Windows 7 / Security and Privacy

Best Practices for Using Windows Defender

To receive the security benefits of Windows Defender while minimizing the costs, follow these best practices:

  • Teach users how malware works and the problems that malware can cause. In particular, focus on teaching users to avoid being tricked into installing malware by social engineering attacks.
  • Before deploying Windows 7, test all applications with Windows Defender enabled to ensure that Windows Defender does not alert users to normal changes the application might make. If a legitimate application does cause warnings, add the application to the Windows Defender allowed list.
  • Change the scheduled scan time to meet the needs of your business. By default, Windows Defender scans at 2 A.M. If third-shift staff uses computers overnight, you might want to find a better time to perform the scan. If users turn off their computers when they are not in the office, you should schedule the scan to occur during the day. Although the automatic quick scan can slow computer performance, it typically takes fewer than 10 minutes, and users can continue working. Any performance cost typically is outweighed by the security benefits.
  • Use WSUS to manage and distribute signature updates.
  • Use antivirus software with Windows Defender. Alternatively, you might disable Windows Defender completely and use client security software that provides both antispyware and antivirus functionality.
  • Do not deploy Windows Defender in enterprises. Instead, use Microsoft Forefront or a third-party client security suite that can be managed more easily in enterprise environments.
[Previous] [Contents] [Next]