Kaspersky Lab has filed a complaint against Microsoft, alleging that the company blocks third-party antivirus software...
on Windows 10 and forces its users to rely on Windows Defender. How can users tell if there is an antivirus block on their Windows system, and what can they do to fix this?
Modern antimalware software has a long history of providing protection to endpoints that an operating system doesn't provide. Some users and enterprises have been using the same antimalware software to protect their endpoints for over 20 years -- they have a very entrenched user base.
At one point, antimalware software tools used undocumented or poorly documented features of Windows because it was the only functionality available to integrate into the local system. Likewise, some of the functionality abused by malware is legitimately used by people every day without issue; but when a malicious actor runs code or an executable on an endpoint, the security of the endpoint can be compromised.
This is where antimalware software tools come in, as they can monitor for potentially malicious behavior or signatures that the operating system doesn't protect against. Having a separate security monitor gives an additional layer of protection to an endpoint that is separate from the operating system.
Initially, Microsoft didn't provide this protection, and a robust ecosystem, such as Kaspersky, McAfee or Symantec, was used to fill this gap to protect users. At times, even the antimalware software itself was attacked, which prompted Microsoft to improve some of the integration methods of antivirus software.
Starting in Windows 8.1 in 2013, Microsoft introduced functionality to protect antimalware software. As Microsoft has made changes to its operating system, independent antimalware vendors have updated their software to protect their customers and follow the Microsoft-defined integration requirements. Kaspersky pointed out how this could limit competition, and has pushed Microsoft to make changes to better work with independent antimalware software vendors.
Users can tell if their Windows system is causing an antivirus block by checking in the Windows Action Center security settings or by directly running the antimalware software console to see if Windows reports disabling the software. If Windows is blocking or disabling a user's preferred antimalware software, then he will need to ensure a recent version of the software is correctly installed, and that it integrates with the Windows guidance, including the use of Windows Action Center.
You may need to consult with your preferred antimalware vendor to determine if their software is supported on the most recent version of Windows. Likewise, Microsoft has a list of consumer antivirus software providers that may include your preferred vendor.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Microsoft Windows security
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.