Resolved Defender nags

I have disabled all automatic updating because I find it too intrusive under Win 10 and I prefer to be the one in control. I don't care if my Defender database is out of date. I schedule my updates when it suits me.

At the same time, I don't want to completely disable Defender. I just want it to quit nagging me. Is there any way to permanently disable the constant notifications that the anti-virus and spyware databases need updating? I have turned off all notifications and real-time protection but I still get the nags. I just want to stop them from popping up.

 

If you turn everything back on again and allow it to catch up, you should rarely ever get nagged - especially if you just let your computer go to sleep when you are no longer using it. Then updates will be installed while you sleep, to include any reboots that may be needed. I cannot remember the last time Windows Update intruded on me and I am on my computers at least 5 hours every day.

Also understand there are 1.5+ billion Windows users out there, and over 300 million W10 users and most use Windows Defender (because it is very effective) and nearly all let Windows Update do it thing. And the vast majority, by a very wide margin, never have problems. I have 5 W10 systems in this house and all have WU enabled. The worst that happened to me is my nearly 7 year old notebook failed to update once and that was quickly cleared by a simple reboot. The point is, Microsoft has spent a lot of resources refining Windows Update in W10 to make it work right while minimizing intruding on users. Yes, occasionally, some folks have problems, but those really are very few and far between. But any time anything happens involving Microsoft, the MS bashers and IT press blow it way out of proportion with loud, sensationalized, fear-mongering headlines so it always sounds much worse than it really is.

Malware does not wait until users are ready to update Windows and their security software signature/definition files. So we really should care if our databases are out of date.

To answer your question, I don't know how to permanently disable notifications without disabling WD - and that would be a huge mistake. Switching to a different anti-malware program would make your issue even worse, IMO, because not only would you still have Windows updates via WU, but then your security app would be yelling at you too. At least with WD, it is all done through WU.

I understand your desire to be in control. As a long time computer tech, I am the same way. But W10 is not XP. And because of the bad guys (not Microsoft), it is paramount our computers stay updated. It is also critical to remember that the user is ALWAYS the weakest link in security. So I really do recommend just letting Windows do it. I would not make that recommendation if I didn't do it myself.

 

Hi Bill,

Thanks for the thoughtful reply. Unfortunately, my experience is different. I have previously done what you suggest but I still start getting nagged for constant virus and spyware updates within a day or two and that is what I am objecting to.

Windows constantly makes inflexible assumptions about user behaviour and they never seem to apply to me. I don't have my whole life on a single machine. I use different computers for different things. My little notebook is the only computer with Win 10 on it. I use it for occasional, specific things and for safety and economic reasons I don't leave it or anything else turned on 24/7. Whenever I do want to use it I get constant update interruptions and I have actually lost work on more than one occasion because of this (Windows update, not Defender). So I disabled the update service and that fixed it nicely. When I feel like it and get around to it, I re-enable the service briefly to catch up. That puts me in charge, not Windows, and I like it that way.

My broadband connection is rural wireless and depending on how congested it is, my bandwidth and speed vary considerable. If I am trying to stream a video, which is already hard enough, I don't need Windows suddenly deciding it wants to update something in the background. Microsoft never seems to think of this sort of thing but it is a real issue for me.

Because I use different computers for different things, I am not obsessed with security. It is unlikely anything nefarious will slip through between my chosen update times, but if it does, I am happy to accept that risk. The thing is, I want to be the one to make that choice, not Windows.

To return to my question, I know how to disable Defender but I don't want to have to, I just want to turn off the nags. I have been informed that the database is out of date, I have that information, I don't need the constant reminders. I will do it when I get around to it. Now if I can just get the darned thing to shut up.

 

That makes no sense to me. I don't get such notices so I suspect it is WU or System Settings > Notifications setting. That said, WD signature files are updated almost daily, often more than once a day. I note there is something like 30,000 new malicious software detected every single day so frequent updates make sense. I do have a fast cable connection and I never shut down my systems. I just let it all happen in the background and so far I have not regretted letting go of that hands-on control.

So again, I am afraid I don't know how to stop these notices. I think it is assumed if you run security apps, you want to keep them updated. And frankly, I think that is the right assumption. Better to err on the side of safety than not.

 

If you install other anti-virus Windows 10 will disable the Defender. At least it should.

