Kaspersky Lab has filed a complaint against Microsoft, alleging that the company blocks third-party antivirus software...
on Windows 10 and forces its users to rely on Windows Defender. How can users tell if there is an antivirus block on their Windows system, and what can they do to fix this?
Modern antimalware software has a long history of providing protection to endpoints that an operating system doesn't provide. Some users and enterprises have been using the same antimalware software to protect their endpoints for over 20 years -- they have a very entrenched user base.
At one point, antimalware software tools used undocumented or poorly documented features of Windows because it was the only functionality available to integrate into the local system. Likewise, some of the functionality abused by malware is legitimately used by people every day without issue; but when a malicious actor runs code or an executable on an endpoint, the security of the endpoint can be compromised.
This is where antimalware software tools come in, as they can monitor for potentially malicious behavior or signatures that the operating system doesn't protect against. Having a separate security monitor gives an additional layer of protection to an endpoint that is separate from the operating system.
Initially, Microsoft didn't provide this protection, and a robust ecosystem, such as Kaspersky, McAfee or Symantec, was used to fill this gap to protect users. At times, even the antimalware software itself was attacked, which prompted Microsoft to improve some of the integration methods of antivirus software.
Starting in Windows 8.1 in 2013, Microsoft functionality to protect antimalware software. As Microsoft has made changes to its operating system, independent antimalware vendors have updated their software to protect their customers and follow the Microsoft-defined integration requirements. Kaspersky pointed out how this could limit competition, and has pushed Microsoft to make changes to better work with independent antimalware software vendors.
Users can tell if their Windows system is causing an antivirus block by checking in the Windows Action Center security settings or by directly running the antimalware software console to see if Windows reports disabling the software. If Windows is blocking or disabling a user's preferred antimalware software, then he will need to ensure a recent version of the software is correctly installed, and that it integrates with the Windows guidance, including the use of Windows Action Center.
You may need to consult with your preferred antimalware vendor to determine if their software is supported on the most recent version of Windows. Likewise, Microsoft has a list of consumer antivirus software providers that may include your preferred vendor.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Microsoft Windows security
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading