@ -109,7 +109,7 @@ This feature is configured on a computer running Windows Server.
The **monitoring web services** are used by the MBAM Client and the websites to communicate to the database.
**Important**
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database.
title: Windows Defender Application Control Configurable Code Integrity and Virtualization-based security (Windows 10)
description: Microsoft Windows 10 has a feature set that consists of both hardware and software system integrity hardening capabilites that revolutionize the Windows operating system’s security.
title: Device Guard is the combination of Windows Defender Application Control and Virtualization-based security (Windows 10)
description: Device Guard consists of both hardware and software system integrity hardening capabilites that can be deployed separately or in combination.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
author: mdsakibMSFT
ms.date: 04/19/2018
ms.date: 08/23/2018
---
# Windows Defender Application Control Configurable Code Integrity and Virtualization-based security (aka Windows Defender Device Guard)
# Device Guard: Windows Defender Application Control Configurable Code Integrity and Virtualization-based security
[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-blog-mmpc) **consistently achieves high scores** from independent tests, displaying how it is a top choice in the antivirus market.
[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-docs-avreports) **consistently achieves high scores** from independent tests, displaying how it is a top choice in the antivirus market.
We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections.
In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/). In many cases, customers might not even know they were protected. That's because Windows Defender ATP's [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) detects and stops malware at first sight by using predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering/), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/), behavioral analysis, and other advanced technologies.
In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). In many cases, customers might not even know they were protected. That's because Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) detects and stops malware at first sight by using predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies.
> [!TIP]
> Learn why [most enterprises use Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
> Learn why [Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise?ocid=cx-docs-avreports).
<br></br><br></br>
## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test
**[Analysis of the latest AV-TEST results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)**
**[Analysis of the latest AV-TEST results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports)**
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the protection category which has two scores: real world testing and the AV-TEST reference set (known as "prevalent malware").
**Real-World testing** as defined by AV-TEST refers to protection against zero-day malware attacks, inclusive of web and email threats.
**Real-World testing** as defined by AV-TEST attempts to test protection against zero-day malware attacks, inclusive of web and email threats.
**Prevalent malware** as defined by AV-TEST refers to detection of widespread and prevalent malware discovered in the last four weeks.
Note: Microsoft sees a wider and broader set of threats beyond just what’s tested in the AV-TEST evaluation.
**Prevalent malware** as defined by AV-TEST attempts to test detection of widespread and prevalent malware discovered in the last four weeks.
The below scores are the results of AV-TEST's evaluations on **Windows Defender Antivirus**.
|Month (2018)|Real-World test score| Prevalent malware test score | AV-TEST report| Microsoft analysis|
March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)|
March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)|
## AV-Comparatives: Perfect protection rating of 100% in the latest test
AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions.
The **Real-World Protection Test (Enterprise)** as defined by AV-Comparatives evaluates the “real-world” protection capabilities with default settings. The goal is to find out whether the security software protects the computer by either hindering the malware from changing any systems or remediating all changes if any were made.
The **Real-World Protection Test (Enterprise)** as defined by AV-Comparatives attempts to evaluate the “real-world” protection capabilities with default settings. The goal is to find out whether the security software protects the computer by either hindering the malware from changing any systems or remediating all changes if any were made.
The **Malware Protection Test Enterprise** as defined by AV-Comparatives assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. It is only tested every *six months*.
The **Malware Protection Test Enterprise** as defined by AV-Comparatives attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. It is only tested every six months.
Note: Microsoft sees a wider and broader set of threats beyond just what’s tested in the AV-Comparatives evaluation.
The below scores are the results of AV-Comparatives tests on **Windows Defender Antivirus**. The scores are specifically for the ability to block malware.
The below scores are the results of AV-Comparatives tests on **Windows Defender Antivirus**. The scores represent the percentage of blocked malware.
|Month (2018)| Real-World test score| Malware test score (every 6 months)|
|---|---|---|
@ -76,18 +72,18 @@ The below scores are the results of AV-Comparatives tests on **Windows Defender
|June| 99.50%| N/A|
|July| 100.00%| N/A|
* [Real-World Protection Test (Enterprise) July 2018](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/)
* [Real-World Protection Test (Enterprise) February - June 2018](https://www.av-comparatives.org/tests/real-world-protection-test-february-june-2018/)
* [Malware Protection Test Enterprise March 2018](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/)
* [Real-World Protection Test (Enterprise) July 2018](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/) <sup>**Latest**</sup>|
## To what extent are tests representative of protection in the real world?
It is important to remember that the capabilities within [Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-blog-mmpc) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/) that are not factored into AV tests. Using these tests, customer can view one aspect of their security suite but can't assess the complete protection of all the security features.
It is important to remember that Microsoft sees a wider and broader set of threats beyond just what’s tested in the AV evaluations highlighted above. The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into AV tests. Using these tests, customer can view one aspect of their security suite but can't assess the complete protection of all the security features.
There are other technologies in nearly every endpoint security suite that address some of the latest and most sophisticated threats, but are not represented in AV tests. For example, the capabilities such as attack surface reduction and endpoint detection & response help prevent malware from getting onto devices in the first place.
There are other technologies in nearly every endpoint security suite not represented in AV tests that address some of the latest and most sophisticated threats. For example, the capabilities such as attack surface reduction and endpoint detection & response help prevent malware from getting onto devices in the first place.
Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection).
Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports).
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Joey Caparas