Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and detection.

In a previous blog post, we looked at a real-world case study showing how Windows Defender Antivirus cloud protection service can save “patient zero” from new malware threats by leveraging next-gen security technologies. In that case study, a new Spora ransomware variant was analyzed and blocked within seconds using a deep neural network (DNN) machine learning classifier in the cloud.

In this blog post we’ll look at how additional automated analysis and machine learning models can further protect customers within minutes in rare cases where this initial classification is inconclusive. In Windows Defender AV’s layered approach to defense, if the first layer doesn’t detect a threat, we move on to the next level of inspection.

As we move down the layers, the amount of time required increases. However, we catch the vast majority of malware at the first (fastest) protection layers and only need to move on to a more sophisticated (but slower) level of inspection for rarer/more sophisticated threats. Read more from…

thumbnail courtesy of