You might be more interested in IPS (intrusion prevention software) than
in malware detection. Prevx will interrupt a process that is making a
change WHILE it is making the change, not some 10 to 50 seconds *after*
the change as does Windows Defender (and, for example, also WinPatrol).
They interrupt the process from making the change until allowed (which
you can select to remember or not what action you selected) so the
change will NOT occur until you let it. PrevX also uses a database of
known bad and good software. If bad, obviously it alerts you. If good,
you can configure PrevX in its simpleton mode which means actions by
known good programs are allowed without prompts (there are more
interruptive levels but they can be a hassle to keep answering, and even
CGI scripts running on the server host within a browser session are
sometimes flagged as local programs wanting to make changes - it can get
confusing unless you understand a lot).
I used PrevX for a long time. They had the Home version which was free
for personal use but they no longer offer a personal version. Instead,
they offer a "research" version of their pro version (i.e., it's beta).
But, hey, you're using Windows Defender and that's still beta, too. I
found PrevX to be more immediate to catch an impending change (well, WD
and WinPatrol don't pend any changes but catch them late). It
introduced almost no lag in my system although a few users have
complained about occasional high CPU periods (I never had it happen).
It is not as configurable as I would like. For example, like a firewall
with rules for outbound connects from applications, Prevx has the same
function (it is not a firewall but does add the option to regulate which
apps can get connections). However, since Prevx is not a full firewall,
I prefer to use my own firewall and use the app rules that it provides,
but Prevx won't let me turn off its app rules so I end having to allow
or block the same app twice (unless it is a known good app which means
there is no prompting to let it connect if you are in the lowest
interruptive mode).
There are some quirks with Prevx 1R (the "research" version). Another
is that sometimes its tray icon disappears which provides the only means
of getting at its configuration manager window, and reloading the
program doesn't have it recognize that it is already loaded (its
processes are still running) and just show the manager window. The
protection continues but you lose the UI to the program until a reboot.
They have a forum that is monitored plus you can submit bug reports
using a form that is called from within the program.
I did have MSAS (before it became WD) and Prevx 1R running together
without conflicts. However, eventually I decided Prevx had better
coverage and behavior than MSAS. I still monitor this newsgroup
checking on changes to WD but I doubt that its behavior will change -
from polling for changes to interrupting and pending them until
allowed - because it would require a pardigm change to how WD operates
and lots of code changes (if not nearly having to dump the old codebase
and write new code). You could try both WD and Prevx to see which one
you like. Both are free for personal use and both (for me) worked
together okay. I decided on Prevx after awhile but WD is interesting,
too.
http://free.prevx.com/
As noted by another poster, there is no one perfect anti-malware
solution. You have to test a few to see which one(s) you like and also
decide how many you will use concurrently and how paranoid you are. The
user is the ultimate authority and also the ultimate weakness in
security.
