Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

Configuring Windows Defender Security Center in Windows 10

/
/
Security

In my last article, Is Microsoft Windows Defender Sufficient to Protect Home Users, or Should They Consider a Different Product?, I addressed a question that people have asked me many times. In this article, I will walk you through the configuration options for Windows Defender Security Center in Windows 10. Most people never touch Windows Defender and assume everything has been configured by Microsoft for them. However, if you use Windows 10, you need to make sure that your Windows Defender is configured properly and you know how it is protecting you.

Windows Defender Security Center is a Microsoft Store app and the easiest way to access it is to type Windows Defender in the Windows 10 Search box. The  Windows Defender Security Center consists of five different sections.

  1. Virus & threat protection
  2. Device performance & health
  3. Firewall & network protection
  4. App & browser control
  5. Family options

In this article, first I will go through the last four sections in Windows Defender that don’t usually need any configuration changes and you can simply accept the default options. Then I will focus on the Virus & threat protection. That’s the area you will visit most frequently and contains some options that may need customization.

NOTE: Future Windows 10 versions and OS builds may include additional categories, the names may change, and the categories may be consolidated in a different way in Windows Defender Security Center. Therefore, your screen may look different than what you see below.

Windows Defender Configuration Options

The Device performance and health gives you a health report, which includes the status of Windows Update, Storage capacity, Device driver, and Battery life. If everything is fine you will see a green check mark next to each item, otherwise you will have to take appropriate actions based on the issue.

Windows Defender Health Report

The Firewall and network protection ensures that your Windows Firewall is enabled and protecting your computer. You can click on each of the blue hyperlink for domain, private and public network to see more details. There are no configuration options here, based on the status displayed in this area, you may have to take certain actions.

Windows Defender Firewall Protection

The App and browser control is configured by default to warn you if the there is a problem with unknown apps or files on the Web, issues with sites you access or the files you downloads in Microsoft Edge (other browsers are not monitored). This setting is really not useful for most users because Edge is a limited browser (think of it as a mini version of Internet Explorer). I do not recommend Edge to anyone at this time for a whole lot of reasons which are off topic for this article. If you download any store apps from Microsoft, Windows Defender offers some protection by checking the Web content that the apps use.

Windows Defender App & Browser Control

There are several exploit protection settings for your system and programs. You can look at them by clicking the blue Exploit protection settings hyperlink. All the System settings are turned on by default and you should leave all the settings in this section to their default values. If you click on the Program Settings link at the top of the page,  you will see a bunch of programs listed. If you select a program, you can either edit or remove it. When you click edit there are lots of options listed there and none of those should be changed without knowing the consequences of editing them. If there is a setting that is enabled, leave it as is and do not make any changes to the settings. Simply click Cancel to get out of the screen and click the back arrow at the top of the window a couple of times to get back to the home screen of Windows Defender Security Center.

Windows Defender Program Settings

The Virus & threat protection is the area that is visited most frequently. Here you can manage all the antivirus providers. Microsoft recommends that you only use one antivirus program at a time. In this section you can also see the results of the last scan, the status of the protection updates, and you can customize virus & threat protection settings. There is also an option for Advanced scans, which allows you to manually do a Full scan, a Custom scan, or a Windows Defender Offline scan. A full scan will take a long time and will scan every file on your computer, while a custom scan can be used to specify the files and locations that should be scanned. If there is a malicious software that cannot be removed when Windows is running, you can use the Windows Defender Offline scan to remove unwanted malicious software. It will require you to restart the computer and may take up to 15 minutes.

Windows Defender Virus and Threat Protection

Click on the Virus & threat protection settings hyperlink. It is important to understand the settings available in this section. There are four options that can be turned on or off.

  1. Real-time protection
  2. Cloud-delivered protection
  3. Automatic sample submission
  4. Controlled folder access

If you install another antivirus software, such as Bitdefender or ESET, the  Windows Defender real-time protection will be managed by that software, not Windows Defender. I configure my Windows Defender settings as follows.

Dismissing Windows Defender Warning Message

If you have either the cloud-delivered protection or the automatic sample submission turned off, Windows Defender icon in the taskbar will display a yellow warning symbol. Cloud-delivered protection is good, but not necessary for Windows Defender real-time protection to work so it can keep you safe from locating and stopping malicious software on your computer. Similar to Error Reporting, automatic sample submission can help Microsoft improve the product by gathering information from users and may contain your personal information. Because I have read every word of Microsoft’s privacy statement and read privacy statements from other vendors too, I prefer not to submit error reports and samples to Microsoft, or any other vendor for various reasons. I have written several articles on this topic. If you are interested in reading them, just select the Privacy category on the left hand side of my blog, or do a search on the word “privacy.” The yellow Windows Defender warning indicator is a white shield with a yellow triangle.

Windows Defender warning indicator

An average person will see the warning and is likely to think that he/she must enable the cloud-delivered protection and automatic sample submission, which turns off the warning and displays the green indicator to let you know that Windows Defender is up to date and you are protected.

Windows Defender Okay Indicator

However, turning on the cloud-delivered protection and automatic sample submission are optional and despite the warning you are still protected. If you simply click Dismiss, it will turn off the warning under certain conditions. If you are lucky, you can enable cloud-delivered protection, but dismiss automatic sample submission and still get the green check mark on your Windows Defender icon in the taskbar. However, a future Windows Update may switch it back to the warning and you will have to go back and reverse the action to get your green check mark. The problem is that you can’t always ignore the warning. What if it is a legit warning that has nothing to do with the sample submission or cloud-delivery protection? You could be in trouble in that case. The green check mark is your insurance that Windows Defender is doing its job.

The Controlled folder access is optional and it depends on whether you want to protect files and folders from unauthorized changes by the so-called friendly applications.

The Exclusions can come handy if you have any files that you don’t want Windows Defender to scan. Now why would you want to do that? I can tell you why I want to add exclusions. As a security professional, I have tons of applications that are considered threats by most antivirus applications. These include ethical hacking tools, such as password crackers, sniffers, vulnerability scanners, protocol analyzers, wireless and Bluetooth hacking tools, etc. Although I don’t use them on my primary workstation, they are still backed up to the file server and scanned by antimalware software. By adding these tools to the exclusion list, I can prevent Windows Defender from scanning them and reporting them as threats. The easiest way to add exclusion is to add all the files you want excluded in one folder and then configure Windows Defender to ignore that folder.

The last section is Notifications. Windows Defender will always send you critical notifications. This section will allow you to configure non-critical notifications. In a domain environment, the administrator will manage this setting.

Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background.

Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar