BREAKING NEWS: Windows Defender Advanced Threat Protection (Windows Defender ATP) to include AI-driven automated investigation and remediation capabilities later this year.Learn more
How Microsoft antimalware products identify malware and unwanted software
Malware is the overarching category name for programs that are either classified as unwanted software or malicious software.
Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.
Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your PC.
We maintain a definition library of unwanted software. This library has a database of unwanted software files and settings. When our researchers identify new unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your PC and personal information.
You can participate in our worldwide network by submitting unwanted software for analysis. This network helps identify programs to add to our definition library.
New forms of unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.
Microsoft has created a worldwide network where you can submit unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.
If you believe you have been negatively affected by unwanted software, download and install Microsoft antimalware software. If the unwanted software persists, you can report the problem to Microsoft.
Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it:
Unwanted behavior: lack of choice
You must be notified about what is happening on your PC, including what a program does and whether it is active.
Software that exhibits lack of choice may:
Unwanted behaviors: lack of control
You must be able to control programs on your computer. You must be able to start, stop, and otherwise revoke authorization to a program.
Software that exhibits lack of control may:
Programs that change the user browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, and removal.
Unwanted behaviors: installation and removal
You must be able to start, stop, and otherwise revoke authorization to a program. Programs should obtain your consent before installing, and the program must provide a clear and straightforward way for you to install, uninstall, or disable it.
Software that exhibits a poor installation experience may:
Software that exhibits a poor removal experience may:
Unwanted behaviors: computer performance
You must be able to expect that the actions a system maintenance or optimization program takes towards system performance are actually beneficial. You should be able to maintain the overall quality of your computing experience.
Software that impairs computer performance may:
Programs that promote a product or service outside of their own program can interfere with your computing experience. You should have clear choice and control when installing programs that open advertisements.
The advertisements that are opened by these programs must:
The program that creates these advertisements must:
Advertisements shown to you must:
You want to maintain control over your information. You expect to determine how your information is collected, used, and shared with others.
Some types of programs can also have an impact on your privacy. These include, but are not limited to:
Note: Monitoring programs are not necessarily malicious. For example, parental controls can feature keystroke monitors, but these programs can pose a risk to your privacy if you don't expect or know about their presence.
Malicious software is the general name for programs that perform malicious actions on your PC. This can include stealing your personal information, locking your PC until you pay a ransom, using your PC to send spam, or downloading other malicious software.
Most software that we classify as malware falls into one of the following categories: