Microsoft Windows Defender helps provide real-time protection

Article translations Article translations
Article ID: 914922 - View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

Microsoft Windows Defender helps provide real-time protection by implementing the following interfaces:
  • IShellExecuteHook
  • IAttachmentExecute
  • IOfficeAntiVirus
Windows Defender registers itself as a shell execute hook. Windows Defender can block known bad commands from passing through the shell execute chain before they are executed.

Windows Defender implements the IOfficeAntiVirus interface to scan Microsoft ActiveX controls that Internet Explorer installs. Additionally, the IAttachmentExecute interface calls the IOfficeAntiVirus interface after Windows Defender enables the Attachment Manager Group Policy object. The IAttachmentExecute interface calls the IOfficeAntiVirus interface at that time to request that antivirus providers scan attachments.

You can configure the IAttachmentExecute Group Policy setting in the following ways.
Collapse this tableExpand this table
Group PolicyRegistry entry
User Configuration\Administrative Templates\Windows Components\Attachment ManagerHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus
By default, the IAttachmentExecute Group Policy setting is set to Off. The corresponding registry value of the ScanWithAntiVirus registry entry is 1. When the value is set to 2, the policy is set to On.

When you install Windows Defender, it enables the Attachment Manager policy. It enables this policy so that Windows Defender will scan files that you download by using Microsoft Internet Explorer or by using Microsoft Outlook Express before you open the files.

MORE INFORMATION

For more information about the IOfficeAntiVirus interface, visit the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/ms537369.aspx
For more information about the IAttachmentExecute interface, visit the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/bb776297.aspx
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 914922 - Last Review: July 1, 2010 - Revision: 4.0
APPLIES TO
  • Windows Defender
  • Microsoft Security Essentials
Keywords: 
kbdefenderrtwyes kbdefenderrtwswept kbinfo KB914922

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com