Windows Defender Anti-Virus
Summary
Antivirus software can use various means to detect if an application malicious.
- Against a database of known threat acting software
- Run static analyzers on the software before being executed to see if there is any suspicious code which may be attempting to access resources or request unnecessary privileges to systems it does not claim to
- Simply block the installation because it is not signed, or signed incorrectly.
Windows Defender Antivirus Updated Defintiions
- Definition/Pattern updates are information about the new viruses or malware. These updates may be made available daily or even hourly.
- Scan engine/component updates - fix problems or make improvements to the scan software itself.
Activationg and deactivating Windos Defender Antivirus
Windows defender should only be disabled when a system has another malware protection service installed. If that service is installed it will take the place of Windows Defender.
You should not have more than one Defending service installed or you will run into issues.