This guide covers everything you need to know about using Windows Security (Microsoft Defender Antivirus) in Windows 11.
Windows is more prone to malware and viruses than any other platform out there, and yet, it is the most popular and widely used desktop operating system on the planet. The sheer number of devices that are using Windows and its huge market share are the reasons that Windows is targeted by attacks and malware more than any other operating system.
However, Windows is not totally defenseless, it has its own built-in anti-malware program called Microsoft Defender Antivirus (also known as Windows Security) that protects against all types of malware and viruses. It is a free antivirus and anti-malware tool that is bundled with Windows 10 and Windows 11 OS that protects your device and data from unwanted malware.
Windows Security protects your Windows 11 systems that have no other antivirus protection. While new security bugs and viruses are still being discovered in Windows on a regular basis, Microsoft Defender is constantly updated with virus definitions and security features to keep your system well protected.
In this article, we will learn how to use Windows Security (Microsoft Defender Antivirus) on Windows 11 to keep your computer safe from viruses, spyware, and malware.
Windows Security and its Features in Windows 11
Windows Security (also known as Microsoft Defender Antivirus) is a legitimate antivirus and anti-malware component built into Windows 11. It is a completely free program with capabilities that are on par with some of the paid antivirus programs such as Avast and Kaspersky. According to Microsoft, Windows security has the potential to protect your computer from a total of 99.7 percent of threats.
If you are a casual user, you don’t need expensive third-party antivirus software to defend against viruses, malware, and cyber threats, because Microsoft Defender does a solid job in protecting you against various threats at no extra cost to you.
That being said, if you install another antivirus program, the Microsoft Defender Antivirus will turn itself off automatically. And if you uninstall the other antivirus program, Microsoft Defender will turn itself back on automatically.
Windows Security Features
As soon as you open Windows Security app, you’ll see that the Windows Security tool includes various security features grouped into 8 protection components that you can manage and monitor:
- Virus & threat protection: This area of protection contains options to scan your computer, monitor threats, get security intelligence updates, run an offline scan, and set up advanced anti-ransomware features.
- Account Protection: This helps you protect your Windows 11 identity with Windows Hello sign-in options, account settings, and dynamic lock.
- Firewall & network protection: This section lets you monitor and configure networks and internet connections as well as various Firewall settings.
- App & browser control: In this section, you can control reputation-based protection (SmartScreen), isolated browsing, and exploit protection settings. This allows you to protect your device and data against potentially dangerous apps, files, websites, and downloads.
- Device security – Here, you can review security features such as Security processor (TPM) and Secure boot which come built into the hardware of your device to protect your computer from threats and attacks.
- Device performance & health: Windows Security scans your computer from time to time and displays the health and performance report of your device on this page.
- Family options: This section helps you keep track of the devices in your household and monitor children’s online activities using a Microsoft account.
- Protection history: The last section lets you view and manage the latest protection actions and recommendations from Windows Security.
Most of these services run in the background with a low impact on system performance to keep you safe.
Always Install Latest Windows Updates on your PC
Windows rolls out security updates, feature updates, and other types of updates every month or so to keep your system updated and secure. Security updates are released now and then to fix bugs and security-related vulnerabilities in Windows and associated software. These security updates are necessary even if you are using other Anti-virus programs.
Microsoft Defender Antivirus periodically downloads definition updates called Security Intelligence Update via Windows Update to cover the latest threats and to improve the software. By default, Windows updates are automatically downloaded and installed in Windows 11. But if you turned off automatic updates or you haven’t connected to the internet for a while, you may have missed some necessary Security Intelligence updates for Microsoft Defender.
For Microsoft Defender Antivirus to work properly, you need to make sure your Windows 11 pc is up to date with the latest Windows 11 updates. There are two ways you can download and install Security Intelligence Updates for Microsoft Defender Antivirus – via Windows Update or Windows Security app. Follow these steps to update Microsoft Defender:
To manually check for updates, first, open Windows Settings by clicking the Start menu and selecting the ‘Settings’ option or by pressing Windows+I.
When the Settings app launches, click the ‘Windows Update’ section on the left panel. Then, click the ‘Check for updates’ button on the right pane.
If there are any updates available, download and install the files. Security Intelligence updates don’t require a restart, but if you install other updates along with, then you need to restart your PC.
