Automatic Scanning
Windows Defender provides two different types of scanning:
- Quick Scan Scans the portions of a computer most likely to be infected by spyware or other potentially unwanted software, such as the computer's memory and portions of the registry that link to startup applications. This is sufficient to detect most malware applications.
- Full Scan Scans every file on the computer, including common types of file archives as well as applications already loaded in the computer's memory. A full scan typically takes several hours, but it may take more than a day, depending on the speed of the computer and the number of files to be scanned. The user can continue to work on the computer during a quick scan or a full scan; however, these scans do slow down the computer and will consume battery power on mobile computers very quickly.
By default, Windows Defender runs a quick scan daily. This is usually sufficient. If you think a user might have potentially unwanted software installed, you should run a full scan to increase the chances of removing every trace of the software. In addition to quick scans and full scans, you can configure a custom scan to scan specific portions of a computer. Custom scans always begin with a quick scan.
If Windows Defender finds potentially unwanted software, it will display a warning.
Most of the time, the user should simply choose to remove all the potentially unwanted software. However, Windows 7 will display four options for each item detected:
- Ignore Allows the software to be installed or run on your computer. If the software is still running during the next scan, or if the software tries to change security-related settings on your computer, Windows Defender will alert you about this software again.
- Quarantine When Windows Defender quarantines software, it moves it to another location on your computer, and then prevents the software from running until you choose to restore it or remove it from your computer.
- Remove Deletes the software from your computer.
- Always Allow Adds the software to the Windows Defender allowed list and allows it to run on your computer. Windows Defender will stop alerting you to actions taken by the program. Add software to the allowed list only if you trust the software and the software publisher.
For more information about malware infections, read the section titled "How to Troubleshoot Problems with Unwanted Software" later in this tutorial.
In this tutorial:
- Windows 7 Client Protection
- Understanding the Risk of Malware
- User Account Control in Windows 7
- UAC for Standard Users
- UAC for Administrators
- UAC User Interface
- Secure Desktop
- How Windows Determines Whether an Application Needs Administrative Privileges
- How to Control UAC Using Application Properties
- How UAC Examines the Application Manifest
- UAC Heuristics
- UAC Virtualization
- UAC and Startup Programs
- Compatibility Problems with UAC
- How to Configure UAC
- Group Policy Settings
- Control Panel
- Msconfig.exe
- How to Configure Auditing for Privilege Elevation
- Other UAC Event Logs
- Best Practices for Using UAC
- AppLocker
- AppLocker Rule Types
- Auditing AppLocker Rules
- DLL Rules
- Custom Error Messages
- Using AppLocker with Windows PowerShell
- Using Windows 7 Defender
- Understanding Windows Defender
- Automatic Scanning
- Real-Time Protection
- Windows Defender Alert Levels
- Understanding Microsoft SpyNet
- Configuring Windows Defender Group Policy
- Configuring Windows Defender on a Single Computer
- How to Determine Whether a Computer Is Infected with Spyware
- Best Practices for Using Windows Defender
- How to Troubleshoot Problems with Unwanted Software
- Network Access Protection
- Forefront