This is part of a Windows Security course
Go to Courses Home Page
A computer with no security software at all is at risk from a variety of malicious threats, but one with Windows Defender running has increased security and can prevent many types of infections.
The security provided by Windows Defender in Windows 10 is good and with the Anniversary Update in summer 2016 it was made even better. The updated version offers improved security and new ways to remove malware from an infected computer.
Windows Defender is not perfect and nor is it the absolute best security available. Some alternative security programs free and paid antivirus programs and security suites can detect and block even more malware. Should you use them?
The security software that is needed depends a lot on the user. A knowledgeable, sensible and careful person that is aware of malware threats will find that Windows Defender is all they need to protect them when using the internet.
People who download software from bad websites offering cracked and pirated software, people who share files and swap them with others, people who click links in emails and on websites that are fake, need the extra security of third party security software.
For most people, Windows Defender is a fine and capable security program. For some, such as children and novices who might not know where dangers lurk, third party security software is recommended.
There is little benefit from running two antivirus/antispyware programs. You should run Windows Defender or another program, but not both. Disable it if you have other software, enable it if you don’t.
Check the status of Windows Defender
If there is no other security software installed on your PC, you must enable Windows Defender to protect it when using the internet. Is it running? Is it turned off? How can you tell? Here is how to check.
1 Open Windows Settings
To check whether the security is active, click the Start button and then click the gear icon (Settings). Alternatively, hold down the Windows key and press I. Click Update & security.
2 Select Windows Defender settings
Select Windows Defender in the list on the left and on the right is Real-time protection and Cloud-based Protection. Make sure that both switches are on (except when running third party security software when it is OK for them to be off).
Real-time protection: This means that Windows Defender constantly runs in the background and watches for malware and suspicious behaviour by software.
Cloud-based protection: When this is on, suspicious files that are suspected of being malware are uploaded to the internet where they can be checked more thoroughly by more powerful security software.
Scroll down and there are more settings.
Automatic sample submission: Suspicious files infected with malware are uploaded to Microsoft, which helps the company make Windows Defender more effective. It is recommended that you turn this on, but it is your choice. It will not affect the security of your computer whether it is on or off.
Exclusions: It is possible to prevent Windows Defender from scanning certain files and folders. It is rarely necessary, but if the program mistakes a file for malware and you are 100% sure it is safe, it could be excluded from scans. Click the link, Add an exclusion. It is normal for the exclusions list to be empty and it would be suspicious if it were not.
How to update Windows Defender
In order to provide effective malware protection, Windows Defender must be kept up to date. The process should be automatically carried out by Windows, but it is a good idea to check this is happening.
In order to detect malware, Windows Defender maintains a database of virus, spyware and other malware definitions. This definitions database must be regularly updated in order to detect new malware that has appeared recently. If it is not updated, your computer is not fully protected.
Updates are normally automatic and you do not have to worry about them. However, it is useful to check that they are taking place and have not become disabled for some reason (malware might try to do this).
1 Open Defender
So far we have only looked at the settings that turn features on and off in Windows Defender. The program itself is elsewhere. At the top of the settings is a button, Open Windows Defender. Click it to open the program.
2 Go to Update
When Windows Defender opens there are three tabs at the top. Click the Update tab.
3 Check and update
The date of the last update is displayed and it should be no more than a day or two old. It will often have today's date, which means it has the latest definitions and is providing the best security.
The Update definitions button can be used to manually update Windows Defender. It is useful to do this just before scanning the disk for malware because it then has all the latest malware definitions.
How to scan for malware
It is essential that you scan the computer for malware and check that it is clean. You don't have to do it every day, but it is a good idea to scan once a week. Here we see how to scan the files on the PC.
Real-time protection checks files and programs on the disk as they are accessed and it is invaluable in protecting the computer from infection. It is the first line of defence.
Files that are not accessed, such as downloads you have not you got around to looking at, or which you downloaded a long time ago, could harbour malware and so it is useful to scan the disk to see if there are any potential problems and deal with them.
1 Start Windows Defender
We saw earlier that Windows Defender could be started from within the Settings app. It is not the only way to start it.
Right click the Start button and select Control Panel on the menu that is displayed.
Set View by in the top right corner to Small icons.
Look down the list of items and near the bottom is Windows Defender. Click it to run it.
Another way to run Windows Defender is to click in the search box in the taskbar and type 'windows defender'. Click it in the search results that are displayed. It is usually at the top.