If you only want to install Security Intelligence updates (which are usually in small size) because maybe you don’t have enough data or you don’t want to install other updates, you can do that directly from the Windows Security app. Here’s how:
Open the Windows Security app, go to the ‘Virus & threat protection’ tab on the left panel, and click the ‘Protection Updates’ setting under the Virus & threat protection section on the right pane.
On the next page, click the ‘Check for updates’ button to download and install updates.
Access Windows Security in Windows 11
There are several ways to access Windows Security app in Windows 11, but the easiest way to access it is through Windows search or via the system tray (notification area).
To launch the Windows Security app (Microsoft Defender Antivirus), click the Start button in the taskbar and search for ‘Windows Security’. Then, click the top result to open the app.
Alternatively, you can click the up arrow in the right corner of the taskbar and click the ‘Windows Defender’ icon (Blue shield) from the System Tray/Notification area.
Either way, it will take you to the Windows Security app dashboard. Here, you have eight areas of protection that you can manage and control:
We will explain each protection component one by one in the following sections.
1. Virus & Threat Protection
Virus & threat protection houses various settings to monitor threats, run scans, get updates, and work with advanced anti-ransomware features.
Quickly Scan Your Computer for Virus and Malware
Windows Security automatically scans the computer for malware and viruses regularly, but you can perform different scans manually. There are four different kinds of scans you can perform on Windows 11 including Quick, Full, Custom, and Microsoft Defender Offline scan.
To do a quick scan for viruses and threats, go to the ‘Virus & threat protection’ tab in Windows Security, and click the ‘Quick scan’ button.
Windows Security will do a quick scan of important system files. It will only take few minutes.
After the scan is complete, it will show you the results. If it finds no threats, you’ll see a “No Current Threats” message.
If you think that there’s a virus or malware still on your computer, then you should try one of the other scanning options. To access all scan options in Windows Security, click ‘Scan options’ under the Current threats section.
Scan options in the Windows Defender Antivirus
You can select one of the four different types of scans by clicking the corresponding radio button and clicking the ‘Scan now’ button at the bottom of the page:
- Quick scan – The Quick scan here is the same as the one you saw in the previous ‘Virus & threat protection’ page. A quick scan usually checks common areas of the hard drive where malware is most likely to be found like Downloads folder and other operating system directories.
- Full scan – If you want to thoroughly scan every file, running program, and folder on your computer, then choose the ‘Full scan’ option which could easily take an hour or more (depending upon the size of the hard drive and number of files) to complete. This scan might cause your computer to run slowly so it’s best to do this when you don’t plan on using your computer much. If there is a virus or malware on your computer, the full scan would find it.
- Custom scan – If you suspect that there’s a virus in a specific folder or drive, then use a custom scan to scan a particular folder or location. To do this, choose the ‘Custom scan’ option and click ‘Scan now’.
Then, select the folder or drive that you want to scan and click ‘Select Folder’.
Alternatively, you can also do this directly from File Explorer. To do this, right-click any folder or drive you to want to scan on your computer and choose ‘Show more options’ from the context menu.
Then, select ‘Scan with Windows Defender…’ from the old context menu.
This will only scan the selected folder or location. You can stop any scan by clicking the ‘Cancel’ button on the scanning page.
- Windows Defender Offline scan: If you are dealing with a virus or malware that proving hard to remove while Windows is running, you can use ‘Windows Defender Offline scan’. If you select this option and click ‘Scan now’, it will show you a prompt box telling you to save your work before clicking the ‘Scan’ button.
Once you click the ‘Scan’ button, the system will restart automatically in the recovery mode and perform a full scan before Windows boots up.
Handling a Threat
If the scan did find some viruses or malware, you will see a notification – ‘Threats Found’ and when you click on that notification, it will take you to the scan result page.
Under the Current threats section in Windows Security, you will see the list of threats that were found. Next to each threat, you will the status and severity of the threat.
Now, you can choose how you want to handle the threat by clicking on the threat. It will reveal a list of Action options – ‘Quarantine’, ‘Remove’, and ‘Allow on device’.
- Quarantine – This action isolates the infected file from the rest of your computer so that it cannot spread or infect your computer. Quarantined items are deleted from their original location and stored it in a secure folder where it cannot be accessed by other programs (or yourself as the user). If the infection is eliminated or if you think it is a low risk, you can also restore an item from quarantine to its original location.
