Anti-Virus Software for Windows

Success has been achieved for some systems using a combination of Clam Sentinel and Microsoft Security Essentials. For other systems, that combination has been known to bog things down substantially, and relying just on Microsoft Security Essentials has been known to work well.

Offerings using ClamAV signatures

This site's basic anti-malware page provides some reasons why signatures using ClamAV are recommended.

[#clamwin]: Using ClamWin

Using ClamWin with a real-time scanning option:

A guide for getting ClamWin, installing the software, configuring the software, and using ClamWin with a real-time scanning option. Details about Clam Sentinel are provided.

Immunet/ClamAV for Windows

For information, see ClamAV for Windows (a hyperlink which redirects to English page about Win32 versions )

ClamAV takes a cloud-based approach. Files/data/signatures may be uploaded to the Internet to help provide protection for others. This concept may not seem like something that increases the privacy of data, but the idea sounds sound: if people report problems then that information can spread very quickly.

To obtain the software, see: ClamAV download for Win32. For XP SP2, Vista SP1, 7.

ClamAV news from March 4th, 2010, on states, “At the moment, the ClamAV for Windows is solely based on Immunet's technology and therefore requires a connection to the Internet to function properly. Offline scanning will be added with integration of the upcoming ClamAV 0.96 scanning engine, the first build to natively support the Win32 platform in years.” ClamAV FAQ Win32 has stated, “Future versions of ClamAV for Windows will include a local copy of ClamAV that will be used for offline (no Internet connection) virus and malware scanning.”

Compaqring Immunet Free to Immunet Plus shows that the free varaition does not support (“Advanced”) “Offline Protection when not connected”, “Advanced Detection and Removal” (which lists some types of threats), and some other features.

Offerings from Microsoft
[#wndefmse]: Windows Defender, MSE, and more
Windows Defender

The name “Windows Defender” has been used by Microsoft as a name for different things.

Most recent usage
Upgrade to MSE

With Windows 8, “Windows Defender” is the name of anti-malware software by Microsoft. This program was essentially the upgrade from the previous software called “Microsoft Security Essentials”.

Since ][CyberPillar][ first documented the Microsoft Antimalware Engine after the release of MSE, the relevant documentation is (currently) in a section labelled “Microsoft Security Essentials”.

Windows Defender Offline

There was also an “offline” version, called “Windows Defender Offline”, that could be directly booted. So, with the normal Windows Defender, a copy of Microsoft Windows that was on the system's long term storage device (HDD or SSD), and then the computer runs Windows Defender from within that already-started version of Microsoft Windows. With “Windows Defender Offline”, this is not done, because the “Windows Defender Offline” gets booted directly.

Windows Defender Offline was software that could be booted from a CD images. Images could be made available for x86, and also available as an x64 version. Windows Defender Offline system requirements noted that the system that created the bootable CDs requried XP SP3 or newer, as did the system that was being cleaned.

Older uses of the name “Windows Defender”

For older software, the name “Windows Defender” was used for a software service which was simply a part of the “Microsoft Security Essentials” software product. Being used as a service of other Microsoft Anti-Malware software was probably the only way that the name “Windows Defender” was commonly seen on Windows Vista and Windows 7 machines. This “Microsoft Security Essentials” was available for Windows XP, Vista, and 7.


Even before the release of MSE, Microsoft released a downloadable piece of Anti-Spyware software called “Windows Defender”. That software was marketed as being Anti-Spyware, and was not intended to be a general anti-malware tool. The program was a newer version of older software called “Microsoft Antispyware”.

Instead of being a general anti-malware product, “Windows Defender” was just a program designed to help with the specific task of looking for programs that invaded privacy but generally did not try to perform other harmful activities. More severe threats were supposed to be handled by other software, because that task was not the intended purpose that Windows Defender was designed to handle. For quite a while (probably years), technicians were quite accurate in stating that Microsoft never intended “Windows Defender” to be used as a full-fledged anti-malware product.

Many people with less computer expertise thought Windows Defender was meant to be used as anti-virus software. That was a misunderstanding of the purpose that Windows Defender was designed to accomplish. When people demonstrated that misunderstanding, technicians who had sufficient expertise were quite right by telling people that was untrue. The “Windows Defender” name became widely known as software which was not sufficient for being general anti-malware software.

Notes about older software, including older operating systems

Wikipedia's page about “Windows Defender”: “General availability” section states, “On October 24, 2006, Microsoft released Windows Defender. It supports Windows XP and Windows Server 2003; however, unlike the betas, it does not run on Windows 2000.” Win2K was able to use a version of the program called “Windows Defender (Beta 2)”. This version of the software used a Windows service, allowing protection without requiring that a user is logged on. This version of the software also removed some functionality, so Microsoft AntiSpyware Beta 1 had some features that were missing from this version.

