News

Windows 10 'Anniversary Update' Getting Malware Scanning

• By Kurt Mackie
• May 31, 2016

Microsoft's upcoming Windows 10 "anniversary update" release will include a new security feature called "limited periodic scanning."

The feature will be part of Microsoft's existing Windows Defender anti-malware service that's included with Windows 10 for consumer users, but it's principally designed to work on machines that use other anti-malware programs. It's conceived by Microsoft as being supplementary to those anti-malware programs.

"Limited Periodic Scanning is intended to offer an additional line of defense to your existing antivirus program's real-time protection," Microsoft's announcement last week explained.

Right now, the limited periodic scanning service isn't designed for use on domain-joined PCs used in organizations. It's just for consumers. However, Microsoft's announcement suggested that it could arrive sometime for its commercial customers:

At this time, Windows 10 Limited Periodic Scanning is intended for consumers. We are evaluating this feature for commercial customers, but Limited Periodic Scanning only applies to unmanaged devices for the Windows 10 Anniversary Update.

The new limited periodic scanning option will be something like a cross between Windows Defender and the Microsoft Safety Scanner solution that consumers typically turn to when they suspect their machines have malware. The main difference is that the limited periodic scanning service will be more direct than the Microsoft Safety Scanner, which requires a download. It also will automatically remove malware without user intervention, although users will get a notice to that effect. Maintenance times for running will be determined automatically by the Windows Automatic Management service, based on user inactivity.

The limited periodic scanning feature is currently available for preview as part of last week's Windows Insider build of Windows 10, with rollout planned for the summer.

In other security news, Microsoft announced that a "new type of ransomware that exhibits worm-like behavior" has been seen. The ransomware, labeled "Ransom:Win32/ZCryptor.A" by Microsoft, blocks user access to their machine's files.

ZCryptor gets spread through spam e-mail messages, macros and fake program installers. Anti-malware solutions, including Windows Defender, can detect it. Microsoft also recommends turning on the Microsoft Active Protection Service, which reports "suspicious queries" that may indicate malware. Other security measures to take were described in Microsoft's announcement.