- Remove – This action deletes an infected file by removing both the virus and the infected file from your computer.
- Allow on device – This action leaves or restores the infected file. Sometimes the Microsoft Defender could flag the wrong files as a threat. And if you trust the file that is flagged as a threat and you want to leave the file where it is, then select this option. You should be careful when selecting this option as the file you tursted could easy be a malware in disguise.
After you selected the recommended action, click the ‘Start action’ button.
Also, if you want to get more details on the threat to help make a decision, click ‘See details’ below the actions.
You can see the details like what kind of threat it is, alert level, status, which files are affected, and others.
View Protection history
Windows Security has an area called ‘Protection history’ where you can view and manage the latest protection actions and recommendations.
If you want to view the full history of quarantined, removed, and allowed threats, either click the ‘Protection history’ tab on the left pane of the Windows Security app or click the ‘Protection history’ link under the current threat section in ‘Virus and threat protection’ tab.
Here, you’ll see a list of your recent protection actions as well as recommendations to configure the Windows security app. You can also click the ‘Filters’ drop-down menu and select the filter to review specific history.
To restore a quarantined file or an incorrectly flagged file, click on an entry, and then click the ‘Actions’ button below.
Then, click ‘Restore’ to restore the file back to its original location or ‘Remove’ to delete the file from your PC.
You can also view the list of items that are identified as threats, which you are allowed to remain or run on your computer. To do this, click the ‘Allowed threats’ settings link under Current threads or Scan options section in the ‘Virus and threat protection’ tab.
Configure Virus & Threat Protection Settings
The virus & threat production tab in Windows Security not only has scanning options, but also includes real-time protection, cloud-delivered protection, tamper protection, automatic sample submission, anti-ransomware, and exclusions settings. These settings help configure the virus and threat protection feature of the Microsoft Defender Antivirus.
- Real-time protection is a security component provides automatic protection which detects and neutralizes threats, virus, and malware on your device in real-time.
- Cloud-delivered protection receives the latest protection data and fixes from the Microsoft cloud to provide strong and faster protection.
- Automatic Sample submission sends information about threats it detects to Microsoft via the cloud to help improve Microsoft Defender.
- Tamper Protection is a security feature that blocks modifications to Microsoft Defender Antivirus components from outside the app.
By default, Windows Defender automatically enables these settings, but you can toggle any of these settings to your needs.
Temporarily Disable Microsoft Defender Antivirus
Sometimes you may need to temporarily disable Microsoft Defender Antivirus when you can’t install an app or update software. In such cases, you can easily disable the Microsoft Defender temporarily by turning off the real-time protection. However, real-time protection will turn back on automatically after you restart your PC.
To disable Microsoft Defender Antivirus, first, open the Windows Security app and click the ‘Virus & threat protection’ tab
Then, under the ‘Virus & threat protection settings’ section, click the ‘Manage settings’ link.
On the next page, toggle the switch to Off under ‘Real-time protection’ to disable the Microsoft Defender Antivirus. If User Account Control (UAC) prompts for confirmation, click ‘Yes’.
To re-enable the Microsoft Defender Antivirus immediately, turn On the ‘Real-time protection’ toggle. If you want to know more about enabling or disabling Microsoft Defender Antivirus in Windows 11, check out this article.
Enable Anti-Ransomware Protection in Windows 11
Hackers use ransomware attacks to breach an organization’s system or a personal computer and then lock and encrypt a victim’s computer or device data. A ransom is then demanded to release the restriction. Ransome attacks are usually mounted by ransomware or an encryption Trojan which is malware that gets into your system and prevents you from accessing your computer or personal files.
Microsoft Defender Antivirus also provides ransomware protection which protects your system and data against ransomware attacks. Windows Security app includes two features under the ransomware protection section – ‘Controlled folder access’ and ‘Ransome data recovery’.
Controlled folder access protects files, folders, and memory locations against ransomware attacks and unwanted changes from malicious programs. Ransomeware data recovery helps you recover the files using the OneDrive account in the event of an attack.
