Microsoft Windows Defender (Beta 2) helps provide real-time protection (914922)


The information in this article applies to:

  • Windows Defender (Beta 2)

Beta Information

This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location where you downloaded the release.

INTRODUCTION

Microsoft Windows Defender (Beta 2) helps provide real-time protection by implementing the following interfaces:
  • IShellExecuteHook
  • IAttachmentExecute
  • IOfficeAntiVirus
Windows Defender registers itself as a shell execute hook. Windows Defender can block known bad commands from passing through the shell execute chain before they are executed.

Windows Defender implements the IOfficeAntiVirus interface to scan Microsoft ActiveX controls that Internet Explorer installs. Additionally, the IAttachmentExecute interface calls the IOfficeAntiVirus interface after Windows Defender enables the Attachment Manager Group Policy object. The IAttachmentExecute interface calls the IOfficeAntiVirus interface at that time to request that antivirus providers scan attachments.

You can configure the IAttachment Execute Group Policy setting in the following ways.
Group PolicyRegistry entry
User Configuration\Administrative Templates\Windows Components\Attachment ManagerHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus
By default, the IAttachment Execute Group Policy setting is set to Off. The corresponding registry value of the ScanWithAntiVirus registry entry is 1. When the value is set to 2, the policy is set to On.

When you install Windows Defender, it enables the Attachment Manager policy. It enables this policy so that Windows Defender will scan files that you download by using Microsoft Internet Explorer or by using Microsoft Outlook Express before you open the files.

MORE INFORMATION

For more information about the ShellExecute interface, visit the following Microsoft Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/shell/reference/ifaces/ishellexecutehook/ishellexecutehook.asp

For more information about the IOfficeAntiVirus interface, visit the following Microsoft Web site:

http://msdn.microsoft.com/library/default.asp?url=/workshop/security/antivirus/reference/ifaces/iofficeantivirus/iofficeantivirus.asp

For more information about the IAttachmentExecute interface, visit the following Microsoft Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/shell/reference/ifaces/iattachmentexecute/iattachmentexecute.asp

Modification Type:MajorLast Reviewed:4/14/2006
Keywords:kbinfo KB914922 kbAudKnowledgeWorker
©2004 Microsoft Corporation. All rights reserved.