It has evolved into a full antivirus program, replacing Microsoft Security Essentials in Windows 8 or later versions.

The mobile version of Microsoft Defender also includes a feature to block access to corporate data if it detects a malicious app is installed.

The extension, once installed, will open the current tabs web page in Microsoft Edge with Application Guard enabled.

[21] Controlled Folder Access is a feature introduced with Windows 10 Fall Creators Update to protect a user's important files from the growing threat of ransomware.

The core engine was rewritten in C++, unlike the original GIANT-developed AntiSpyware, which was written in Visual Basic.

Also, since Beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the system even when a user is not logged on.

Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6, including HTTP cookies, web cache, and Windows Media Player playback history.

[36] Security agents which monitor the computer for malicious activities: The Advanced Tools section allows users to discover potential vulnerabilities with a series of Software Explorers.

[46] Users could still access original GUI by alternative methods,[47][48] until the 1803 update, which saw the UI removed altogether.

The company removed WDSC from the brand in the 1809 update, renaming it Windows Security Center (WSC).

[70] Microsoft Defender for Individuals is a stand-alone app that adds central management with visibility of family devices, as well as Identity Theft Monitoring (in supported regions[71]) to existing anti-malware features on Windows devices.

[72] All supported platforms share a common user interface, which is also accessible from a web browser through Microsoft's My Defender portal.

On May 5, 2017, Tavis Ormandy, a vulnerability researcher from Google, discovered a security vulnerability in the JavaScript analysis module (NScript) of Microsoft Antimalware Engine (MsMpEngine) that impacted Windows Defender, Microsoft Security Essentials and System Center Endpoint Protection.

Ars Technica commended Microsoft for its unprecedented patching speed and said that the disaster had been averted.

[73][74] During a December 2017 test of various anti-malware software carried out by AV-TEST on Windows 10, Windows Defender earned 6 out of 6 points in detection rate of various malware samples, earning its "AV-TEST Certified" seal.

[75] During a February 2018 "Real-World Protection Test" performed by AV-Comparatives, Windows Defender achieved a 100% detection rate of malicious URL samples, along with 3 false positive results.

[76] An AV-TEST test of Windows Defender in October 2019 demonstrated it provides excellent protection both against viruses and 0-day / malware attacks.

[82] Microsoft defender is configured by default to take up 50% of the system's CPU resources available by default, although this can be configured using Group Policy Editor along with limiting the process of MsmpEngine to use a Low Priority Process during a Realtime Scan and customizing scheduled scans.

[83][84] Recent Windows Versions also deeply integrated Microsoft Defender with the operating system using mechanisms like Early Boot Anti-Malware, Tamper Protection, etc., making it almost impossible to remove or uninstall.

Although these are useful to prevent malware from disabling or removing the antivirus itself, they also lead to frustration among users who utilize and seek 3rd party alternatives.