To enable Ransome protection in Windows 11, open Windows Security and go to the ‘Virus & threat protection’ tab. Then, scroll down and click ‘Manage ransome protection’ under the Ransome protection section on the right pane.
Alternatively, you can click ‘Manage settings’ under Virus and threat protection settings section.
On the next page, scroll down to the Controlled folder access section and select the ‘Manage Controlled folder access’ setting.
Either way, it opens the Ransome Protection page. Here, turn ‘On’ the toggle under Controlled folder access.
This will reveal three more settings to manage Controlled folder access.
- Block history – This will show a list of blocked folder accesses which are the apps or users who tried to access the Protected folder but got blocked. When you click this setting, it will show the blocked history on the Protection history page.
- Protected folder – Windows security protects system folders such Documents, Pictures, and other by default. But, you can also your own folders to the list of the protected folder.
To view or add Protected folders, click the ‘Protected folders’ settings link under the Controlled folder access section. Then, click ‘Yes’ to the User Account Control prompt box.
This will open the Protected folders page, where you can see the list of the protected folders or add additional protected folders. To add an additional protected folder, click the ‘Add a protected folder’ button, and select the folder from your PC.
- Allow an app through Controlled folder access – Apps that are trusted by Microsoft are allowed to access the protected folders by default. But if the Controlled folder access feature blocked a program or an app you trust, you can then add that app as an allowed app.
To allow an app, click the ‘Allow an app through Controlled folder access’ setting link under the Control folder access section. Then, click ‘Yes’ for User Account Control prompt.
On the next page, click the ‘Add an allowed app’ button.
Then, select either ‘Recently blocked apps’ or ‘Browse all apps’ to allow an app. ‘Recently blocked apps’ option will show you a list of apps that were recently blocked by Controlled folder access from which you can select an app. ‘Browse all apps’ option lets you select any app from your computer.
On the Ransome protection page, you will also see a section called ‘Ransomeware data recovery’ which will show you the OneDrive accounts that you can use to recover files after a Ransome attack.
Exclude Items from Microsoft Defender Antivirus Scans
Microsoft Defender Antivirus allows you to exclude files, folders, file types, and processes that you do not want to scan for viruses. If you have specific files or folders that you don’t want to scan, you can add them to the list of Exclusions in the Windows Security app.
You can also increase the speed of a scan by excluding items (which you know are safe) from the scan. Be careful when you use exclusions because the excluded items could contain threats that make your device vulnerable.
To exclude items from Microsoft Defender Antivirus scans, first, open the Windows Security app and select the ‘Virus & threat protection’ tab. Then, click ‘Manage settings’ under Virus and threat protection settings section.
On the next page, scroll down to the ‘Exclusions’ section at the bottom and select the ‘Add or remove exclusions’ setting under it. Then, click ‘Yes’ for User Account Control prompt.
This will open the Exclusions page where you can add or remove items from scans. Now, click ‘Add an exclusion’ and select one of the exclusion types: ‘File’, ‘Folder’, ‘File type’, or ‘Process’.
- Excluding File – To exclude a file from scans, choose the ‘File’ option and browse to the file you want to exclude. Then, select the file and click ‘Open’.
- Excluding Folder – To exclude a folder from scans, choose the ‘Folder’ option and then, select the folder you want to exclude and click ‘Select Folder’.
- Excluding File type – To exclude file types from the scan, select the ‘File type’ option and enter the extension name in the Add an extension dialog box. You can also type the file type name either with or without, the leading period (dot). For example, ‘.mp4’ and ‘mp4’ both work the same way. Then, click ‘Add’.
- Excluding Process – To exclude a process from the scan, select the ‘Process’ option. Then, either enter the process full name or full path and file name in the dialog box and then click ‘Add’.
If you want to exclude a specific process from a specific folder, you should use the full path and file name and click ‘Add’. For example:
The scan will only skip the process in this specific location. If there’s another instance of the same process located in a different folder, it will still be scanned.
If you want to exclude a specific process, no matter where it is located, then just enter the full name of the process in the dialog box and click ‘Add’. For example:
This will skip all the instances of the process with the same name on your computer. When you exclude a process from the scan, any file opened by that process will also be excluded from the real-time scanning.
All the added exclusion items will be listed on the Exclusions page in Windows Security app. If you want to remove an item, just click on the item and select ‘Remove’.
