MSE monitors the file, registry, network and kernel mode actions taken by unknown programs to look for suspicious behaviorÂ according Microsoft. When a program initiates unexpected network connections, tries to modify privileged parts of the system, or downloads known malicious content, this triggers MSE to request updates from the Dynamic Signature Service.
Further, MSE uses the Microsoft SpyNet telemetry system to monitor the quality of definition updates. When users detect and remove malicious files, information on that is sent to Microsoft in real time, and that information is used to identify abnormal patterns and assess the potential impact of an incorrect or misbehaving signature.
If a false positive is detected, the Dynamic Signature Service fixes the signature in real time and prevents users from being affected, according to the company.
Despite this, MSE lacks the personal firewall, backup and PC tuning features offered in Windows Live OneCare, which it replaces. “Microsoft Security Essentials is a no-cost core antimalware service that provides real-time protection to address the ongoing security needs of a genuine Windows PC,” Microsoft spokesperson Mac Brown told TechNewsWorld.