Windows 10中的Windows Defender 防病毒软件(Windows Defender Antivirus)具有几个出色的保护功能,其中一些被误解了。其中两个名为Cloud-delivered protection和Automatic sample submission,它们协同工作。在他们的帮助下,您可以有效地抵御尚未在其他计算机上发现的未知威胁。如果您正在考虑禁用它们,或者您想知道它们如何决定是否保持启用它们,请阅读这篇文章:
注意:(NOTE:)本文中共享的功能最初是在带有周年更新的(Anniversary Update)Windows 10中引入的。但是,随着最新更新,有些事情发生了变化,我们相应地更新了文章。
什么是Windows 10中的云提供的保护?
根据微软的说法,"approximately 96% of all malware files detected and blocked by Windows Defender Antivirus are observed only once on a single computer, demonstrating the polymorphic and targeted nature of modern attacks, and the fragmented state of the threat landscape. Hence, blocking malware at first sight is a critical protection capability."
Windows 10的云提供的保护功能(protection feature)使Windows Defender 防病毒软件(Windows Defender Antivirus)能够在第一时间阻止大多数新的、前所未有的威胁。当Windows Defender Antivirus需要额外的智能来验证可疑文件的意图时,它会向(Windows Defender Antivirus)Microsoft创建的云保护服务(cloud protection service)发送一些元数据,该服务可以在几毫秒内确定文件是安全的还是恶意的。
当Windows Defender 防病毒(Windows Defender Antivirus)云提供的保护服务(protection service)无法得出结论性结论时,它可以请求潜在的恶意软件样本(malware sample)进行进一步检查。如果启用了自动样本提交, (Automatic sample submission)Windows Defender 防病毒(Windows Defender Antivirus)会将它发现的可疑文件上传到云保护服务(cloud protection service),以进行快速分析。在等待判决时,Windows Defender 防病毒软件(Windows Defender Antivirus)会锁定这些文件,防止可能的恶意行为。然后,Windows Defender 防病毒根据从云提供的(Windows Defender Antivirus)保护服务(protection service)收到的决定采取行动. 例如,如果云保护服务(cloud protection service)确定文件为恶意文件,它会阻止文件运行,从而提供即时保护。默认情况下,Windows Defender 防病毒软件(Windows Defender Antivirus)设置为等待最多 10 秒,以便在允许可疑文件运行之前收到云保护服务的回复。(cloud protection service)
因此,如果您希望云提供的保护发挥最大潜力,还应打开Windows Defender 防病毒软件(Windows Defender Antivirus)的自动样本提交功能。(sample submission feature)
如果您想了解有关此主题的更多详细信息,我们建议您阅读Windows Defender 防病毒云保护服务:针对前所未见的恶意软件的高级实时防御(Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware)。
步骤 1(Step 1)。打开Windows 安全应用(Windows Security app)
要启用或禁用Windows Defender Antivirus(Windows Defender Antivirus)的云交付保护和自动样本提交(sample submission)功能,您要做的第一件事就是打开Windows 安全应用程序(Windows Security app)。一种简单的方法是单击或点击应用程序列表中“开始”菜单中的(Start Menu)Windows 安全(Windows Security)快捷方式。
步骤 2(Step 2)。打开病毒和威胁防护设置(Virus & threat protection settings)
在Windows 安全(Windows Security)应用中,单击或点击病毒和威胁防护(Virus & threat protection)。
向下滚动(Scroll),直到找到名为“病毒和威胁防护设置”的部分。("Virus & threat protection settings.")在其中,您应该会看到一个名为“管理设置”的链接。("Manage settings.")单击或点击它。
步骤 3(Step 3)。启用或禁用云交付保护和自动样本提交(protection and Automatic sample submission)
在“病毒和威胁防护设置(Virus & threat protection settings)”列表中,您可以找到可用于打开和关闭Windows Defender 防病毒软件(Windows Defender Antivirus)的各种保护功能的不同开关。
“云提供的保护”("Cloud-delivered protection")应默认打开,因为它“通过访问云中的最新保护数据提供更多和更快的保护”。("provides increased and faster protection with access to the latest protection data in the cloud.")它还声明它“在启用自动样本提交的情况下效果最佳”("works best with Automatic sample submission turned on,"),它将可疑文件的样本发送给Microsoft,而不会提示您这样做。如果您不希望Windows Defender 防病毒软件(Windows Defender Antivirus)与Microsoft的基于云的基础架构进行通信,并且从不从中接收和发送数据,请将云提供的保护(Cloud-delivered protection)和自动样本提交(Automatic sample submission)的开关设置为关闭。
执行此操作后,Windows 安全(Windows Security)中心会提示“云提供的保护已关闭。您的设备可能易受攻击”("Cloud-delivered protection is off. Your device may be vulnerable,"),并且“自动样本提交已关闭。您的设备可能易受攻击。” ("Automatical sample submission is off. Your device may be vulnerable.")两种说法都是正确的,我们不建议禁用这些功能,因为它们会降低您在Windows 10中获得的(Windows 10)防病毒保护(antivirus protection)的有效性。
注意:(NOTE:)如果您想了解有关发送给Microsoft的信息及其使用方式的更多详细信息,请单击或点击设置列表底部的“隐私声明”链接。("Privacy Statement")
您(Did)是否禁用了云提供的保护和自动样本提交(protection and Automatic sample submission)?
