Windows Defender

How to View Protection History of Windows Defender Antivirus in Windows 10

Windows 10 provides the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively protecting your device by scanning for malware (malicious software), viruses, and security threats.

Windows Security uses real-time protection to scan your downloads and the programs you run on your device. Also, Windows Update downloads updates for Windows Security automatically to help keep your device safe and protect it from threats.

Virus & threat protection in Windows Security helps you scan for threats on your device. You can also run different types of scans, see the results of your previous virus and threat scans, and get the latest protection offered by Windows Defender Antivirus.

Protection History in Windows Security allows you to view the latest protection actions and recommendations.

Starting with Windows 10 build 18035, the Protection history experience in Windows Security has been completely revamped. The new Protection History experience still shows you detections by Windows Defender Antivirus, but it’s now updated to also give more detailed and easier to understand information about threats and available actions. Microsoft has also added Controlled folder access blocks to history, along with any blocks which are made through organizational configuration of Attack Surface Reduction Rules. If you use the Windows Defender Offline scanning tool, any detections it makes will now also show in your history. Additionally, you will see any pending recommendations (red or yellow states from throughout the app) in the history list.

This tutorial will show you how to view your threat Protection History in Windows Security for the latest threat protection actions and recommendations by Windows Defender Antivirus in Windows 10.

Read more…

How to Turn On or Off Tamper Protection for Windows Defender Antivirus in Windows 10

Starting with Windows 10 build 18305, Microsoft introduced Tamper Protection.

Tamper Protection is a new setting from Windows Defender Antivirus, available in the Windows Security app, which when on, provides additional protections against changes to key security features, including limiting changes which are not made directly through the Windows Security app.

This tutorial will show you how to turn on or off Tamper Protection for key Windows Defender Antivirus security features in Windows 10.

Read more…

How to Turn On or Off Camera and Microphone in Application Guard for Microsoft Edge in Windows 10

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Microsoft Edge running in Application Guard provides the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:
Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 build 18277, Microsoft has an additional toggle that lets users manage access to their camera and microphone while browsing using Application Guard for Microsoft Edge.

This tutorial will show you how to turn on or off allowing camera and microphone access while browsing in Windows Defender Application Guard for Microsoft Edge for all users in Windows 10 Pro and Windows 10 Enterprise.

Read more…

How to See All Current Threats in Windows Security for Windows 10

Windows 10 provides the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively protecting your device by scanning for malware (malicious software), viruses, and security threats.

Windows Security uses real-time protection to scan your downloads and the programs you run on your device. Also, Windows Update downloads updates for Windows Security automatically to help keep your device safe and protect it from threats.

Virus & threat protection in Windows Security helps you scan for threats on your device. You can also run different types of scans, see the results of your previous virus and threat scans, and get the latest protection offered by Windows Defender Antivirus.

The Current threats area lets you:

  • Scan for potentially harmful threats on your device.
  • See any threats currently on your device.
  • See threats that have been quarantined before they can affect you.
  • See anything identified as a threat that you have allowed to run on your device.
  • See the last time a scan was run on your device and how many files were scanned.
  • Run a specific type of scan.

This tutorial will show you how to see all current threats that need action in Windows Security for your Windows 10 device.

Read more…

How to Enable or Disable Bypassing SmartScreen Prompts for Sites in Microsoft Edge in Windows 10

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Screen Filter is a feature in Microsoft Edge that helps detect phishing websites. SmartScreen Filter can also help protect you from downloading or installing malware (malicious software). SmartScreen Filter helps to protect you in three ways:

  • SmartAs you browse the web, it analyses webpages and determines if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen will display a message giving you an opportunity to provide feedback and advising you to proceed with caution.
  • SmartScreen Filter checks the sites you visit against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen Filter will show you a warning notifying you that the site has been blocked for your safety.
  • SmartScreen Filter checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen Filter will warn you that the download has been blocked for your safety. SmartScreen Filter also checks the files that you download against a list of files that are well known and downloaded by many Microsoft Edge users. If the file that you’re downloading isn’t on that list, SmartScreen Filter will warn you.

By default, Windows Defender SmartScreen will allow you to “Disregard and continue” in warnings about potentially malicious websites in Microsoft Edge.

This tutorial will show you how to enable or disable bypassing Windows Defender SmartScreen warnings about potentially malicious websites in Microsoft Edge for all users in Windows 10.

Read more…

How to Add Turn On or Off Controlled Folder Access context menu Windows 10

Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

Controlled folder access in Windows Defender Security Center reviews the apps that can make changes to files in protected folders. Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked.

You can add additional folders to the list of protected folders, but you cannot alter the default list, which includes folders such as Documents, Pictures, Movies, and Desktop. Adding other folders to Controlled folder access can be handy, for example, if you don’t store files in the default Windows libraries or you’ve changed the location of the libraries away from the defaults.

This tutorial will show you how to add and remove a Turn On or Off Controlled folder access context menu for all users in Windows 10.

The “Turn On or Off Controlled folder access” context menu will be available when you right click on the Desktop. This context menu will make it easy for you to turn on or off Controlled folder access on demand as needed without having to do so through Windows Security.

