How reliable is Windows 11 Defender "Full" scan?

[Fastfishy2]

I was trying to find a new wallpaper for my brand-new Asus TUF A15 laptop. Tried to go onto one of those (extremely annoying) wallpaper hosting sites and it kept asking me to tick a captcha and "allow notifications" which I (stupidly) did. The process kept looping so I gave up and got my wallpaper elsewhere.

Went and played half an hour of Cyberpunk and alt-tabbed out to check messages only to have my chrome notifications going off the hook with fake "VIRUS ALERT" notifications all up the sidebar. I immediately tried to go into my chrome settings to remove the culprit website's notification permissions but the popups were blocking my chrome settings area so I tried to click the "X" on one to make room.

Big mistake. It opened a new chrome tab trying to load some webpage. I closed the tab before it could even display anything, less than a second later.

Once I managed to revoke all permissions from the target webpage everything went away but I was still worried so I had windows defender do a full scan which took about 30 minutes as this laptop still only has a 512gb SSD at the moment. It found no threats.

My question is, how reliable is this? Should I be worried as long as the PC continues to behave normally?

 

[mtosev]

I would scan with malwarebytes and if it doesn't detect anything I would continue to use your computer normally.

 

[Onasi]

Should be fine, seems like just a malicious cookie/notifications permissions. Modern browsers are sandboxed, so now that you got rid of it this should not spread anywhere else in the system. If you are still worried, a scan with MalwareBytes or something would not be out of order.

 

[Fastfishy2]

Malwarebytes full scan found nothing. Phew.

 

[Dr. Dro]

Very reliable. Windows' built in antivirus is actually of a very high quality and consistently ranks around the top performing AV engines with high detection rates and low footprint, with few false positives. Malwarebytes is also a very good tool to have around and run every once in a while, I recommend it, too. Before clicking on a suspicious link, if you're really curious you can always copy and paste the URL onto VirusTotal and have it scan the place with all of its antivirus engines, I put TPU through it as an example for you to see how it works:

VirusTotal

VirusTotal

www.virustotal.com

My recommendation for a solid website for wallpapers which doesn't have any dodgy thing going on is Unsplash, it has lots of interesting pictures and no malware:

Beautiful Free Images & Pictures | Unsplash

Beautiful, free images and photos that you can download and use for any project. Better than any royalty free or stock photos.

unsplash.com

Hope it helps

 

[Bill_Bright]

Very reliable. Windows' built in antivirus is actually of a very high quality and consistently ranks around the top performing AV engines with high detection rates and low footprint, with few false positives.

Once again, I agree with Dr. Dro. Microsoft sure does not want the inevitable bad publicity that would come if it was not a reliable security solution. So they have put a lot of resources to ensure it is good. And note if not good, there would be 100s and 100s of millions Windows users out there infected - and that is NOT happening.

BTW, you really never need to run the "Full" (or even Quick) scan if you have been running Defender all along. This is because Defender is constantly scanning, in real time, everything coming in and everything running in the environment (in your RAM, OS and CPU) all the time, looking for known malicious code AS WELL AS suspicious activity from potentially unknown code. Also, Defender periodically runs additional scans to double check our drives.

So the only time one really needs to manually run any scans is just for user peace of mind. Or you might if you pickup a "new to you" computer, or wish to manually scan a "new to you" flash or external drive you wish to attach to your system.

Note this practice is the same with any decent real-time security solution, not just Defender. That is, since real-time scanning is always on, there should be no reason to manually scan.

I would scan with malwarebytes

I also agree with mtosev. Once again, for peace of mind, and regardless your primary security solution of choice, it is always wise to occasionally manually scan with a secondary scanner just to make sure the primary solution or you, the user and ALWAYS weakest link in security didn't let something slip in.

FTR, in the many years we've been using Defender on all our systems here, Malwarebytes has never found anything malicious Defender let in.

One more thing, since the user is ALWAYS the weakest link (any security can easily be thwarted if the user opens the door and invites the bad guy in) it is also essential the user avoids being "click-happy" on unsolicited links, downloads, attachments and popups.

it kept asking me to tick a captcha and "allow notifications"

Yeah, not good. Tick a captcha is fine. The site wants to make sure you are not bot. But IMO you should never, as in NEVER EVER allow notifications. If during install a program prompts to automatically check for updates or worse, download and install updates, do NOT allow that either.

 

[Konomi]

Windows built-in AV is "fine", generally speaking. It is much better than it was years ago, that's for sure. Third-party AV potentially can detect more, but also can be a performance hog. You definitely should be running an ad blocker as that'll prevent most instances of annoying crap. Also worth disabling app notifications at the OS level if you don't have any need for them (or at least just for select apps). Turning off "Continue running background apps" in Chrome is beneficial too.

 

[Fastfishy2]

Once again, I agree with Dr. Dro. Microsoft sure does not want the inevitable bad publicity that would come if it was not a reliable security solution. So they have put a lot of resources to ensure it is good. And note if not good, there would be 100s and 100s of millions Windows users out there infected - and that is NOT happening.

