Recommendations on 'Windows Defender security features' against other non-MS products

We have Windows 10 Pro and just got alerted on installing "Feature update to Windows 10, version 1709".  Reviewing "what's new" we noticed an area that says "Windows security features have been rebranded as Windows Defender security features".  

We don't use Windows Defender, never did since its inception to Windows.  Instead we use 3 products: Comodo Internet Security Premium (whch has Firewall and an Antivirus), Spy-Bot "Search & Destroy" and SUPERAntiSpyware.

With this new 1709 version "rebranded", should we consider uninstalling our security products and activate the rebranded Windows Defender security features?

Please advice
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Look, they renamed "windows firewall" to "windows defender firewall". The functionality remains the same, it just got renamed="rebranded".

What is new, is that the AV component of defender now offers ransomware protection called "controlled folder access", read

This is potentially a valuable feature. But whether it is enough to make you consider using defender now remains your choice.
btanExec ConsultantCommented:
Defender is actually Microsoft essential but rebranded as shared. It is still an AV by nature but with added featured shared earlier to defend against Ransomware. There is another worth mentioning on its exploit guard which include network protection.
It prevents employees from using any application to access malicious domains that may be hosting phishing scams or exploits on the Internet and expands the scope of SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources
As mentioned, it is best with Windows Defender Advanced Threat Protection - another enterprise level.

Really up to you as primarily it ia better to have one Enterprise AV and secondary one is morw of a validation check since it is not to conflict in the same machine for on access scan.

We use another Anti malware solution still more from management and device control perspective.
JohnBusiness Consultant (Owner)Commented:
If you use a different solution then do not worry about Defender - disable it.

But it IS different in V1709 in that it includes EMET which is itself a good security tool. EMET worked in V1607 and below and I had it running. Now I have uninstalled it and use Windows Defender including EMET functions on my own machines as top notch protection.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Defender now holds functions similar to EMET, but these need to be turned on and managed through GPOs.
JohnBusiness Consultant (Owner)Commented:
That would depend upon the environment and what you say may be true for large environments.  I have the functions running as default.
You think so? What did you configure, nothing apart from the defaults?
JohnBusiness Consultant (Owner)Commented:
Just left it as default and for the most part when I had EMET running I tried to use defaults as well
Look into what's configurable. You cannot compare your state now to what EMET gave you - it's all off.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
I wouldn't neglect a solution like Windows Defender so easily, it is not an anti-malware or antivirus solution, also the Windows O/S itself has numerous security features that get overlooked from many people because they don't wan't to invest time to adapt in new technologies and features.
Windows 10 (and previous versions) include several features that are also centrally managed by Group Policies:
1) Smartscreen : Checks your access to websites and downloaded files with an online service from Microsoft that rates their credibility, in order not to "phone home" regularly, the lists are cached and get expired periodically. This started for Internet Explorer and is an integral security feature in Windows 10. Edge, Internet Explorer and Windows Defender consult it before handing you over the result. You don't need "Advanced Threat Protection (ATP)" for it, ATP is another service that is available for Enterprise Clients in specific licensing schemes.
2) Windows Firewall: Since Windows XP SP3 we had in our hands a very good host Firewall Solution, It was a bit cumbersome to manage it via Group Policy but once you had things in place then you were rarely dealt with it, it was working great. Things have changed a lot when Windows Vista came and the firewall was created from scratch containing multiple profiles and easy IPSec implementation/management. Its core hasn't changed through the next versions so if you invest a little time to learn how to manage it, then it is the same from Windows Vista and forward. Did I mention that its Group Policy management is a breeze? You will be extremely amazed when you see the Firewall Part in the Group Policy Editor, it is the same as the Advanced Windows Firewall Interface. It saddens me a lot when -and I'm encountering it very often- I see the windows firewall turned off, just because the lazy technicians/admins don't want to invest a bit in learning something so valuable for the overall security of the system.
3) Windows Defender: It started as an anti-spyware solution which was purchased from another company (GIANT Antispyware software if I remember correctly), since then many people has been stuck into that notion, that all the instances of security software from Microsoft is only anti-malware. Dear folks, Microsoft has also acquired the antivirus software (RAv) from the company GeCAD and Sybari Software (notable for Microsoft Exchange Antivirus Software). These are not new purchases but somewhere in the middle of 2000 decade. The solution provided is antivirus, antimalware and has network inspection mechanisms too, since 2012 they provide cloud based features (see smartscreen) in order to validate the trustworthiness of the downloaded files from the internet.
The enterprise solution was named "System Center Endpoint Protection" and is managed by "System Center Configuration Manager" with all the features a centrally managed solution provides.
Starting in Windows 10, Defender has become standard on every desktop and free without any limitations for Small Office and Small Business clients (Security Essentials had a limitation of 10 endpoints), as a Windows Insider I have seen its evolution from its infancy and I must say that I don't need another solution on my machines. The latest additions of the previously named EMET are very welcome and the ransomware protection named "Controlled folder access" gives you a lot of peace of mind. Add also the capability to manage those options via Group Policy and you are in total control. However there is no separate enterprise product such as SCEP mentioned above, if you use Configuration Manager, you just have to create policies and push them to the clients, there is no binary setup or change, and you will start getting feed in your consoles in a matter of minutes/hours.

