Real-Time Protection

Windows Defender in Windows 7 includes real-time protection with greatly improved performance. Real-time protection can alert you when software attempts to install itself or run on your computer. Depending on the alert level, users can choose to remove, quarantine, ignore, or always allow the application, just as if the problem were encountered during a scan.

If potentially unwanted software is allowed to run on your computer, it sometimes attempts to make changes to system settings so that it will run automatically the next time you start your computer. Of course, legitimate software also makes similar changes, so it's up to the user to determine whether the change should be allowed. If Windows Defender real-time protection detects software attempting to make a change to important Windows settings, the user will be prompted to Permit (allow the change) or Deny (block the change).

Whereas Windows Defender in Windows Vista included a large number of real-time security agents, Windows 7 reduces the number of agents to two. This improves performance while providing similar levels of security. The two agents are:

• Downloaded Files And Attachments Monitors files and programs that are designed to work with Web browsers, such as ActiveX controls and software installation programs. These files can be downloaded, installed, or run by the browser itself. Unwanted software is often included with these files and installed without the user's knowledge.
• Programs That Run On Your Computer Monitors when programs start and any operations they perform while running. Malware can use vulnerabilities in previously installed applications to run unwanted software without the user's knowledge. For example, spyware can run itself in the background when a user starts another frequently used application. Windows Defender monitors applications and alerts the user if suspicious activity is detected.