BTW, you really never need to run the "Full" (or even Quick) scan if you have been running Defender all along. This is because Defender is constantly scanning, in real time, everything coming in and everything running in the environment (in your RAM, OS and CPU) all the time, looking for known malicious code AS WELL AS suspicious activity from potentially unknown code. Also, Defender periodically runs additional scans to double check our drives.

So the only time one really needs to manually run any scans is just for user peace of mind. Or you might if you pickup a "new to you" computer, or wish to manually scan a "new to you" flash or external drive you wish to attach to your system.

Note this practice is the same with any decent real-time security solution, not just Defender. That is, since real-time scanning is always on, there should be no reason to manually scan.


I also agree with mtosev. Once again, for peace of mind, and regardless your primary security solution of choice, it is always wise to occasionally manually scan with a secondary scanner just to make sure the primary solution or you, the user and ALWAYS weakest link in security didn't let something slip in.

FTR, in the many years we've been using Defender on all our systems here, Malwarebytes has never found anything malicious Defender let in.

One more thing, since the user is ALWAYS the weakest link (any security can easily be thwarted if the user opens the door and invites the bad guy in) it is also essential the user avoids being "click-happy" on unsolicited links, downloads, attachments and popups.


Yeah, not good. Tick a captcha is fine. The site wants to make sure you are not bot. But IMO you should never, as in NEVER EVER allow notifications. If during install a program prompts to automatically check for updates or worse, download and install updates, do NOT allow that either.

Yeah honestly this incident is a bit embarrassing for me because I've always been one of those "best AV is common sense" types, learnt a lot downloading sketchy Minecraft mods back when I was in my early teens, never click links, etc. I think the problem here was it was masquerading as a captcha which I've never seen before. Lesson learned I guess.

 

[Bill_Bright]

I think the problem here was it was masquerading as a captcha which I've never seen before.

I was just reading about fake CAPTCHA scams this morning. Not good.

Watch out! Don't fall victim to these fake CAPTCHA scams on the web | PCWorld

 

[jaggerwild]

Never click links or give permission.

 

[thesmokingman]

Yeah honestly this incident is a bit embarrassing for me because I've always been one of those "best AV is common sense" types, learnt a lot downloading sketchy Minecraft mods back when I was in my early teens, never click links, etc. I think the problem here was it was masquerading as a captcha which I've never seen before. Lesson learned I guess.

Lumma is being used on those fake captchas so watch out.

 

[Fastfishy2]

Lumma is being used on those fake captchas so watch out.

How would I know if this has been done to me?

 

[Ruru]

MS's antivirus has been good since Security Essentials from the Win7 era. I trust it without any doubts.

 

[Fastfishy2]

Lumma is being used on those fake captchas so watch out.

Oh I just had a read, it relies on me copying something into my powershell commands area, which I never did nor was prompted to do. Should be safe on that one but I'll be more wary in future.

 

[mochongli]

Use 100%r0-AV like xrooma and CrowdStrike, which is the best for performance and security.

 

[_roman_]

I would scan with malwarebytes and if it doesn't detect anything I would continue to use your computer normally.

I'm in a similar boat recently. My car was broken and I was forced to test some weird software with unknown origin.
In my case, I did that on an e-waste laptop which was recently bought with windows 11 pro for 200€

Only way is

three times full wipe first all external storage which were connected and than all storage -> https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html
than windows reinstall

---

Windows defender does not find anything. Only a wipe of all storage for every bit three times gives a secure box.

You may think about offline backup strategy.

Chrome is problematic and i stopped using it because of certain features in past months. DNS over https, ublock, ... to name a few very high risks in my point of view to avoid google-chrome especially with the linux kernel and gnu userspace

I do download lots of files from c***e.de which is also infected with lots of ads via android smartphones and tablet. I doubt they check the ads before using them

You asked yourself, how reliable it is. If unsure wipe and reinstall with a really clean media.

 

[zenlessyank]

6/10. It's fine for most folks but in the end there are several things that need to be practiced. If you are worried about nasty bugs sneaking in use a virtual machine with Linux and clamwin to scan stuff before it gets to your Windows side. If you live in the dark side of the internet then proxy up and get you a copy of Kaspersky as it is a superior product but blocked in the USA. And never forget that no AV product can stop what it has never seen before so nothing is 100% safe. Fortunately American software is not back-doored so you can feel safe about that. Slash ess.

 

[Bill_Bright]

You recommend Kaspersky then sarcastically say American software is for not having back doors?

You understand Kaspersky has been banned or restricted in the US, Australia, the UK, Canada, Italy, and several other countries because of the backdoors and confirmed ties back to nefarious, "state-sponsored" foreign government secret services, right?

6/10 and "slass ess"? Nonsense! As you correctly noted, it is fine - closer to 9/10 - for the vast majority of users.