These are the basic security tools we have at hand and out of the box in Windows 10, there is also a handful or more of new features that need enterprise versions of Windows but can make a lot of difference security wise (credential guard,  windows defender application guard to name a few).

Managing 3 different products is not an easy task, Comodo, Spybot Search and Destroy and Super Antispyware are reputable and good but it is an overkill in my humble opinion in an enterprise environment, I would consider this scheme for very small and hand controllable situations but in enterprise it is not efficient.

Hope these will help clearing a bit the confusion.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Exploit guards does not have full suite of EMET 5.5 apparently
CERT specifically pointed to Control Flow Guard (CFG) protections lacking in Windows 10, which protect against application memory corruption vulnerabilities.

Microsoft is now pointing its customers who can't use Control Flow Guard toward using Windows Defender Exploit Guard (WDEG) instead.

Since Windows Defender Exploit Guard is becoming part of Windows Defender ATP product, organizations currently relying on EMET may have to look toward Windows 10 E5 plans to get the support that was previously offered by EMET.
Microsoft indicated it added "a new PowerShell module that converts existing EMET XML settings files into Windows 10 mitigation policies for WDEG [Windows Defender Exploit Guard]." The new PowerShell module, called "ProcessMitigations," is for organizations that have already customized their EMET policies and want to export them when they move to using Windows Defender Exploit Guard.
JohnBusiness Consultant (Owner)Commented:
On my machine (not Domain or governed by Domain GPO's) some Exploit protections are ON and some are OFF.

Control Flow Guard is ON, DEP is ON, Bottom-up ASLR (randomization) is ON, Force Randomization is OFF. SEHOP is ON, Heap Integrity is ON.

So Default on a non-Domain machine does indeed turn some settings ON but certainly not all settings.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
@ btan ATP is used to provide more insight when there is a breach or malware activity/outbreak and helps find out who did what. There are also plans to take remediation actions in coming updates (not saying version because it is an ever-evolving service).
The exploit protections are providing info to ATP via the ATP Service of Windows 10 but they aren't working because of it. You need a special subscription to enable ATP, it would be a crippled security measure for the O/S if they did that (MS).
So Exploit Protections do work standalone also without needing another service to govern them.
This information can be found in the relevant technet pages for Exploit Protection of Windows 10, you will see that it states for the detailed reporting the ATP subscription is needed.
JohnBusiness Consultant (Owner)Commented:
Thank you and good luck with your choice of A/V.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
Thank you! I hope you will succeed in your choices for endpoint security.
btanExec ConsultantCommented:
Thanks George for sharing. I knew about it which is why at Enterprise level, it is further more important to prevent and detect breachbas early as possible. It is a matter of "when" and not "if". Much appreciated your kind thoughts.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
You're welcome btan, thank you for your kind words!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.