Well they call a LOT of things Defender now anything from email and azure specific alerting to EDR and DLP. It's all "Windows Defender ______". But I meant the consumer license AV.
But also even with the most basic win10, cloud submission (if privacy is no biggie) gets you EDR detections to a point but without the edr console and logs.
When I simulate attacks with defender on, I would spend a lot of time bypassing it but then as soon as I break opsec (e.g.: run whoami.exe) if cloud submission is on I basically burn that technique because the edr in their cloud blacklisted it but with that off I can last as long as I want so long as I don't execute things flagged as malware by the defender on the host (and even then, usually that thing gets blocked not my original technique which I can still reuse).
