Microsoft Defender – Windows Blog by Brink

Microsoft Defender

Add or Remove Exclusions for Microsoft Defender Antivirus in Windows 11

Windows Security is built-in to Windows 11 and includes an antivirus program called Microsoft Defender Antivirus. Your device will be actively protected from the moment you start Windows 11. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.

If you trust a file, file type, folder, or a process that Windows Security has detected as malicious, you can stop Windows Security from alerting you or blocking the program by adding the file to the exclusions list.

This tutorial will show you how to add or remove exclusions for Microsoft Defender Antivirus for Windows Security in Windows 10 and Windows 11.

Read more…

Clear Windows Security Protection History in Windows 11

The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.

Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.

This tutorial will show you how to manually clear Windows Security protection history in Windows 10 and Windows 11.

Read more…

Change Time to Clear Windows Security Protection History in Windows 11

The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.

Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.

You can change the number of days to keep items in the scan history folder. After this time, Microsoft Defender removes the items. If you specify a value of zero, Microsoft Defender does not remove items.

This tutorial will show you how to change how many days to automatically clear Windows Security protection history in Windows 10 and Windows 11.

Read more…

View Windows Security Protection History in Windows 11

The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.

Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.

This tutorial will show you how to view the protection history of Microsoft Defender Antivirus in Windows Security in Windows 11.

Read more…

Enable or Disable Microsoft Defender PUA Protection in Windows 11

Potentially unwanted apps (PUA)¬†aren’t malware, but they might display advertising, use your PC for cryptomining, or do other things you’d prefer they not do. Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which may be more harmful or annoying.

Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user.

This tutorial will show you how to enable or disable Microsoft Defender Antivirus Potentially unwanted applications (PUA) protection in Windows 11.

Read more…

Enable or Disable Microsoft Defender SmartScreen for Microsoft Edge in Windows 11

Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.

Microsoft Defender SmartScreen helps protect your device from malicious sites and downloads while you browse the web in Microsoft Edge.

You can turn on or off Microsoft Defender SmartScreen for Microsoft Edge if wanted in Windows 11.

On = Warns users that sites and downloads are potentially dangerous but allows the action to continue while running in Microsoft Edge.

Off¬†= Turns off Microsoft Defender SmartScreen, so a user isn’t alerted or stopped from downloading potentially malicious apps and files.

Microsoft Defender SmartScreen determines whether a site is potentially malicious by:

  • Analyzing visited webpages for indications of suspicious behavior.
  • Checking the visited sites against a dynamic record of¬†reported¬†phishing sites.

If Microsoft Defender SmartScreen determines that a page is malicious, it will show a warning page to notify the user that that site is reported as unsafe. The next screenshot shows an example of a Microsoft Defender SmartScreen warning page when a user tries to open a malicious website.

This tutorial will show you how to turn on or off Microsoft Defender SmartScreen for Microsoft Edge for your account in Windows 11.

Read more…

Enable or Disable Microsoft Defender SmartScreen for Microsoft Store Apps in Windows 11

Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.

By default, Microsoft Defender SmartScreen protects your device by checking web content that Microsoft Store apps use.

You can turn on or off Microsoft Defender SmartScreen for Microsoft Store apps in Windows 11.

On = Warns users that the sites and downloads used by Microsoft Store apps are potentially dangerous but allows the action to continue.

Off¬†= Turns off Microsoft Defender SmartScreen, so a user isn’t alerted or stopped from visiting sites or from downloading potentially malicious apps and files.

This tutorial will show you how to turn on or off Microsoft Defender SmartScreen for Microsoft Store apps for your account in Windows 11.

Read more…

 

Enable or Disable Microsoft Defender SmartScreen Check Apps and Files from Web in Windows 11

Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.

By default, Microsoft Defender SmartScreen helps protect your device by checking for unrecognized apps and files from the web.

  • On¬†= Warns users that the apps and files being downloaded from the web are potentially dangerous but allows the action to continue.
  • Off¬†= Turns off Microsoft Defender SmartScreen, so a user isn’t alerted or stopped from downloading potentially malicious apps and files.