Read more…

How to Add Allow App through Controlled Folder Access context menu in Windows 10

Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

When Controlled folder access is turned on, it helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you’re finding a particular app that you know and trust is being blocked by the Controlled folder access feature.

By default, Windows adds apps that it considers friendly to the allowed list – apps added automatically by Windows are not recorded in the list shown in the Windows Defender Security Center app. You shouldn’t need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.

When you add an app, you have to specify the app’s location. Only the app in that location will be permitted access to the protected folders – if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by Controlled folder access.

This tutorial will show you how to add and remove an Allow app through Controlled folder access context menu for all users in Windows 10.

You must be signed in as an administrator to add, remove, or use the “Allow app through Controlled folder access” context menu.

The “Allow app through Controlled folder access” context menu will be available when you right click or shift + right click on a .exe or .com file. When you use this context menu, it will add the app (.exe or .com file) to the list of Controlled folder access allowed apps. This will make it easy for you to add an allowed app you want on demand without having to do so through Windows Security.

Read more…

Turn On or Off Advanced Graphics in Application Guard for Microsoft Edge in Windows 10

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Microsoft Edge running in Application Guard provides the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:

  • Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
  • Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
  • Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 build 17713, Windows Defender Application Guard introduced a new user interface inside Windows Security to allow you to easily turn on or off the save data, copy and paste, print files, and advanced graphics actions in Application Guard settings. As long as devices meet the minimum requirements, these settings will appear in Windows Security.

The advanced graphics setting allows turning on or off to improve video and graphics performance with Hyper-V virtualization technology while users are browsing in Application Guard for Microsoft Edge.

This tutorial will show you how to turn on or off advanced graphics while browsing in Windows Defender Application Guard for Microsoft Edge for all users in Windows 10 Pro and Windows 10 Enterprise.

Read more…

How to Turn On or Off Printing in Application Guard for Microsoft Edge in Windows 10

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Microsoft Edge running in Application Guard provides the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:

  • Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
  • Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
  • Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 build 17713, Windows Defender Application Guard introduced a new user interface inside Windows Security to allow you to easily turn on or off the save data, copy and paste, print files, and advanced graphics actions in Application Guard settings. As long as devices meet the minimum requirements, these settings will appear in Windows Security.

The print files setting allows turning on or off users printing from Application Guard in Microsoft Edge.

This tutorial will show you how to turn on or off printing while browsing in Windows Defender Application Guard for Microsoft Edge for all users in Windows 10 Pro and Windows 10 Enterprise.

Read more…

How to Turn On or Off Copy and Paste in Application Guard for Microsoft Edge in Windows 10

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Microsoft Edge running in Application Guard provides the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:

  • Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
  • Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
  • Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 build 17713, Windows Defender Application Guard introduced a new user interface inside Windows Security to allow you to easily turn on or off the save data, copy and paste, print files, and advanced graphics actions in Application Guard settings. As long as devices meet the minimum requirements, these settings will appear in Windows Security.

The copy and paste setting allows turning on or off users to copy and paste to and from Application Guard in Microsoft Edge.

This tutorial will show you how to turn on or off copy and paste while browsing in Windows Defender Application Guard for Microsoft Edge for all users in Windows 10 Pro and Windows 10 Enterprise.

Read more…

How to Turn On or Off Save Data in Application Guard for Microsoft Edge in Windows 10

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Microsoft Edge running in Application Guard provides the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:

  • Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
  • Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
  • Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 build 17713, Windows Defender Application Guard introduced a new user interface inside Windows Security to allow you to easily turn on or off the save data, copy and paste, print files, and advanced graphics actions in Application Guard settings. As long as devices meet the minimum requirements, these settings will appear in Windows Security.

The save data setting allows turning on or off to keep any data users save while browsing in Application Guard in Microsoft Edge.

This tutorial will show you how to turn on or off save data while browsing in Windows Defender Application Guard for Microsoft Edge for all users in Windows 10 Pro and Windows 10 Enterprise.

Read more…

How to Add or Remove Protected Folders for Controlled Folder Access in Windows 10

Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

When Controlled folder access is turned on, it helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop.

You can add additional folders to be protected, but you cannot remove the default folders in the default list.

Adding other folders to Controlled folder access can be useful, for example, if you don’t store files in the default Windows libraries or you’ve changed the location of the libraries away from the defaults.

You can also add network shares and mapped drives.

This tutorial will show you how to add and remove protected folders for the Controlled folder access feature of Windows Defender Exploit Guard in Windows 10.

Read more…

How to Add or Remove Allowed Apps through Controlled Folder Access in Windows 10

Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

When Controlled folder access is turned on, it helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you’re finding a particular app that you know and trust is being blocked by the Controlled folder access feature.

By default, Windows adds apps that it considers friendly to the allowed list – apps added automatically by Windows are not recorded in the list shown in the Windows Defender Security Center app. You shouldn’t need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.

When you add an app, you have to specify the app’s location. Only the app in that location will be permitted access to the protected folders – if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by Controlled folder access.