There are three tabs in Windows Defender, Home, Update and History. Select Home if it is not already selected and on the left it shows whether real-time protection is on and whether the virus and spyware definitions are up to date.
2 Select a scan option
On the right are three scan options:
Quick: A quick scan should be performed every week. Select the option and click the Scan now button. This type of scan is faster than a Full scan because only the parts of the disk drive that are most at risk are scanned for malware. It is sufficient to catch most malware.
Full: A full scan takes longer, but it is more thorough and more likely to find malware. This is because it looks at every part of the disk drive and not just in the obvious locations. Run a full scan once a month.
Custom: This option enables a drive or folder to be selected and the contents are then scanned. You might want to use this to scan a USB flash memory drive (thumb drive or pen drive), or an external USB disk drive.
3 Perform a custom scan
Select Custom scan, click Scan now, then select the disk or folder by expanding the disks. Click the tick box to select folders and disks.
4 Scan folders
A different way to perform a custom scan is to right click a folder or drive in Explorer and select Scan with Windows Defender. The advantage of this method is that you don’t need to find and Start Windows Defender. It does not need to be running, just right click and scan.
You can continue to use the computer while Windows Defender is scanning, but it can make it run more slowly, so you might want to scan when you are not doing anything important. A full scan can take an hour or more.
Hopefully, nothing will be found, but if it is, it will be dealt with.
5 Scan offline with Windows Defender
If you can for malware and either it cannot be removed or if you scan again and it is still finding malware, there is a more powerful removal method available. Press Windows+I to open the Settings app, click Update & security, select Windows Defender on the left and then find Windows Defender Offline on the right. Close any programs or windows you have open and click Scan Offline.
Windows will shut down and the computer will restart. As it does so, Windows Defender will scan the system and remove any malware found.
This is part of a Windows Security course
Go to Courses Home Page
Deal with malware using Windows Defender
Sooner or later you will come across malware and you need to know how to deal with it. Windows Defender might deal with it automatically, but it sometimes just warns you and you need to take action. Here we see what to do.
If Windows Defender detects some form of malicious or suspicious program running in the computer, it will either deal will it automatically and move it to a secure part of the system where it can do no damage, or it will ask what you want to do.
You then have the option to allow it or quarantine it (Sometimes, although rarely, security software mistakes ordinary safe programs for malware and you have the option to override the security.)
1 Watch out for warnings
While using your computer and especially when downloading programs and files from the internet, you need to keep an eye out for messages in the bottom right corner of the screen. Here a potentially harmful download has been detected. Click the message to continue.
These messages disappear after a few seconds and you might miss them. However, they are stored in Action Centre. Click the last icon at the right side of the taskbar to open Action Centre and see recent messages you might have missed.
2 Open Defender
When Windows Defender opens, it tells you that a potential threat has been discovered and there is an option to clean the PC. Click the Clean PC button.
3 Choose an action to apply
A window opens and a list of malware is displayed. In this example there is one program. At the right side is a Recommended action column. Click the menu to select an action. Remove is the safest option and it deletes the malware from the disk.
There is an option on the Recommended action menu to quarantine the malware and this is useful if you think Windows Defender might have made a mistake. It moves the file to a special place where it can do no harm and prevents it from running.
You can view quarantined items at a later time and either delete them or restore them. It basically gives you the option to undo the action.
4 Malware successfully dealt with
When Windows performs the action you selected (Remove or Quarantine is best), a message appears that shows it was successful.
Check Windows Defender history
Has Windows Defender found malware? What did it do with it? Was it deleted or quarantined? The history will tell you. This is where you can view quarantined programs and either delete them or restore them.
1 View the history
Windows Defender keeps a record of the viruses and spyware that it has dealt with and these can be viewed on the History tab in the program.
Select Quarantined items to view the malware that has been blocked and stored in the safe and secure quarantine.
Select Allowed items to see a list of programs that you have decided to allow to run.
Select All detected items to see a list of everything that Windows Defender has detected.
2 Remove malware
Items in the quarantine can be selected with the tick box and then at the bottom of the window, click Remove, or better still, Remove all.
Windows Defender Action Points
- If no other security software is installed, make sure that Windows Defender is running
- Make sure that Windows Defender's virus definitions are up to date
- Perform a quick scan at least once a week
- Perform a full scan at least once a month
- Clear out the quarantine occasionally
- Consider whether you need a better security program
Go to Courses Home Page