I get to hear a lot of confusion between Windows Defender and Windows Defender ATP and people don’t often get the difference between the two,

lets understand the difference.

Windows Defender is an Anti malware / Anti Virus solution part of Windows 10 itself, it helps protect you from known malware/Viruses which has already been discovered and there is a definition available for it. So think of this like similar Anti Virus capability provided by known vendors like McAfee, Symantec etc.

Besides protecting you from known malware, Windows Defender also has inbuilt machine learning and heuristics to detect malware in realtime based on behaviour analysis. If you want to see a glimpse of what Defender AV can do in real time, watch this video below.

 

Windows Defender ATP on the other hand is an Endpoint detection and Response ( EDR) solution from Microsoft which enables identifying and detecting suspicious and malicious activities on the endpoint PCs and help you take remedial actions for containment.

So if there is a persistent attack scenario where attackers are doing initial recon and lateral movement activity to find out critical and high value assets for them to compromise, this activity gets detected in the Defender ATP console and helps organizations to confine it before the attackers are able to compromise your high value assets.

Here is a quick overview of Windows Defender ATP and some of the example activities of compromise it can help detect and remediate.

Defender ATP can run irrespective of the fact what Anti Malware you are using.

Hope that clears out the confusion.

Do subscribe to my channel on YouTube for more informative demos on InfoSec.

Cheers