Home / Windows 10

Manage client security by using Windows Defender

Most organizations use an enterprise malware solution, often unaware that the Windows Defender antimalware software that is included with Windows 10 offers fully featured antimalware protection against viruses, spyware, rootkits, and other types of malware. Compared to earlier versions of Windows Defender, the solution is significantly improved in Windows 10.

Malware is a major problem for most computer users; therefore, Microsoft includes Windows Defender to monitor, protect, and if necessary, help remove malware from your computer.

Windows Defender also works with the Internet Explorer SmartScreen Filter that protects your web browsing activity and prevents downloading or installing malware. The signature-based antimalware technologies used in both SmartScreen Filter and Windows Defender are updated regularly, often daily, to provide the most comprehensive protection.

Understand malware

Malicious software, or malware, can do many things to your computer, such as allowing unauthorized parties remote access to your computer or collecting and transmitting information that is sensitive or confidential to unauthorized third parties.

Some types of malware include:

  • Computer viruses Replicating malware, normally with email attachments or files.
  • Computer worms Replicate, without direct intervention, across networks.
  • Trojan horses Tricks the user into providing an attacker with remote access to the infected computer.
  • Ransomware Harms the user by encrypting user data. A ransom (fee) needs to be paid to the malware authors to recover the data.
  • Spyware Tracking software that reports to the third party how a computer is used.

The most common attack vector for malware is still by email, although attacks from websites, pirated software, video, and music files are becoming increasingly common.

You can help protect against malware infection by following these guidelines.

  • All software should be from a reputable source.
  • All software and operating system updates are applied.
  • Antimalware software is installed and enabled on your devices.
  • Antimalware definitions are up to date.
  • Avoid using or accessing pirated software or media sharing sites.
  • Be suspicious of out-of-the-ordinary email attachments, and don't open links in spam or phishing email.

Although no antimalware solution can provide 100 percent safety, modern solutions can reduce the probability that malware compromises your device.

Windows Defender can help protect your device by actively detecting spyware, malware, and viruses both in the operating system and on Windows 10 installed on Hyper-V virtual machines. Windows Defender runs in the background and automatically installs new definitions as they are released, often on a daily basis.

You can use Windows Defender manually to check for malware with various scan options listed in Table below.

Scan	Description
options	

Quick	Check the most likely areas
	that malware, including viruses,
	spyware, and software, commonly
	infect

Full	Scans all files on your hard disk
	and all running programs

Custom	Enables users to scan specific
	drives and folders to target
	specific areas of your computer
	such as a removable drive.

Monitor for malware

You should routinely check your system for malware. If it becomes infected or you suspect malware is on your system, you can run a Full scan. To configure and use Windows Defender, follow these steps.

  1. Type Windows Defender into Start and select Windows Defender Desktop App.
  2. On the Home tab, verify that Real-Time Protection is On and the Virus and Spyware definitions are up to date. (You'll see a check mark on a green background.)
  3. Under Scan Details, review the last scan date, time, and type.
  4. Click the Update tab and verify that the definitions are up to date. If they are not, ensure that you are connected to the Internet and click Update Definitions.
  5. Click the History tab, click View Details (allowing UAC if prompted), and then review the results of any quarantined items that were prevented from running on your PC.
    If items have been detected, they appear in the results, which shows a trojan has been detected and quarantined.
  6. You can highlight each item and choose Remove All, Remove (to remove a single item), or Restore (to restore the file if you believe this is not malware).
  7. When it is removed, the item is deleted, and the Detected Item list is cleared.
  8. Close Windows Defender.

By default, Windows Defender telemetry automatically sends some user data to Microsoft, which helps improve security. You can customize this option to turn off the feature that sends data to Microsoft by selecting Turn Off Telemetry Options in the Settings app, using these steps.

  1. Open Start and click Settings.
  2. In the Settings app, click Update & Security and click Windows Defender.
  3. Set Cloud-Based Protection to Off.
  4. Set Automatic Sample Submission to Off.

You can also configure these settings by using Group Policy. The settings are found in the following node: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\MAPS.

The Microsoft Active Protection Service (MAPS) is the cloud service that Microsoft uses to collect and analyze key telemetry events and suspicious malware queries from users running Windows 8 or later. The service also provides real-time blocking responses back to client devices for suspicious items that do not match published definitions.