 

OK, thanks for the information.

 

What Edition of W10 are you running?

 

Right, but as I noted above, then you will have yet another program nagging you for updates, not just Windows Update. If I'm going to be nagged, I would much rather it be from one direction than from all sides.

 

Some other antivirus programs will allow you to turn the nagging little ol bitties off. It is a well known fact that Windows Defender is not as effective as other virus programs. I personally learned this in the first couple of months 10 came out I was too trusting of Defender. I also won't rely on Malwarbytes, It won't catch a fly! Everybody has a different experience and the bottom line is nobody is safe now even with the best known virus protection.

 

But that's like saying a Toyota Camry is a not as good a car as a Lexus. The Camry is still an excellent and safe car. And don't need to drive around in an Abrams Tank to be safe.

The big issue is the intended purpose. Microsoft announced some time ago it will stop coding WD to score well on comparison tests. Instead, it will code WD to thwart "current" threats and it does that well. And regardless your primary anti-malware solution of choice, users should still have a secondary scanner just to verify nothing snuck by the first. I disagree with your assessment of MBAM (but that's for another discussion). My point is I use MBAM as my secondary scanner and ever since W7 and Microsoft Security Essentials (MSE) - the precursor to WD, MBAM has never found anything that MSE or WD let by.

In any case, an alternative scanner may let you disable update notifications. But IMO, disabling them is unwise. As I noted above, the user is ALWAYS the weakest link in security. And one of the user's top priorities in the discipline of "practicing safe computing" is keeping our computers current and our security programs updated.

As I note in my sig, Freedom Is Not Free! That does not mean freedom costs money. It means we have to give up some of our freedoms and conveniences to remain free. That's the way it is with computer security. We have to give some (a decent size chunk, actually) of our system resources and time, as well as some convenience to remain free from the assaults and violations the bad guys strive 24/7/365 to inflict on us. Sad for sure, but true.

 

I agree with your summations Bill. I personally have had no problems with MSE or Defender or MBAM in the few years I have used them. FWIW, I have 6 W10 comps in total running very successfully with Defender and set to Auto update. I do not ever get "nags" or interference during use of my comps as the updates will finalize on Shutdown and Restart. You can always see what's happening or needed by opening the Notification icon and doing it in your own time. Unless the message requires immediate attention, I leave it till I have a spare moment. I respect the Thread Starters attitude, but it's not my way as I think it's much better to keep Security up to date. The "bad guys" are getting shrewder and more astute every day I want to keep them away from my comps.

 

My OS version is 1511. I think there are different issues and perspectives here. I don't know enough about the inner workings of Win 10 to be able to say why it rudely broke into what I was doing on three different occasions and dumped lengthy forum replies I had just spent a great deal of time and thought on, but this did in fact happen. It happened because Windows chose to start an update process at precisely the moment I pressed the send button and my work disappeared into a black hole from which there was no recovery. After the third time I was fed up and I completely disabled the update service. In typical Windows fashion turning it off wasn't enough to stop it from getting in my face so I went into the Services and disabled it once and for all. Problem solved. When I feel like updating and it suits my schedule rather than what Windows wants, I turn the service back on briefly and do it manually. This works fine for me. It wouldn't work for everyone, but I find it vastly preferable to the options Windows wants to allow me.

I agree that security is important. I just don't feel it as as overwhelmingly, end-of-the-world important for my purposes as it might be for someone else. I only have Win 10 on my notebook. I only turn the notebook on when I am using it. I only use it for checking email and posts on some forums I am already a member of. Because of my Internet connection and the way I have my computer set up, I would quickly notice any unusual activity so I am unlike to become part of a botnet on this machine. I don't feel a need for constant, state of the art protection. An occasional scan with Malwarebytes is enough. I still would prefer to have Defender or something like it operating in the background, but not if it nags me all the time, which has been my experience until now. Whatever its other virtues, I think it is silly that the nags cannot be turned off after the first notification. That is just irritating and unnecessary. It also takes no account of the different ways people use their computers. For example there is nothing on my notebook that would make it worthwhile for any bad guy to devote time and resources to invading. No credit card info, no bank or other financial stuff, very little useful ID information, just a few easy to break passwords to a few unimportant forums. Nothing sensitive in the emails and nothing else that can be monitised. There are are better targets than me. And if I get hit by a random attack, restoring from a backup is not particularly difficult. I just don't need or want all the cast iron security. I am not a particularly fearful person. On my scale, I choose more freedom and am glad to have less security. Not no security, but it doesn't have to be state-of-the-art ironclad nothing ever gets through security. As pointed out above, it is a trade-off. I just want to have the flexibility to set my slider a little lower.