2. Account Protection
Account Protection under Windows Security app protects the user’s Windows 11 identity with Windows Hello sign-in options, account settings, and dynamic lock. It will monitor and notify you of security issues with your account protection and sign-ins. It will also recommend you to set up and use Windows Hello for faster and secure sign-in.
On the Windows Security app, open the ‘Account Protection’ on the left pane or from the dashboard. To access all the ‘Account Protection’ features (including Windows Hello), you need to be signed in with a Microsoft account on your Windows 11 computer. If you are signed in with a local account, you will this screen:
To sign in with your Microsoft account, click ‘View your account info’ under the Microsoft account section.
On the Windows Settings app, click ‘Sign in with a Microsoft account instead’ and then enter your Microsoft credentials to log in with your Microsoft account.
After that go back to the Account Protection page on the Windows Security app and you’ll see account information and Windows Hello sign-in options. You can use the Setting link below each section to configure that security feature.
Check your account protection by confirming if Microsoft account, Windows Hello, and Dynamic lock have a small green tick mark on the icons. The green tick mark indicates that everything is working correctly. If there’s an issue with one of the account security items, you’ll see a red ‘X’ mark on the icon and you’ll need to take action to remedy the problem.
For example, in the above screenshot, the Dynamic lock is not working because the Bluetooth is off. Click ‘Turn on’ to enable the Bluetooth.
Then, click ‘Pair a phone’ to pair your phone to the computer.
Now, the Dynamic lock is set up to lock your computer automatically whenever you’re away from your computer with your phone.
3. Firewall & network protection
Windows Security also allows you to monitor and control network security with Microsoft Defender Firewall settings. On the Firewall & network protection page, you can view and adjust firewall settings for your needs.
On the Windows Security app, select the ‘Firewall & network protection’ tab from the left-hand pane. Here, you will see three network profiles and their security status.
By default, Firewalls are enabled for all the profiles. But you can enable or disable the firewall anytime. And the network profile that is currently in use is marked as ‘active’.
Enable/Disable Microsoft Defender Firewall in Windows 11
Firewalls protect your system and data from unauthorized access and threats, however, sometimes, you may need to disable the firewall. For instance, when downloading files from untrusted sources or accessing an app that’s being blocked.
If you decided to disable the Microsoft Defender firewall, you can go into each network profile and turn them on or off according to your requirements. Click on the network type to view its firewall settings.
Then, under the Microsoft Defender Firewall section, click the toggle to turn it ‘Off’.
If UAC prompts for confirmation, click ‘Yes’. To re-enable the firewall, click the toggle again to turn it ‘On’
If you want to re-enable the firewall for all the networks together, you can just click the ‘Restore settings’ button which restores the default settings.
Each network profile also has another setting – ‘Block all incoming connections, including those in the list of allowed programs’ under Incoming connections. This setting could provide extra security when you’re under attack.
By default, Windows Defender Firewall blocks all incoming connections unless there’s an exception rule created by you or an allowed app. Enabling this option will override all those exceptions and block all unsolicited incoming traffic including those for the allowed programs. When you block all the incoming connections to your computer, other devices from the same network can’t connect to your computer either. But, you’ll still be able to browse the internet, send and receive mails, etc.
To block incoming connections, check the box that says ‘Block all incoming connection,…’ under Incoming connections.
The Firewall & network protection page includes a few more settings to further customize and manage the Windows firewall.
These settings are actually linked to change settings in the Control Panel and Settings app.
- Allow an app through firewall – This will take you to the control panel applet where you can add, change, and remove apps that are allowed to communicate through Windows Defender Firewall
- Network and Internet troubleshooter – This link lets you run troubleshooters to fix network and internet issues.
- Firewall notification settings – This options lets you manage security providers and notifications from Windows Security.
- Advanced settings – It opens up the Windows Defender Firewall control panel where you can monitor and manage inbound, outbound, and connection security rules.
- Restore firewalls to default – This option allows to restore firewall default settings.
4. App & browse Control
App & browser control is another component of Windows Security where you can configure protection and online security settings. It is recommended to use the default settings under this page, but you can always change them as per your requirements.
To access these settings, open the Windows Security app and select the ‘App & browser control’ tab.