As for the rest of your comment (except for Kaspersky), it is true but applies to ALL security software, not just Defender. FTR, no product earns 10/10.

 

[zenlessyank]

You recommend Kaspersky then sarcastically say American software is for not having back doors?

You understand Kaspersky has been banned or restricted in the US, Australia, the UK, Canada, Italy, and several other countries because of the backdoors and confirmed ties back to nefarious, "state-sponsored" foreign government secret services, right?

6/10 and "slass ess"? Nonsense! As you correctly noted, it is fine - closer to 9/10 - for the vast majority of users.

As for the rest of your comment (except for Kaspersky), it is true but applies to ALL security software, not just Defender. FTR, no product earns 10/10.

The opinion of any government is irrelevant to me.

 

[Bill_Bright]

The opinion of any government is irrelevant to me.

As is yours to me. What I do care about is readers getting the facts and not biased opinions and FUD based on falsehoods.

 

[Thorfinnsson]

You recommend Kaspersky then sarcastically say American software is for not having back doors?

You understand Kaspersky has been banned or restricted in the US, Australia, the UK, Canada, Italy, and several other countries because of the backdoors and confirmed ties back to nefarious, "state-sponsored" foreign government secret services, right?

6/10 and "slass ess"? Nonsense! As you correctly noted, it is fine - closer to 9/10 - for the vast majority of users.

As for the rest of your comment (except for Kaspersky), it is true but applies to ALL security software, not just Defender. FTR, no product earns 10/10.

Kaspersky may well have backdoors, but they offered their entire source code to the US government:

https://thehill.com/policy/cybersecurity/340420-kaspersky-willing-to-turn-over-source-code-to-us-government/

USG didn't take him up on his offer.

I was a satisfied customer of Kaspersky and was not pleased when USG banned them.

Kaspersky habitually scored well in the tests by AV Comparatives:

https://www.av-comparatives.org/wp-content/uploads/2024/12/avc_sum_2024_levels.png

I still use Kaspersky on my personal system and use a foreign VPN connection to update definitions periodically, but obviously this isn't recommended or practical for most. Currently looking into Bitdefender.

 

[zenlessyank]

As is yours to me. What I do care about is readers getting the facts and not biased opinions and FUD based on falsehoods.

Everything I said is a fact. You are disillusioned. I've been in this racket for many decades and I KNOW what I say is true. I don't do rumors. I test for myself.

 

[Bill_Bright]

@Thorfinnsson - This thread is about Defender in W11. It is not the thread to discuss alternative security solutions, including Kaspersky - which has been discussed ad nauseum in other threads, over and over again.

But FTR, I did not and have never said Kaspersky was not an efficient security solution in terms of protecting users from malware. AFAIK, that has never been under debate. Also note the US is NOT, by far, the only government to ban or limit the use of Kaspersky.

Since you cited them, do note AV-Comparatives rates Defender on par with Kaspersky and most other popular solutions.

Everything I said is a fact. You are disillusioned. I've been in this racket for many decades

You can follow the link in my sig to see if my own 1/2 century of experience with IS/IT security might suggest I have some experience here. Note the ONLY thing I said about your claim that was false is your rating of 6/10 for Defender was nonsense.

Now again, the question was is Defender in W11 reliable, and the answer is, yes.

Moving on before the mods shut the thread down.

 

[Thorfinnsson]

@Thorfinnsson - This thread is about Defender in W11. It is not the thread to discuss alternative security solutions, including Kaspersky - which has been discussed ad nauseum in other threads, over and over again.

But FTR, I did not and have never said Kaspersky was not an efficient security solution in terms of protecting users from malware. AFAIK, that has never been under debate. Also note the US is NOT, by far, the only government to ban or limit the use of Kaspersky.

Since you cited them, do note AV-Comparatives rates Defender on par with Kaspersky and most other popular solutions.


You can follow the link in my sig to see if my own 1/2 century of experience with IS/IT security might suggest I have some experience here. Note the ONLY thing I said about your claim that was false is your rating of 6/10 for Defender was nonsense.

Now again, the question was is Defender in W11 reliable, and the answer is, yes.

Moving on before the mods shut the thread down.

I agree that the integrated Windows Defender solution is good.

As a new user it behooves me to tread lightly, but regardless of the original topic of this thread Kaspersky entered the discussion. It is not the only other piece of security software to do so either, as Malwarbytes also did so. You in turn specifically chose to engage zenlessyank about Kaspersky, suggesting an interest in discussing the product (or at least the governments that ban it).

I don't believe this is a forum for discussing politics, but suffice it to say I do not consider an IT product being banned by the United States government and a limited number of its allies to be any kind of evidence that said product is ineffective or malicious, particularly when the product originates in a country considered by the US government to be an adversary.

 

[io-waiter]

Take the opportunity to turn on core memory integration, run an sfc /scannow, I would also consider changing passwords on sites that might have session cookies in the browser ( do this from another device such as your phone).