 

Actually you don't have to disable Update Services, just go to Settings\Network & Internet\Wifi\Advanced Options and turn on Metered connection. This will stop any updating.

 

Sorry, but I feel you really just don't understand security. I've been supporting IT hardware, computer and network security professionally for over 40 years and I would never assume I am more clever than the bad guys or that there's nothing on my system they would not be interested in. It is often they could care less what's on the computer, they just want control of it so they can use it to distribute spam, malware or participate in DDoS attacks.

You should not assume you would notice their actions. Many of the clever bad guys don't take over a system then start sending 1000s of spam emails or log on attempts. Their goal is to go unnoticed. They send out dribbles at a time so you won't notice any drop in computer or network performance. They don't need your machine to send out bunches of data because they have bunches of compromised systems. And you would never notice this unless you were actively "sniffing" out your network traffic with a packet analyzer AND knew what you were looking at.

It is not about cast iron security, or even having more or less security. As I said above, we don't need a Abrams Tank. What we need is CURRENT security and OS and that is what you either fail to understand, fail to accept, or both.

Your problem is self-induced! Because you apparently don't use your computer on a daily basis and you totally shut it down between sessions, it cannot stay current. So it is always behind and then gets further behind as you use it because you won't let it get current.

This is not a more freedom thing either. If anything, you are exposing yourself to less freedom.

The problem is, your lack of practicing safe computing discipline is not just a threat to you. If it was then I would say, "no big deal! It's your life!" But compromised systems are used to attack the rest of us.

Sorry, but because of the bad guys, and because I know you are not smarter than many of them, I am not buying your rationale one bit.

 

I did that initially but it didn't stop the interruptions, which is why I had to take more extreme measures.

 

You may be right. I hope you are not but I don't presume to think I am smarter than you or the bad guys. However, I still see it differently. I want a system that works for me the way I need it to and if what I am doing breaks something, then Microsoft needs to come up with a better way of doing things that doesn't make it necessary for people like me to do these kinds of things in the first place. I have no problem at all with the way Windows 7 security works. I can tweak it to suit my preferences and it stays out of my way. For some reason, Microsoft decided it needed to reduce user choice with Windows 10 and force updates on users and constantly nag them about it. Mainly for that reason, I have only allowed Windows 10 on one of my computers. For all of the others, I prefer to stick with Windows 7.

I think this is an interesting debate but I am going to mark it as solved because the issue I raised has been dealt with. Thanks again to all for the useful comments.

 

You may very well be smarter than me. Many people are though most don't have my years of experience actually supporting IT hardware and security networks as my career (as seen via the link in my signature) since I was 19 (now 64). But I have no doubts there are bad guys that are way more smarter than all of us. They are expert, professional "con-artists" of the highest caliper. Master manipulators in the art of socially engineered methods of malware distribution.

But that is not the point. The point is all about "timing ". You can be the smartest, most disciplined IT person in the world and have the best security setup for your computer and your network. But if your timing is off just once, just a little, that's all it takes for an opportunistic bad guy to sneak in.

The chances of that happening may be low, but the potential losses are huge - and again, not just for the user of a computer, but many others too (perhaps starting with all the user's email "Contacts ").

Certainly, if you are the only user of your computers, and you are unwavering in your disciplined of NOT being what I call "click-happy" on unsolicited pop-ups (you can't block them all), downloads, attachments or links, that significantly improves your security posture. But if there are other users, they probably are not as disciplined.

It is important to remember that computer and network security may be "proactive ", it is still "reactionary ". It is a defensive strategy. It is all about blocking access to "known" vulnerabilities, "exploits" and weaknesses. And with and estimated 40 - 50 million lines of code in Windows, the odds are high there are still many still unknown (to the good guys anyway ) vulnerabilities waiting to be exploited. New ones, often zero-day exploits, are being discovered all the time.