Reputation-based protection settings let you control the Windows Defender SmartScreen feature which helps protect your device against malicious and potentially unwanted apps, files, sites, and downloads.
Open the ‘App & browser control’ tab, then click the ‘Reputation-based protection settings’ link under the Reputation-based protection section.
On the Reputation-based protection page, there are several options like Check apps and files, SmartScreen for Microsoft Edge, Potentially unwanted app blocking, and SmartScreen for Microsoft Store.
Windows Defender’s SmartScreen feature could block or delete unrecognized apps, web contents, files, and downloads. To allow unrecognized and low-reputation apps, files, and downloads, you need to disable SmartScreen features.
You can enable or disable these options as per your requirements:
- Check apps and files – This toggle turns on/off Microsoft Defender SmartScreen to help protect your computer by checking the reputation of apps and files you may download from the web.
- SmartScreen for Microsoft Edge – This setting helps evaluate and protect your computer from malicious websites or downloads. If you try to visit phishing or malware websites on Edge, it will warn you about the potential threat from those websites. Also if you try to download unrecognized files, suspicious files, or malicious programs, Microsoft Edge will give you a chance to stop the download.
- Potentially unwanted app blocking – This option helps you prevent the installation of potentially unwanted apps (PUAs) that might cause unexpected behaviors on your Windows 11 PC.
Potentially unwanted applications (PUA) are a kind of software that can display ads, use your PC for crypto mining, install adware and other unwanted programs along with it. They are not considered malware, but they might slow down your system, cause undesirable behavior, steal your data, or harm your system. Advertising, crypto mining, bundling, low-reputation, and pirated software are considered PUA by Microsoft.
By default, Windows Defender will block suspicious and unwanted apps (PUAs) from downloading or installing. But if you are testing an app or want to install a PUA, you can disable the ‘Potentially unwanted app blocking’. Here’s how you do this:
If you only want to install or access PUAs, then uncheck the ‘Block apps’ check box. If you only want to allow PUA downloads, then uncheck the ‘Block downloads’ box. To enable or disable both options, turn On/Off the toggle under the Potentially unwanted app blocking section.
- SmartScreen for Microsoft Store apps – When enabled, this option checks the web content used by Microsoft Store apps to protect your device.
Isolated browsing is a cybersecurity feature that can be used to physically isolate browsing activity in an isolated virtual environment, like a sandbox or virtual machine to protect the device and data.
In Windows 11, Microsoft Defender Application Guard (MDAG) uses the latest virtualization technology to isolate Edge browser in an isolated environment to help protect you against web-based threats and malicious downloads. In Windows 11, the browser isolation only works with the Microsoft Edge browser.
Install Microsoft Defender Application Guard (MDAG) for Edge
To launch the Microsoft Edge browser in an isolated browsing environment, first, you need to install Microsoft Defender Application Guard on your Windows 11 PC. Also, MDAG is only available on Windows 10 and 11 Pro, Education, and Enterprise editions.
Go to the ‘App & browser control’ page on Windows Security app, and click the ‘Install Microsoft Defender Application Guard’ setting under the Isolated browsing section. Then, click ‘Yes’ for User Account Control prompt box.
This will open the Windows Features control applet. Then, look for ‘Microsoft Defender Application Guard’ in the list of features. If you don’t find it in the list, it means you’re using Windows 10/11 Home edition and you need to upgrade it.
If it’s grayed out as it is shown below, it means your PC hardware doesn’t support this feature. To install Microsoft Defender Application Guard on your Windows 11 PC, you’ll need 8 GB of RAM, 5 GB of free space, and Virtualization hardware.
On some PCs, SVM Mode or Virtualization technology is disabled by default. In such cases, you need to enable ‘SVM mode’ or ‘Virtualization’ on your BIOS settings to enable this feature.
Then, check the ‘Windows Defender Application Guard’ option in the list of features, and then click the ‘OK’.
Once the installation of the Windows Defender Application Guard feature is completed, you’ll be asked to restart your computer. Click the ‘Restart now’ to reboot the PC before you can use this feature.
Once you complete the above steps, you’ll see two different settings under the Isolated browsing section on the App & browser control page.
- Change Application Guard settings let you change Application Guard settings for Edge browser. Click the ‘Change Application Guard settings’ link to see the list of settings you can tweak.
