Windows 10’s built-in security software often beats paid antivirus programs in independent tests. It recently got 100 percent from the AV-Test Security Research Lab and is probably all you need now to protect your PC from malware.
Now called Microsoft Defender (rather than Windows Defender), it’s a deceptively simple set of tools that mostly works in the background. However, delve into Defender’s settings and you will find powerful features that can increase your PC’s protection against the latest threats. We will explain how to unlock them.
1. Detect and remove hidden malware
By default, Microsoft Defender’s Antivirus component runs a quick system scan every day. Check only the folders where threats are most commonly found.
To run a scan manually, go to Settings> Update & Security> Windows Security or type security in the Start menu search bar and select the best match. Select Virus & threat protection and click Quick Scan .
To perform a more thorough scan, click Scan Options and choose Full Scan , which checks every file and program on your PC. Alternatively, select Custom Scan , which allows you to scan specific files and folders for malware.
If you suspect your system is infected but the other scans find nothing, select Microsoft Defender Offline Scan . This targets hard-to-detect malware, such as rootkits.
Offline scanning works by rebooting into a safe environment to scan outside of Windows, where hidden malware cannot be run. Please save your work before choosing this option, then click Scan Now> Scan and your PC will restart.
Scanning takes up to 15 minutes. Don’t panic if the screen goes black for a few seconds, as this is normal. If malware is found, you will be prompted to remove it, but otherwise your PC will reboot into Windows once the scan is complete.
2. Protect your files from ransomware
The ransomware can cause serious problems on your PC, encrypting your files and folders and demanding payment to unlock them without any guarantee that the decryptor will work.
It’s odd then that Defender’s ransomware protection is turned off by default, presumably to prevent legitimate programs from being blocked. Fortunately, the feature is easy to enable.
On the Virus & Threat Protection screen , scroll down to Ransomware Protection and click Manage Ransomware Protection .
Click the toggle under Controlled Folder Access to enable the option. This will protect your Pictures, Documents, Videos, Music and Desktop folders, but you can integrate them by clicking Protected Folders , then Add a Protected Folder .
You can’t unprotect preselected folders, but you can allow specific programs to access them by clicking Allow an app via controlled folder access .
3. Automatically blocks the latest malware
Microsoft Defender offers real-time protection against malware by detecting and blocking known threats using constantly updated virus definitions.
It also protects your system from threats that have yet to be identified via a feature called cloud-provided protection , formerly known as Microsoft Active Protection Service (MAPS). This uploads the details of the suspicious files to Microsoft to determine if they are safe.
The feature is enabled by default, but it’s worth checking in case it’s been disabled by another security program or hidden malware. You should see a warning if this is the case.
On the Virus & threat protection screen , click Manage settings under Virus & threat protection settings and turn on cloud- provided protection if it is not already active.
You must also enable automatic sample submission to submit suspicious files to Microsoft for further analysis. It might seem like a privacy risk, but it will only automatically load program files. If a file may contain personal information, you will be asked for permission before submitting.
If Microsoft detects that a file is dangerous, it will be blocked not only on the PC but also on the systems of other Microsoft Defender users. Think it’s doing your part for the security community.
4. Block unrecognized and unwanted apps
The May 2020 update added protection against potentially unwanted programs (PUPs) to Windows Security ( in the past, blocking this junk was required using a PowerShell command) to complement its existing SmartScreen functionality.
To ensure these tools offer maximum protection, select App & Browser Control under Windows Security. Click Enable in the Protection based on reputation, if required, then click on the Security Settings based on reputation .
The Check apps and files option uses Microsoft Defender SmartScreen to stop unrecognized and unreliable programs running on your PC. While it sometimes blocks legitimate software (which you can choose to run anyway), it should be enabled. However, unless you are using Edge, the second SmartScreen option can be disabled.
Under Block potentially unwanted apps, make sure Block apps and Block downloads are both checked to prevent bundled junk from being installed along with other software.
5. Configure the Defender firewall settings
Windows Defender Firewall automatically blocks inbound and outbound security threats, provided it is configured correctly. Click on Firewall and Network Protection in Windows Security and make sure the Domain , Private and Public options are all turned on.
The firewall uses “rules” under which all Internet traffic is checked. To define your own rules, click Advanced Settings and select Inbound Rules to control incoming data to your PC or Outbound Rules to manage outgoing data to the network and the Internet.
You can block specific ports to protect yourself from risky types of web traffic, such as port 21, which handles file transfers (FTP):
- Select Inbound Rules and, in the right sidebar, click New Rule .
- In the New Inbound Rule Wizard, select Port and click Next .
- Enter 21 in the Specific local ports box and click Next .
- On the next screen, select Block the connection and click Next twice.
- Name the rule such as Block incoming file transfers and click Done to apply it.
If you have a problem with a rule you’ve created, select it and choose Disable rule or Delete .
6. Access Defender’s advanced settings with ConfigureDefender
Microsoft Defender has a lot of advanced settings that you can’t access through Windows Security but that you need to unlock via complicated PowerShell commands. This is where ConfigureDefender comes in handy.
This free tool provides a graphical user interface for all Defender settings, giving you complete control over your system’s security. You can easily enable and disable all the options you want, from basic settings like scanning all downloads and attachments to advanced tweaks like blocking macros and potentially dangerous Office programs on USB sticks.
ConfigureDefender is very easy to use, with one-click options that apply default , high, or maximum protection to Microsoft Defender. You will need to restart your PC for the changes to take effect.
Strengthen Microsoft Defender’s defenses
While you can let Microsoft Defender do its job without changing any settings, there are clear benefits to enabling options that are off by default. This will not only increase your protection against the latest threats, but it means you can tailor your security to suit your needs.
Of course, you don’t have to stick with Windows 10’s built-in software if you’d rather trust a different company to defend your PC. There are many other reliable and free security suites for Windows that are worth considering.
Read the full article: 6 simple ways to increase security in Microsoft Defender and Windows 10
Source : Use