Network Security

In this second lesson we are going to talk about one of the most confusing security products that are bundled with Windows: Windows Defender.

In the past, this product has had a bad reputation and for good reason – it was very limited in its capacity to protect your computer from real-world malware. However, the latest version included in Windows 8.x operating systems is much different than in the past and it provides real protection to its users. The nice thing about Windows Defender in its current incarnation, is that it protects your system from the start, so there are never gaps in coverage.

We will start this lesson by explaining what Windows Defender is in Windows 7 and Vista versus what it is in Windows 8, and what product to use if you are using an earlier version. We next will explore how to use Windows Defender, how to improve its default settings, and how to deal with the alerts that it displays.

As you will see, Windows Defender will have you using its list of quarantined items a lot more often than other security products. This is why we will explain in detail how to work with it and remove malware for good or restore those items that are only false alarms.

Lastly, you will learn how to turn off Windows Defender if you no longer want to use it and you prefer a third-party security product in its place and then how to enable it back, if you have changed your mind about using it. Upon completion, you should have a thorough understanding of your system’s default anti-malware options, or how to protect your system expeditiously.

What is Windows Defender?

Unfortunately, there is no one clear answer to this question because of the confusing way Microsoft has chosen to name its security products. Windows Defender is a different product, depending on the Windows operating system you are using.

If you use Windows Vista or Windows 7, then Windows Defender is a security tool that protects your computer from spyware. This but one form of malware made out of tools and applications that monitor your movements on the Internet or the activities you make on your computer. Spyware tends to send the information that is collected to a remote server and it is later used in all kinds of malicious purposes, from displaying advertising you don’t want, to using your personal data, etc.

However, there are many other types of malware on the Internet and this version of Windows Defender is not able to protect users from any of them. That’s why, if you are using Windows 7 or earlier, we strongly recommend that you disable Windows Defender and install a more complete security product like Microsoft Security Essentials, or third-party security products from specialized security vendors.

If you use Windows 8.x operating systems, then Windows Defender is the same thing as Microsoft Security Essentials: a decent security product that protects your computer in-real time from viruses and spyware. The fact that this product protects your computer also from viruses, not just from spyware, makes a huge difference. If you don’t want to pay for security products, Windows Defender in Windows 8.x and Microsoft Security Essentials (in Windows 7 or earlier) are good alternatives.

Windows Defender in Windows 8.x and Microsoft Security Essentials are the same product, only their name is different. In this lesson, we will use the Windows Defender version from Windows 8.x but our instructions apply also to Microsoft Security Essentials (MSE) in Windows 7 and Windows Vista.

If you want to download Microsoft Security Essentials and try it out, we recommend you to use this page: Download Microsoft Security Essentials. There you will find both 32-bit and 64-bit editions of this product as well versions in multiple languages.

How to Use and Configure Windows Defender

Using Windows Defender (MSE) is very easy to use. To start, search for “defender” on the Windows 8.x Start screen and click or tap the “Windows Defender” search result.

In Windows 7, search for “security” in the Start Menu search box and click “Microsoft Security Essentials.”

Windows Defender has four tabs which give you access to the following tools and options:

Home – here you can view the security status of your system. If everything is alright, then it will be colored in green. If there are some warnings to consider, then it will be colored in yellow, and if there are threats that must be dealt with, everything will be colored in red.

On the right side of the “Home” tab you will find options for scanning your computer for viruses and spyware. On the bottom of the tab you will find information about when the last scan was performed and what type of scan it was.

Update – here you will find information on whether this product is up-to-date. You will learn when it was last updated and the versions of the definitions it is using. You can also trigger a manual update.

History – here you can access quarantined items, see which items you’ve allowed to run on your PC even if they were identified as malware by Windows Defender, and view a complete list with all the malicious items Windows Defender has detected on your PC. In order to access all these lists and work with them, you need to be signed in as an administrator.

Settings – this is the tab where you can turn on the real-time protection service, exclude files, file types, processes, and locations from its scans as well as access a couple of more advanced settings. The only difference between Windows Defender in Windows 8.x and Microsoft Security Essentials (in Windows 7 or earlier) is that, in the “Settings” tab, Microsoft Security Essentials allows you to set when to run scheduled scans while Windows Defender lacks this option.

