Should you disable the Cloud-delivered protection from Windows 10?

The Windows Defender Antivirus from Windows 10 has a couple of excellent protection features, some of which are misunderstood. Two of them are named Cloud-delivered protection and Automatic sample submission, and they work in tandem. With their help, you get efficient protection against unknown threats that have not yet been discovered on other computers. If you are considering disabling them, or you want to know what they do to decide whether to keep them enabled, read this article:

NOTE: The features shared in this article were first introduced in Windows 10 with Anniversary Update. However, some things have changed with the latest updates, and we updated the article accordingly.

What is Cloud-delivered protection in Windows 10?

According to Microsoft, "approximately 96% of all malware files detected and blocked by Windows Defender Antivirus are observed only once on a single computer, demonstrating the polymorphic and targeted nature of modern attacks, and the fragmented state of the threat landscape. Hence, blocking malware at first sight is a critical protection capability."

The cloud-delivered protection feature from Windows 10 enables Windows Defender Antivirus to block most new, never-before-seen threats at first sight. When Windows Defender Antivirus needs additional intelligence to verify the intent of a suspicious file, it sends some metadata to the cloud protection service created by Microsoft, which can determine whether the file is safe or malicious within milliseconds.

Cloud-delivered protection and Automatic sample submission

When the Windows Defender Antivirus cloud-delivered protection service is unable to reach a conclusive verdict, it can request the potential malware sample for further inspection. If Automatic sample submission is enabled, Windows Defender Antivirus uploads the suspicious files that it finds to the cloud protection service, for rapid analysis. While waiting for a verdict, Windows Defender Antivirus maintains a lock on those files, preventing possible malicious behavior. The Windows Defender Antivirus then takes action based on the decision received from the cloud-delivered protection service. For example, if the cloud protection service determines a file as malicious, it blocks the file from running, providing instant protection. By default, Windows Defender Antivirus is set to wait for up to 10 seconds to hear back from the cloud protection service before letting suspicious files run.

Source: Microsoft - How the cloud-delivered protection service works

Therefore, if you want the cloud-delivered protection to operate at full potential, the automatic sample submission feature of Windows Defender Antivirus should also be turned on.

If you want to learn more details about this topic, we recommend reading Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware.

Step 1. Open the Windows Security app

To enable or disable the cloud-delivered protection and automatic sample submission features of Windows Defender Antivirus, the first thing you have to do is to open the Windows Security app. One easy way to do that is to click or tap on the Windows Security shortcut from the Start Menu, in the list of apps.

The Windows Security shortcut from the Start Menu

Step 2. Open the Virus & threat protection settings

In the Windows Security app, click or tap Virus & threat protection.

The Virus & threat protection settings

Scroll down until you find the section called "Virus & threat protection settings." In it, you should see a link called "Manage settings." Click or tap on it.

The Manage settings link from Windows Security

Step 3. Enable or disable Cloud-delivered protection and Automatic sample submission

In the list of "Virus & threat protection settings," you find different switches that you can use to turn on and off the various protection features of Windows Defender Antivirus.

The switches for turning on and off Windows Defender Antivirus features

The "Cloud-delivered protection" should be turned on by default because it "provides increased and faster protection with access to the latest protection data in the cloud." It also states that it "works best with Automatic sample submission turned on," which sends samples of suspicious files to Microsoft without prompting you to do so. If you do not want Windows Defender Antivirus to communicate with Microsoft's cloud-based infrastructure, and never receive and send data from it, set the switches for Cloud-delivered protection and for Automatic sample submission to Off.

Disabling Cloud-delivered protection and Automatic sample submission

After you do that, Windows Security says that "Cloud-delivered protection is off. Your device may be vulnerable," and that "Automatical sample submission is off. Your device may be vulnerable." Both statements are correct, and we do not recommend disabling these features, as they lower the effectiveness of the antivirus protection that you get in Windows 10.

NOTE: If you want to find more details about what information is sent to Microsoft and how it is used, click or tap the "Privacy Statement" link found at the bottom of the list with settings.

The privacy settings from Windows Security

Did you disable the Cloud-delivered protection and Automatic sample submission?

We hope that this guide has helped you better understand these protection features included in Windows 10, and Windows Defender Antivirus. Before closing, tell us whether you decided to disable Cloud-delivered protection and Automatic sample submission or whether you kept them turned on. Comment below and let's discuss.

Discover: Security Programs System and Security Tutorials Windows
Join the discussion: See the comments Comment