Users of Windows ME and Win9x might not have the ability to run the software named “Windows Defender”. However, Windows Defender is based on a program named “GIANT AntiSpyware” which did have Win9x releases.

[#mssecess]: Microsoft Security Essentials
Microsoft Security Essentials is an option that was made available for free to many people running Windows XP, Windows Vista, and Windows 7. With Windows 8, this same sort of technology is implemented in software named “Windows Defender&rdquo.
Microsoft Forefront
Microsoft Forefront is essentially a brand name applied to multiple products, such as Microsoft Forefront Client Security and Microsoft Forefront Protection for Exchange Server. Wikipedia's page on “Microsoft Forefront” lists Forefront components. Forefront Client Security pricing shows a portion of the cost of a network using Forefront Client Security.
[#msemet]: Microsoft's “EMET”

This is currently not a full guide to using EMET, but rather a pointer to some information.

Full product name
(“Enhanced Migration Experiece Toolkit” as of version 2, was “Enhanced Migration Evaluation Toolkit” with EMET 1)
What is EMET?
EMET 2 Pre-release announcement starts with “What is EMET?”
What has been done with EMET?
Microsoft Security Tool Mitigates Adobe Zero-Day Vulnerability is a short summary. Details on how EMET blocked an Adobe exploit.
Misc info
EMET release announcement
Other software by Microsoft
Microsoft Malicious Software Removal Tool, and other options for home users's Malware Removal page provided a hyperlink to a Redirection URL to a Download page for Microsoft Malicious Softare Removal Tool which stated, “This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.”

There was also an earlier tool called the “Mydoom, Zindos, and Doomjuice Worm Removal Tool”. (For instance, MS KB 836528: “Mydoom, Zindos, and Doomjuice Worm Removal Tool” documented this software.) Earlier versions of this software were simply called the “Mydoom Worm Removal Tool”. After gaining the ability to remove multiple worms, Microsoft sometimes used the older name “Mydoom Worm Removal Tool” (which can also be seen in the “Technical Updates” section of the MS KB 836528 that was just referenced), and Microsoft sometimes used the fuller name of “Mydoom, Zindos, and Doomjuice Worm Removal Tool”. Apparently someone decided that trying to list every piece of malware would eventually lead to even longer names, so Microsoft released a more generically named piece of software called the “Microsoft Malicious Software Removal Tool”.

The home page for the “Microsoft Safety Scanner” described the product as “a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.” The page went on to state, “Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.” This software was provided as one of the avaiable “Security resources” by Microsoft's “Security scans and software” page.

TOOGAM's Software Archive: Protection Software provides some additional options. At least some of that information is likely to be copied into this page (although that is, admittedly, a low priority task).

Microsoft KB Q913964 states “Windows Live OneCare is no longer available for sale”. This KB article contains a hyperlink to Microsoft's page about OneCare (within the “Security Essentials” section of Microsoft's website), which refers people to use Microsoft Security Essentials.

Additional choices

Additional details are likely to be added to this page. Until that happens, note that TOOGAM's Software Archive: Protection Software provides some additional options.

Winpooch Watchdog

At this time, Winpooch is considered to be obsolute. SourceForge project page for Winpooch Watchdog says, “THIS PROJECT HAS BEEN ABANDONED SINCE 2007, NO SUPPORT WILL BE PROVIDED.” And, later, “Winpooch is a watchdog for Windows (2000, XP, 2003, but only 32-bits).” That web page identified the software as using GPLv2.

A review on that page was pleased with this software, which “could provide this level of security in such small package: monitoring registry writes, file writes in selected folders, and network connections both incoming and outgoing, plus on-access antivirus features”.

As the author of this text understood things, this software monitors the system for disk usage. It can respond an action like software opening or closing a file, and can respond by performing a configurable action like an anti-virus scan. Perhaps some developer might benefit by checking out the source code, to see how this is done.


Some reviews have indicated that earlier versions of the software had rather weak detection rates, but that has since been improved over a period of years.

This license agreement “Comodo grants you a limited, non-exclusive, non-transferable, and revocable license to download, install, back-up, and use the Software and Services (collectively, the "Products") on (1) one personal computer unless otherwise indicated under a valid license granted by Comodo for the term that you have paid for”... (This quote came from software available in the year 2014.) By referencing “one personal computer”, that seems to rule out business use for the free version of its product.

Manual clean-up

See: tutorial on cleaning aystems, Mark Russinovich's technical blog @ TechNet: article on “Hunting Down and Killing Ransomware”.