This tutorial will show you how to enable or disable Microsoft Defender SmartScreen Check apps and files from the web in Windows 11.

Read more…

Enable or Disable Microsoft Defender SmartScreen Phishing Protection in Windows 11

Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.

Starting with Windows 11 build 22593, Microsoft is introducing two powerful new features that strike against the most common cyberattack techniques: phishing and targeted malware. New in Windows 11 is enhanced phishing detection and protection built into Windows with Microsoft Defender SmartScreen. This new feature will help protect users from phishing attacks by identifying and alerting users when they are entering their Microsoft credentials into a malicious application or hacked website. Smart App Control uses code signing alongside Microsoft’s powerful artificial intelligence models to ensure that only trusted applications are run, blocking one of the largest attack vectors on Windows by-default.

This tutorial will show you how to turn on or off Microsoft Defender SmartScreen Phishing protection in Windows 11.

 

Manually Scan with Microsoft Defender Antivirus in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Real-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.

Sometimes you may need to manually scan with Microsoft Defender Antivirus.

This tutorial will show you different ways to manually scan files, folders, and drives on demand with Microsoft Defender Antivirus in Windows 10 and Windows 11.

Read more…

Run Microsoft Defender Offline Scan in Windows 11

Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).

You can use Microsoft Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak.

This tutorial will show you how to manually run a Microsoft Defender Offline scan of your PC in Windows 10 and Windows 11.

Read more…

Add or Remove Allowed Apps for Controlled Folder Access in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. In a ransomware attack, your files can get encrypted and held hostage.

Controlled folder access protects your data by checking apps against a list of known, trusted apps. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder.

Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.

Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the list are prevented from making any changes to files inside protected folders.

By default, Windows adds apps that are considered friendly to the allowed list. Such apps that are added automatically are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. You shouldn’t need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.

Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked.

You can specify if certain apps are always considered safe and give write access to files in protected folders. Allowing apps can be useful if a particular app you know and trust is being blocked by the controlled folder access feature.

When you add an app, you have to specify the app’s full path location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allow list and may be blocked by controlled folder access.

An allowed application only has write access to a controlled folder after it starts. For example, an app will continue to trigger events after it’s allowed until it is stopped and restarted.

This tutorial will show you how to add and remove allowed apps for Controlled Folder Access in Microsoft Defender Antivirus in Windows 11.

Read more…

Add or Remove Protected Folders for Controlled Folder Access in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. In a ransomware attack, your files can get encrypted and held hostage.

Controlled folder access protects your data by checking apps against a list of known, trusted apps. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder.

Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.

Windows system folders are protected by default, along with several other folders:

  • C:\Users\<username>\Documents
  • C:\Users\Public\Documents
  • C:\Users\<username>\Pictures
  • C:\Users\Public\Pictures
  • C:\Users\Public\Videos
  • C:\Users\<username>\Videos
  • C:\Users\<username>\Music
  • C:\Users\Public\Music
  • C:\Users\<username>\Favorites

You can add other folders to be protected, but you cannot remove the default folders above in the default list. You can specify folders, drives, network shares, and mapped drives. Environment variables and wildcards are supported.

This tutorial will show you how to add and remove protected folders for Controlled Folder Access in Microsoft Defender Antivirus in Windows 11.

Read more…

Enable or Disable Controlled Folder Access for Microsoft Defender Antivirus in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. In a ransomware attack, your files can get encrypted and held hostage.

Controlled folder access protects your data by checking apps against a list of known, trusted apps. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder.

Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.

Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the list are prevented from making any changes to files inside protected folders.

Apps are added to the list based upon their prevalence and reputation. Apps that are highly prevalent and that have never displayed any behavior deemed malicious are considered trustworthy. Those apps are added to the list automatically. You can also manually allow apps to give them access to the protected folders.

This tutorial will show you how to enable or disable Controlled Folder Access for Microsoft Defender Antivirus in Windows 11.

Read more…

Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Cloud-delivered protection and automatic sample submission work together with Microsoft Defender Antivirus to help protect against new and emerging threats.

If a suspicious or malicious file is detected, a sample is sent to the cloud service for analysis while Microsoft Defender Antivirus blocks the file. As soon as a determination is made, which happens quickly, the file is either released or blocked by Microsoft Defender Antivirus.