On the Application Guard for Microsoft Edge, certain actions are disabled to make your browsing activity more secure and isolated. You can also turn on or off the following options depending on your needs, but your browsing might be less secure. When your turn on or off the settings, you need to restart your device to apply the change.
- Uninstall Microsoft Defender Application Guard setting lets you uninstall the MDAG. If you don’t need MDAG anymore, you can click this link to uninstall the feature and free up the space.
To launch your Edge browser in Application Guard mode, first, open Microsoft Edge normally. Then, click the ‘Menu’ (three dots) button and select ‘New Application Guard Window’.
Exploit protection is an advanced security feature that protects devices from malware that takes advantage of software vulnerabilities (exploits) to spread and infect.
Exploit protection in Windows 11 employs a number of exploit mitigation techniques to prevent malware from successfully exploiting software vulnerabilities. These mitigations can be applied at either the operating system level or at the individual app level.
To customize the Exploit protection settings, open the Windows Security app, and select the ‘App & browser control’ tile. Then, click the ‘Exploit protection settings’ link under the Exploit protection section.
On the next page, you’ll see two tabs – ‘System settings’ and ‘Program settings’. System settings contain mitigations that can be applied to all apps on the system while Program settings enable mitigations for the individual apps. Setting mitigation for the individual apps will override the System settings.
Here, you can customize the settings as per your requirements. However, it is advised not to make any changes to these settings unless you’re a system administrator or you know what you are doing. Making wrong changes might break your programs and cause them to show errors.
Under the System settings tab, each of the mitigation has three options to choose from:
- On by default – This enables the specific mitigation for applications that don’t have this mitigation set in the Program settings.
- Off by default – This disables the specific mitigation for applications that don’t have this mitigation set in the Program settings.
- Use default (On/Off) – This option either enables or disables the mitigation depending on the default configuration that is set up by Windows.
Once you change the settings, restart your device to apply the changes.
In the Program settings tab, you can apply mitigations to individual apps. To do this, select the app you want to apply mitigations to and then click ‘Edit’.
After clicking the Edit button, you’ll see a list of all the mitigations that can be applied to the selected app. To edit a setting, check the ‘Override system settings’ and turn On/Off the toggle to enable or disable the mitigation. Checking the ‘Audit’ option will enable the mitigation in audit mode only.
If the app you’re looking for is not listed under the ‘Program settings’ tab, you can add your own program to the list and customize the settings as you want. To do this, click ‘Add program to customize’, then select either ‘Add by program name’ or ‘Choose exact file path’.
If you selected the ‘Add by program name’ option, you need to enter the correct program/app name in the dialog box as shown below:
If you selected the ‘Choose exact file path’ option, navigate to the program and select it with the exact file path. Then, click ‘Open’.
After making the change, you will be notified if the change requires you to restart the program or the system. Then, click ‘Apply’ to save the changes and restart the program or the PC accordingly.
5. Device Security
The ‘Device Security‘ protection area in the Windows Security app offers insights into the security features that come built into your device. You can access this page to view the status report of the device’s security as well as manage some of those security features.
To access the Device Security page, click the ‘Device Secutity’ tab on the Windows Security app. Some of the security features include Core isolation, Security processor, and Secure boot. Security processor (TPM 2.0) and Secure Boot are system requirements for running Windows 11 which can be enabled via ‘UEFI BIOS’ settings.
Core isolation is a virtualization-based security feature that protects core processes of Windows from malicious attacks by separating a computer’s high-level system processes from your operating system and device. Core isolation is only accessible if SVM mode or Virtualization is enabled on your computer which can be done through BIOS settings.
To access Core Isolation settings, click the ‘Core isolation details’ setting link under the Device security.
On the Core isolation page, you’ll see the ‘Memory integrity’ setting which is disabled by default. Memory integrity is a subset of the Core Isolation security feature that uses Virtualization and Hyper-V technology to prevent malicious code from accessing high-security processes in the event of an attack.
To enable ‘Memory integrity’, toggle the switch to ‘On’ under the Memory integrity section.
Once you do that, you’ll see a notification to restart your computer, so, restart the PC to apply the change.
Security processor (TPM)
A TPM chip is a specialized chip integrated into CPUs and motherboards to carry out cryptographic operations such as storing encryption keys and passwords, encrypting data, decryption, and more. Windows 11 requires a TPM 2.0 chip in your device to upgrade or install the OS.
