The
Windows Defender Antivirus from Windows 10 has a couple of excellent protection features, some of which are misunderstood. Two of them are named
Cloud-delivered protection and
Automatic sample submission, and they work in tandem. With their help, you get efficient protection against unknown threats that have not yet been discovered on other computers. If you are considering disabling them, or you want to know what they do to decide whether to keep them enabled, read this article:
NOTE: The features shared in this article were first introduced in Windows 10 with
Anniversary Update. However, some things have changed with the latest updates, and we updated the article accordingly.
What is Cloud-delivered protection in Windows 10?
According to Microsoft,
"approximately 96% of all malware files detected and blocked by Windows Defender Antivirus are observed only once on a single computer, demonstrating the polymorphic and targeted nature of modern attacks, and the fragmented state of the threat landscape. Hence, blocking malware at first sight is a critical protection capability."
The cloud-delivered protection feature from Windows 10 enables
Windows Defender Antivirus to block most new, never-before-seen threats at first sight. When
Windows Defender Antivirus needs additional intelligence to verify the intent of a suspicious file, it sends some metadata to the cloud protection service created by Microsoft, which can determine whether the file is safe or malicious within milliseconds.
When the
Windows Defender Antivirus cloud-delivered protection service is unable to reach a conclusive verdict, it can request the potential malware sample for further inspection. If
Automatic sample submission is enabled,
Windows Defender Antivirus uploads the suspicious files that it finds to the cloud protection service, for rapid analysis. While waiting for a verdict,
Windows Defender Antivirus maintains a lock on those files, preventing possible malicious behavior. The
Windows Defender Antivirus then takes action based on the decision received from the cloud-delivered protection service. For example, if the cloud protection service determines a file as malicious, it blocks the file from running, providing instant protection. By default,
Windows Defender Antivirus is set to wait for up to 10 seconds to hear back from the cloud protection service before letting suspicious files run.
Therefore, if you want the cloud-delivered protection to operate at full potential, the automatic sample submission feature of
Windows Defender Antivirus should also be turned on.
If you want to learn more details about this topic, we recommend reading
Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware.
Step 1. Open the Windows Security app
To enable or disable the cloud-delivered protection and automatic sample submission features of
Windows Defender Antivirus, the first thing you have to do is to
open the Windows Security app. One easy way to do that is to click or tap on the
Windows Security shortcut from the
Start Menu, in the list of apps.
Step 2. Open the Virus & threat protection settings
In the
Windows Security app, click or tap
Virus & threat protection.
Scroll down until you find the section called
"Virus & threat protection settings." In it, you should see a link called
"Manage settings." Click or tap on it.
Step 3. Enable or disable Cloud-delivered protection and Automatic sample submission
In the list of "
Virus & threat protection settings," you find different switches that you can use to turn on and off the various protection features of
Windows Defender Antivirus.
The
"Cloud-delivered protection" should be turned on by default because it
"provides increased and faster protection with access to the latest protection data in the cloud." It also states that it
"works best with Automatic sample submission turned on," which sends samples of suspicious files to Microsoft without prompting you to do so. If you do not want
Windows Defender Antivirus to communicate with Microsoft's cloud-based infrastructure, and never receive and send data from it, set the switches for
Cloud-delivered protection and for
Automatic sample submission to Off.
After you do that,
Windows Security says that
"Cloud-delivered protection is off. Your device may be vulnerable," and that
"Automatical sample submission is off. Your device may be vulnerable." Both statements are correct, and we do not recommend disabling these features, as they lower the effectiveness of the antivirus protection that you get in Windows 10.
NOTE: If you want to find more details about what information is sent to Microsoft and how it is used, click or tap the
"Privacy Statement" link found at the bottom of the list with settings.
Did you disable the Cloud-delivered protection and Automatic sample submission?
We hope that this guide has helped you better understand these protection features included in Windows 10, and
Windows Defender Antivirus. Before closing, tell us whether you decided to disable
Cloud-delivered protection and
Automatic sample submission or whether you kept them turned on. Comment below and let's discuss.
Discussion (2)
how enable cloud-based protection when show the comment and didn’t able t o on cloud based protection. the comment is “cloud based protection is off. your device may be vulnerable”.
any solution?
I can’t enable cloud based protection and automatic sample submission in windows defender hence it affect on Action center which is also not enable in taskbar in Windows 1 Pro… Help me…