Unfortunately a very nasty thing is happening to me by activating the control with windows defender
By pure chance when it was introduced in sm windows defender I discovered a false positive.
This led me to investigate. I reactivated it with the latest version and found, by checking the .eml files in quarantine one by one, that:
1) windows defender identifies far more viruses than cyren and clamav. Many emls controlled through www.virustotal.com have this result.https://www.virustotal.com/gui/file/2888003d91b22ad1fe6c13637027c1a5022167f8480884ce19778ae950ee1150/detection
As you can see, it is not identified by cyren or clamav
So it's absolutely worth using windows defender
2) Unfortunately sometimes sm identifies a message as a virus through windows defender, but subsequently checking the .eml both with the window defender of the same server and using www.virustotal.com it does not contain viruses.
I opened various tickets, trying to reactivate windows defender in the various versions of sm, but they have not found solutions, thinking that the problem is related only to my installation.
I, on the other hand, believe that I am the only one who is doing a second check.
I reactivated windows defender 3 days ago with the latest version of sm, and of 52 viruses identified 1 false positive.
it is however too much, if it were a false positive of windows defender I would make a reason for it, but it is the combination of sm and windows defender that creates the false positive, so it must be understood why.
I invite you to do some random checks.
I repeat, at least 50% of the .eml files manually checked through www.virustotal.com have confirmed to me that windows defender identifies real viruses that would instead be not identified by clamav and cryen