And of course, it is not just the OS to worry about. Other apps are exploited all the time, including 3rd party browsers, add-ons, and more. So it is critical to keep those current too. I recommend everyone subscribe to Department of Homeland Security's US-CERT Cyber Security Bulletin Vulnerability Summaries.

The reason is simple. They got tired being blamed for the security mess they were NOT responsible for.

[Rant On]

When XP was being developed, the big corporations (Microsoft's biggest client base) insisted XP support insecure, legacy hardware and software from the DOS era so the corporations would not have to make HUGE investments retooling and reprogramming their IS/IT systems (again). This forced Microsoft to put legacy support above security.

At the same time, Microsoft wanted to put AV code in XP but Norton, McAfee, CA, TrendMicro, etc. whined and cried "monopoly" to Congress and the EU claiming it was their job to rid the world of malware, and that Microsoft was trying to rule the world. They were, but not the point. All Congress and the EU heard was the word "monopoly ", then ordered MS to remove the code or risk being broken up in several smaller companies.

We see how well Norton, McAfee and the gang did. They failed miserably and the bad guys with their viruses, worms, Trojans, rootkits, spam and other malicious code flourished. And there should be no surprise in that because Norton, McAfee and the gang have "ZERO" incentive whatsoever to rid the world of malware! That would put them out of business. In fact, those "security" (choke, cough cough) companies depend on and thrive on the success of the bad guys!

But who got blamed for the security mess? The bad guys? Nope! Norton and McAfee? Nope! Users for failing to keep their systems updated and secured? Nope! Congress and the EU? Nope? Microsoft did - for the next 10 years straight - and blamed relentlessly by MS bashers and the biased IT press seeking sensationalized head lines.

So Microsoft, tired of being blamed, decided they would much rather get blamed for taking some flexibility out of Windows than for all security mess they were not responsible for.

And I don't blame them! In fact, I applaud them because it makes me, my kids and my grandkids safer.

Have you noticed how Congress and the EU have been mum about Microsoft including "FREE" antimalware code in W8 and W10? Have you noticed how Norton, McAfee and the other security companies don't dare go whining and crying to Congress and the EU that Microsoft is encroaching in their territory again? Its because they know they blew it and don't want all that bad press. They could have significantly nipped the malware issue in the bud 15 years ago before broadband to the home use exploded and the bad guys pounced unhindered.

Note the big telecommunication carriers (and ISPs) get some of the blame too. Way back then, they could have implement measures to block malware (including bandwidth hogging spam) "at the source ". Instead, they would much rather sell companies more profitable, bigger pipes forcing the companies, and in turn, us consumers to block it ourselves with those oh-so effective and expensive Norton, McAfee, and their gang's software.

Windows 10 is the safest Windows yet. That's reason enough alone to upgrade to it.

[Rant Off]

***
Yes, a very good and civil debate. Thanks for making it so!

 

Wow! Thanks very much for all the explanation. That is a lot I didn't know and it is very interesting. I wasn't aware of most of the history. It puts things into context and makes them much more sensible.

If it helps at all, I am not completely oblivious to the need for security. I do update regularly, just not as regularly as MS would like, and I run regular manual scans with Malwarebytes and Defender. So far nothing has ever come up. I am the only user of my computers and I never click on anything unknown or untrusted. I use popmail and have HTML turned off and I never click on attachments without isolating them first. I also preview headers before opening full posts and on the rare occasions I do receive something from an unknown sender (I almost never get spam) I check the contents with my hex editor before opening. I also have packet sniffers on my main computers. I cannot always tell at a glance exactly what the traffic is, but I can see where it is going and I can certainly see if something is happening when the system should be idle.

Thanks again. I appreciate your trouble and I'm sure others here will benefit as well.

 

Well explained Bill. As rikki stated

As I have stated a few times previously, I tried the name AV guys and found their "nags" way over the top and since I've used MSE and now Defender, I am more than happy with the smooth operation of my comps. It stands to reason that MS would endeavour to secure their OS's and keep their users satisfied and happy.

 

Yep! Part of my problem with the "name AV guys" is their hounding users to "upgrade" to their paid versions - most of which are too expensive to start, then force users into a recurring fee scenario all to get extra features the vast majority of users don't need.

And what I find disgusting is their scare and intimidation tactics (especially after those free trial offers with new computers) they use in an attempt to convince users they WILL become infected if they let those subscriptions expire.

Exactly.