How to Improve Windows Defender’s Default Settings

If you are logged in with a user account that is set as an administrator, you can change the default settings in Windows Defender and improve them a bit. Start Windows Defender and go to the “Settings” tab, then select “Advanced” and consider enabling the following settings:

  • Scan removable drivers – when this is enabled, the full scans performed by Windows Defender will also scan the external hard drives or the flash memory sticks that are plugged into your computer.
  • Create a system restore point – when this setting is enabled, Windows Defender creates a system restore point before removing, running, or quarantining items that it considers malicious.
  • Remove quarantined files after – the default value for this setting is three months. If you don’t want Windows Defender to keep malicious items in its quarantine for this long, considering shortening this time period to a month or less.
  • Send file samples automatically when further analysis is required – leave this setting checked, as it helps Microsoft identify malware samples faster and react to them in future updates for Windows Defender.

When done setting things up, press “Save changes” and your new settings are applied.

Working With the Alerts Displayed by Windows Defender

One of the downsides of Windows Defender is that when it detects a threat and it cleans it, it doesn’t show much in terms of actionable information. For example, in Windows 7, MSE shares this prompt when it detects a threat but the prompt doesn’t tell you anything about it and you can’t click on it to learn more.

In Windows 8.x, Windows Defender shares a similar prompt. If you click or tap on it, Windows Defender is started but again, you are not shown any meaningful information that you can use to understand what is going on.

When threats are detected, the default behavior is to neutralize them by quarantining them. That’s why in Windows Defender you will end up using the list of quarantined items a lot more often than when using third-party security products.

How to Work with Quarantined Files in Windows Defender

After you see an alert from Windows Defender, it is best to start it and go to the “History” tab. There, select “Quarantined items” and press “View details.”

The list with all the quarantined items is shown with the recently detected items being displayed first. If you select an item, you can view more information about it: category, description, location, the alert level, and when it was quarantined.

Based on this information, you can remove that item for good by pressing “Remove” or you can restore it to its original locations by pressing “Restore.” Obviously, restoring malware is not exactly something you should be doing unless you are 100 percent sure it is a false alarm. When pressing “Restore,” Windows Defender does a good job at informing you of the consequences.

If you want to remove all the items that are placed into the quarantine, press the “Remove all” button.

How to Turn Off Windows Defender

When you install a new security product, Windows Defender is generally turned off automatically. For example, if you are using Windows 7 and you install Microsoft Security Essentials, the old Windows Defender product is automatically turned off so you don’t have to do anything.

However, not all third-party security products disable Windows Defender on their own and you might have to do this manually.

Windows 7

If you are using Windows 7 and you want to disable Windows Defender because you want to use a third-party security product in its place, go to the Start Menu and search for the word “defender.”

Click on the “Windows Defender” search result to start it.

Then, go to “Tools -> Options”. Here you will find plenty of settings, split into several categories. On the column on the left, select “Administrator.” Uncheck the box that says “Use this program” and press “Save.”

You are informed that Windows Defender is now turned off.

If you have installed Microsoft Security Essentials in Windows 7 and you want to use a third-party security product in its place, disabling it means uninstalling the program just like any other. Go to “Control Panel -> Programs -> Programs and Features”. There, select “Microsoft Security Essentials,” press “Uninstall,” and follow the wizard.

Windows 8.x

Start Windows Defender and go to the “Settings” tab. There, select the “Administrator” category on the left and then uncheck the box that says “Turn on this app,” and then press “Save changes.”

You are informed that Windows Defender has been turned off and it isn’t monitoring your computer or device. Press “Close” and you are done.

Windows Defender is no longer enabled.

How to Turn On Windows Defender

If you want to turn Windows Defender back on, you can do this if you have not installed any third-party security products like antivirus software or Internet security suites.

You can use the “Action Center” to turn on Windows Defender.

You will learn about the Action Center, its role in keeping your system safe and running in good shape, as well as how to use it, in Lesson 7.

Coming up next …

This lesson ends here and we hope that you have found it useful. In the next lesson you will learn about Windows Firewall, how it keeps your system safe from network attacks and how to use it to control which applications get access to the network and the Internet and which do not.