我们希望本指南能够帮助您更好地了解Windows 10和Windows Defender 防病毒软件(Windows Defender Antivirus)中包含的这些保护功能。在关闭之前,请告诉我们您是否决定禁用云提供的保护(Cloud-delivered protection)和自动样本提交(Automatic sample submission),或者您是否将它们保持打开状态。在下面发表评论(Comment),让我们讨论。
Should you disable the Cloud-delivered protection from Windows 10?
The Windows Defender Antivirus from Windows 10 has a couple of excellent protection features, some of which are misunderstood. Two of them are named Cloud-delivered protection and Automatic sample submission, and they work in tandem. With their help, you get efficient protection against unknown threats that have not yet been discovered on other computers. If you are considering disabling them, or you want to know what they do to decide whether to keep them enabled, read this article:
NOTE: The features shared in this article were first introduced in Windows 10 with Anniversary Update. However, some things have changed with the latest updates, and we updated the article accordingly.
What is Cloud-delivered protection in Windows 10?
According to Microsoft, "approximately 96% of all malware files detected and blocked by Windows Defender Antivirus are observed only once on a single computer, demonstrating the polymorphic and targeted nature of modern attacks, and the fragmented state of the threat landscape. Hence, blocking malware at first sight is a critical protection capability."
The cloud-delivered protection feature from Windows 10 enables Windows Defender Antivirus to block most new, never-before-seen threats at first sight. When Windows Defender Antivirus needs additional intelligence to verify the intent of a suspicious file, it sends some metadata to the cloud protection service created by Microsoft, which can determine whether the file is safe or malicious within milliseconds.
When the Windows Defender Antivirus cloud-delivered protection service is unable to reach a conclusive verdict, it can request the potential malware sample for further inspection. If Automatic sample submission is enabled, Windows Defender Antivirus uploads the suspicious files that it finds to the cloud protection service, for rapid analysis. While waiting for a verdict, Windows Defender Antivirus maintains a lock on those files, preventing possible malicious behavior. The Windows Defender Antivirus then takes action based on the decision received from the cloud-delivered protection service. For example, if the cloud protection service determines a file as malicious, it blocks the file from running, providing instant protection. By default, Windows Defender Antivirus is set to wait for up to 10 seconds to hear back from the cloud protection service before letting suspicious files run.
Therefore, if you want the cloud-delivered protection to operate at full potential, the automatic sample submission feature of Windows Defender Antivirus should also be turned on.
If you want to learn more details about this topic, we recommend reading Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware.
Step 1. Open the Windows Security app
To enable or disable the cloud-delivered protection and automatic sample submission features of Windows Defender Antivirus, the first thing you have to do is to open the Windows Security app. One easy way to do that is to click or tap on the Windows Security shortcut from the Start Menu, in the list of apps.
Step 2. Open the Virus & threat protection settings
In the Windows Security app, click or tap Virus & threat protection.
Scroll down until you find the section called "Virus & threat protection settings." In it, you should see a link called "Manage settings." Click or tap on it.
Step 3. Enable or disable Cloud-delivered protection and Automatic sample submission
In the list of "Virus & threat protection settings," you find different switches that you can use to turn on and off the various protection features of Windows Defender Antivirus.
The "Cloud-delivered protection" should be turned on by default because it "provides increased and faster protection with access to the latest protection data in the cloud." It also states that it "works best with Automatic sample submission turned on," which sends samples of suspicious files to Microsoft without prompting you to do so. If you do not want Windows Defender Antivirus to communicate with Microsoft's cloud-based infrastructure, and never receive and send data from it, set the switches for Cloud-delivered protection and for Automatic sample submission to Off.
After you do that, Windows Security says that "Cloud-delivered protection is off. Your device may be vulnerable," and that "Automatical sample submission is off. Your device may be vulnerable." Both statements are correct, and we do not recommend disabling these features, as they lower the effectiveness of the antivirus protection that you get in Windows 10.
NOTE: If you want to find more details about what information is sent to Microsoft and how it is used, click or tap the "Privacy Statement" link found at the bottom of the list with settings.
Did you disable the Cloud-delivered protection and Automatic sample submission?
We hope that this guide has helped you better understand these protection features included in Windows 10, and Windows Defender Antivirus. Before closing, tell us whether you decided to disable Cloud-delivered protection and Automatic sample submission or whether you kept them turned on. Comment below and let's discuss.