You can view the information about your Security processor which is called ‘Trusted Platform Module (TPM)’ by clicking the ‘Security processor details’ link on the Device security page.
TPM has its own storage unit to store encryption keys and credentials, but sometimes that storage can get corrupted. Clearing the TPM storage can fix this issue which can be done from the ‘Security processor details’ page on Windows Security. To do this, click the ‘Security processor troubleshooting’ setting under Status.
On the next page, click the ‘Clear TPM’ button to reset the TPM to its default settings.
6. Device performance & health
Windows Security monitors your computer for security issues and provides useful information and status about the health and performance of your device under the Health report section on the ‘Device performance & health’ protection area. Click the ‘Device performance & health’ tile from the left pane or from the dashboard to open it.
The Health report will show you when was the last scan was run and the status of four key areas from that scan: Storage capacity, Battery life, Apps and software, and Windows Time service.
On the status of each category, if you see a green tick mark and “No issues” message, then there are no issues and everything is working correctly. If you see, Yellow warning sign, it means there is an issue and a recommendation would be available under it. If you see Red (x) cross, it needs your immediate attention and a recommendation would be available if any.
7. Family options
Windows Security includes a protected area called ‘Family options’ which gives you easy access to manage parental controls and keep track of your family devices connected to your Microsoft account. Parental control lets you monitor and manage kids’ online activity and digital life. Click the ‘Family options’ from the left menu or from the dashboard of Windows security.
However, the Family options page on Windows Security doesn’t allow you to change Family settings directly, but instead, it gives you access to your Microsoft account (on the browser) where you can manage parental controls and other devices.
View Parental control settings
To access parental controls and manage your household devices, click ‘View family settings’ to open these settings online in your Microsoft account (on the browser).
This will take you to the Family Safety website page on your Microsoft account. You may be prompted to sign in with your Microsoft account before that.
Once you’re on the Family Safety page in your browser, you can add and manage family members, set screen time, check their online activity, manage content filter, email your family group, manage the family calendar, and more.
Review your family devices
You can also review the health and security of all the devices that you and your family have signed in using a Microsoft account by clicking the ‘View devices’ setting link under the ‘See your family’s devices at a glance’ section.
Then, you may need to sign in with your Microsft account. This will open up the Devices page on your Microsoft page where you can add, remove, and review devices as well as find your misplaced or lost device.
Schedule a Windows Defender Antivirus Scan using Task Scheduler
Microsoft Defender Antivirus regularly scans your device to protect your device and files viruses, malware, and other threats. But you can also schedule Microsoft Defender Antivirus to scan at your preferred day and time using Task Scheduler. Follow these steps to this:
Search for ‘Task Scheduler’ in the Windows search, and select the top result to open the program.
Once the Task scheduler opens, navigate to the following path:
Task Scheduler Library > Microsoft > Windows > Windows Defender
In the top center pane, right-click the ‘Windows Defender Scheduled Scan’ task, and select the ‘Properties’ option or double-click ‘Windows Defender Scheduled Scan’.
In the Windows Defender Scheduled Scan Properties (Local Computer) window, select the ‘Triggers’ tab, and then click ‘New’ at the bottom.
In the New trigger dialog window, choose how often you want to scan and when you’d like them to start.
Click the ‘Begin the task’ drop-down menu and select one of the triggers to start the scan:
- On schedule
- At startup
- On idle
- On an event
- At task creation/modification
- On connection to a user session
- On disconnect from a user session
- On workstation lock
- On workstation unlock
Then, choose how often you want to run the scan by selecting one of the options under Settings:
- One time
Then, specify the start date, time, and how often do you want the scan to reoccur.
You can also use the Advanced settings to further customize exactly when and how your scans would run. Once, you’re done, click ‘OK’ to save the settings.
On the ‘Conditions’ tab, you can also specify the conditions that have to be met in order for the scan to run. For instance, we have checked both ‘Start the task if the computer is on AC power’ to run the scan only when it’s plugged into AC power and ‘Stop if the computer switches to battery power’ to stop the scan preventing it from draining the battery.
That’s everything you need to know about Windows Security (Microsoft Defender Antivirus).