In the event Microsoft Defender Antivirus cannot make a clear determination, file metadata is sent to the cloud protection service. Often within milliseconds, the cloud protection service can determine based on the metadata as to whether the file is malicious or not a threat.

After examining the metadata, if Microsoft Defender Antivirus cloud protection cannot reach a conclusive verdict, it can request a sample of the file for further inspection. This request honors the settings configuration for sample submission:

  • Send safe samples automatically(default)
    • Safe samples are samples considered to not commonly contain PII data like: .bat, .scr, .dll, .exe.
    • If file is likely to contain PII, the user will get a request to allow file sample submission.
    • This option is the default on Windows, macOS, and Linux.
  • Always Prompt
    • If configured, the user will always be prompted for consent before file submission
    • This setting isn’t available in macOS cloud protection
  • Send all samples automatically
    • If configured, all samples will be sent automatically
    • If you would like sample submission to include macros embedded in Word docs, you must choose “Send all samples automatically”
    • This setting isn’t available on macOS cloud protection
  • Do not send
    • Prevents “block at first sight” based on file sample analysis
    • “Do not send” is the equivalent to the “Disabled” setting in macOS policy
    • Metadata is sent for detections even when sample submission is disabled

This tutorial will show you how to enable or disable automatic sample submission for Microsoft Defender Antivirus in Windows 11.

Read more…

Enable or Disable Cloud-delivered Protection for Microsoft Defender Antivirus in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Cloud protection works together with Microsoft Defender Antivirus to deliver accurate, real-time, and intelligent protection. Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhance standard real-time protection. With cloud protection, next-generation technologies provide rapid identification of new threats, sometimes even before a single endpoint is infected.

This tutorial will show you how to enable or disable Cloud-delivered protection for Microsoft Defender Antivirus in Windows 11.

Read more…

Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Real-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.

While real-time protection is off, files you open or download won’t be scanned for threats.

This tutorial will show you how to enable or disable real-time protection for Microsoft Defender Antivirus in Windows 11.

Read more…

Enable or Disable Periodic Scanning in Microsoft Defender Antivirus in Windows 11

Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 or Windows 11 device.

This feature only uses a limited subset of the Microsoft Defender Antivirus capabilities to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively.

By default, Microsoft Defender Antivirus will enable itself on a Windows 10 or a Windows 11 device if there is no other antivirus product installed, or if the other product is out-of-date, expired, or not working correctly.

If Microsoft Defender Antivirus is enabled, the usual options will appear to configure it on that device.

If another antivirus product is installed, registered, and working correctly, Microsoft Defender Antivirus will disable itself. The¬†Windows Security¬†app will change the¬†Virus & threat protection¬†section to show status about the AV product, and provide a link to the product’s configuration options.

Underneath any third party AV products, a new link will appear as Microsoft Defender Antivirus options. Clicking this link will expand to show the toggle that enables limited periodic scanning. Note that the limited periodic option is a toggle to enable or disable periodic scanning.

Sliding the switch to On will show the standard Microsoft Defender AV options underneath the third party AV product. The limited periodic scanning option will appear at the bottom of the page.

This tutorial will show you how to enable or disable Periodic Scanning in Microsoft Defender Antivirus when you have a 3rd party antivirus program installed in Windows 11.

Read more…

Turn On or Off Tamper Protection for Microsoft Defender Antivirus in Windows 11

Tamper Protection¬†in Windows Security helps prevent malicious apps from changing important Microsoft Defender Antivirus settings, including real-time protection and cloud-delivered protection. If Tamper Protection is turned on and you’re an administrator on your computer, you can still change these settings in the¬†Windows Security¬†app. However, other apps can’t change these settings.

Tamper Protection doesn’t affect how third-party antivirus apps work or how they register with Windows Security.

Tamper Protection is turned on by default. If you turn off Tamper Protection, you will see a yellow warning in the Windows Security app under Virus & threat protection.

This tutorial will show you how to turn on or off Tamper Protection for Microsoft Defender Antivirus settings in Windows 11.

Read more…