what software or changes were applied there. McAfee is a 3rd-party app.

The only way to reproduce this is to order another new PC from your vendor, don't boot it up, but remove the system disk and mount it on another PC. Clone the untouched drive using a disk cloning tool as block-accurate copy, and perform a set of experiments on the cloned image until you're finally satisfied with the investigation. Reset the PC between tests, by restoring your disk from the cloned image.

This is what real security researchers do, they test things to find out what's actually true.

Many windows users feel that Windows Security is enough for a standalone antivirus/internet security suite.

Thank you for your great post

garlin said:

If the more serious contributors in this forum haven't met your criteria for providing a convincing argument, then next logical steps are:

Click to expand...

I take that as confirmation.

I was not sure, if the new added information would change all of your answers.

I thought maybe, the new details could change how all of you answered.

Thank you

The comments along the lines of "I scanned, my AV found nothing, I'm good" always makes me chuckle. If you had a blind security guard watching your house and the criminal was quiet enough would the guard know the bad actor got into your house? The meaning is malware can be very stealthy and employ anti-forensic, evasion and analysis techniques to bypass AV solutions.

I wish I could find the info-graphic that ranks top AV/EDR solutions by bypass/evade difficultly, Defender is near the bottom (mind you this is ranking top enterprise solutions such as Crowdstrike, SentinelOne etc)

I would also beat the point already made many times no AV/EDR is 100% effective which is why security teams in companies never just deploy AV/EDR, but instead deploy many many layers of defenses. Even then security isn't 100% but it becomes increasing difficult for threat actors to get into a network and meet their objectives without being blocked and/or triggering alerts and a CSIRT engaged to clean up the threat/breach

My long winded point is the more DIVERSE controls you have deployed the safer you will be.

If you're ok with just basic malware scanning abilities then Defender is probably fine, if you want more coverage then paid solutions will include additional controls such as

• In memory scanning (some malware never writes to disk and is harder to detect)
• Web content filtering (this will reduce the risk of spam and phishing)
• DNS filtering (help block 2nd, 3rd... Nth stage malware payloads, spam and phishing)
• Password manager (if you don't already use one) help you have unique passwords per site/application to prevent credential stuffing attacks

neemobeer said:

The comments along the lines of "I scanned, my AV found nothing, I'm good" always makes me chuckle. If you had a blind security guard watching your house and the criminal was quiet enough would the guard know the bad actor got into your house? The meaning is malware can be very stealthy and employ anti-forensic, evasion and analysis techniques to bypass AV solutions.

I wish I could find the info-graphic that ranks top AV/EDR solutions by bypass/evade difficultly, Defender is near the bottom (mind you this is ranking top enterprise solutions such as Crowdstrike, SentinelOne etc)

I would also beat the point already made many times no AV/EDR is 100% effective which is why security teams in companies never just deploy AV/EDR, but instead deploy many many layers of defenses. Even then security isn't 100% but it becomes increasing difficult for threat actors to get into a network and meet their objectives without being blocked and/or triggering alerts and a CSIRT engaged to clean up the threat/breach

My long winded point is the more DIVERSE controls you have deployed the safer you will be.

If you're ok with just basic malware scanning abilities then Defender is probably fine, if you want more coverage then paid solutions will include additional controls such as

Click to expand...

My concerns are regarding:
Overall malware from the internet
And
Some hacker trying to infect my system via Bluetooth or via the laptops wifi connection

I was looking at this test:

"The test-set used contained 10053 samples collected in the last few weeks."
-
Is it new malware or also old malware the test i made of?

For Defender (Microsoft) - its close to 100% for online functions. I think that is quite good.
But:
"users should be aware that merely being online does not necessarily mean that their product’s cloud service is reachable/working properly."
-
So if the cloud service is not connected, then its only the offline function, and that sits around 63%.
And then you are screwed?

neemobeer said:

• In memory scanning (some malware never writes to disk and is harder to detect)

Click to expand...

I have read several reports, that Defender does well against fileless malware.

neemobeer said:

• DNS filtering (help block 2nd, 3rd... Nth stage malware payloads, spam and phishing)

Click to expand...

On the laptop itself, or on the router?

------------------------------------------

But how would my laptop get infected with malware in my scenario?

New laptop
Windows 11 S
Windows S mode on
OOBE
MS Defender or McAfee LiveSafe selected as the antivirus - I believe MS Defender was the selected AV from the start
Internet connection for a couple of minutes during OOBE setup

After completing OOBE
In Windows, internet connection for a couple of minutes, just to turn S mode off
When S mode was turned off - turned off the wifi and internet connection
Did not open any internet browsers
Did not visit any websites
Did not open any emails

14 days later
Turned on wifi and internet connection for a couple of minutes
Download one software from Microsoft Store
Turned off wifi and internet connection again
Did not open any internet browsers
Did not visit any websites
Did not open any emails

Wifi and internet connection has been permanent off since.

The Bluetooth connection was shutdown shortly after completing OOBE.
Wifi connection was only active during above times.

The laptop only connected to the internet through cellular internet sharing with Iphone.
At no time was the laptop connected to a network.

I can't say how much the laptop was online during the factory / manufacturer proces.

Thank you

There's nothing except the power plug that will keep your system 100% secure.

Give it a rest man. 68 posts and counting. No software will guarantee 100% protection. You need a hat made of aluminium foil. Or aluminum if an American.

I put a lot more emphasis on my backup scheme, especially off-line backups. If a hacker is determined enough, even the NSA computers aren't 100% secure, so I prefer to make sure I have an easy recovery path in case of any major disaster befalling my computers.

kelper said:

Give it a rest man. 68 posts and counting. You need a hat made of aluminium foil. Or aluminum if an American.

Click to expand...

He's a psycho-spammer.