This tutorial will show you how to add and remove if specific apps are allowed through the Controlled folder access feature of Windows Defender Exploit Guard in Windows 10.

Read more…

Enable or Disable Windows Defender Exploit Guard Controlled Folder Access in Windows 10

Starting with Windows 10 build 16232, Controlled folder access is introduced in Windows Defender Antivirus.

Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard.

Controlled folder access in Windows Defender Security Center reviews the apps that can make changes to files in protected folders. Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked.

You can add additional folders to the list of protected folders, but you cannot alter the default list, which includes folders such as Documents, Pictures, Movies, and Desktop. Adding other folders to Controlled folder access can be handy, for example, if you don’t store files in the default Windows libraries or you’ve changed the location of the libraries away from the defaults.

This tutorial will show you how to enable or disable the Controlled folder access feature of Windows Defender Exploit Guard in Windows 10.

Read more…

How to Turn On or Off Windows Defender Block Suspicious Behaviors in Windows 10

Starting with Windows 10 build 17704, you can enable a new protection setting, Block suspicious behaviors, which brings the Windows Defender Exploit Guard attack surface reduction technology to all users.

You can turn on Block suspicious behaviors to prevent behavior by an app or file that might infect your device.

This tutorial will show you how to turn on or off the Block suspicious behaviors feature of Windows Defender Exploit Guard attack surface reduction for all users in Windows 10.

Read more…

How to Enable or Disable Windows Defender Security Center in Windows 10

The Windows Defender Security Center app is a client interface on Windows 10 version 1703 and later that makes it is easier for you to view and control the security protections you choose and better understand the security features already protecting you on your Windows 10 device.

This tutorial will show you how to enable or disable the Windows Defender Security Center for all users in Windows 10.

Read more…

Enable Download to Host from Windows Defender Application Guard Microsoft Edge session

Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Microsoft Edge running in Application Guard provides the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:

  • Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
  • Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
  • Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 build 17120, the Windows Defender Application Guard (WDAG) Team has introduced new improvements for users to have a better experience. One of the items users voiced in the Feedback Hub was an inability to “download files from within WDAG” to the host. This created an inconsistent experience for Edge overall as downloaded files were stuck inside the container. In build 17120, users can now turn on a feature to download files from their WDAG Microsoft Edge browsing session onto the host file system.

After this policy (feature) is enabled, users can download files from their Windows Defender Edge session to their Downloads folder and open all files on the host. The files from Application Guard will be saved in a folder called Untrusted files nested inside the Downloads folder. This folder is created automatically when the user first downloads a file from Application Guard after enabling the policy.

This tutorial will show you how to enable or disable the ability to download files from within a Windows Defender Application Guard Microsoft Edge session to the host for all users in Windows 10 Pro and Windows 10 Enterprise.

Read more…

How to Enable or Disable Windows Defender Exploit Protection Settings in Windows 10

Starting with Windows 10 build 16232, you can now audit, configure, and manage Windows system and application exploit mitigation settings (EMET EOL) right from the Windows Defender Security Center.

Exploit protection is built into Windows 10 to help protect your device against attacks. Out of the box, your device is already set up with the protection settings that work best for most people.

Exploit protection is part of Windows Defender Exploit Guard. Exploit protection helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.

You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file as a backup and that you can deploy to other machines. When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don’t need to export a file from both the System settings and Program settings sections – either section will export all settings.

This tutorial will show you how to enable or disable the ability to change Windows Defender Exploit protection settings in Windows 10.

Read more…

How to Enable or Disable Notifications from Windows Defender Security Center in Windows 10

In Windows 10 version 1703, Microsoft introduced the Windows Defender Security Center app, which brings together common Windows security features into one app.

Windows Defender Security Center will send notifications with critical information about the health and security of your device. You can specify which informational notifications you want.

Starting with Windows 10 version 1709, you can enable the “Hide non-critical notification” or “Hide all notifications” policy.

Hide non-critical notification – If enabled, only critical notifications will show from the Windows Defender Security Center. Local users will only see critical notifications from the Windows Defender Security Center. They will not see other types of notifications, such as regular PC or device health information.

Hide all notifications – If enabled, local users will not see any notifications from the Windows Defender Security Center. This will override the Hide non-critical notification policy.

This tutorial will show you how to enable or disable notifications from the Windows Defender Security Center for all users in Windows 10.

Read more…

Hide or Show Account Protection in Windows Defender Security Center in Windows 10

Windows 10 version 1703 and later provides the latest antivirus protection with Windows Defender Security Center, which contains Windows Defender Antivirus. When you start up Windows 10 for the first time, Windows Defender Antivirus is on and actively helping to protect your device by scanning for malware (malicious software), viruses, and security threats.

Windows Defender Antivirus uses real-time protection to scan your downloads and the programs you run on your device. Also, Windows Update downloads updates for Windows Defender Antivirus automatically to help keep your device safe and protect it from threats.

Windows Defender Security Center shows you how Windows Defender Antivirus has been protecting you. It shows you when:
Your device was last scanned for threats.
Your definitions were last updated. Definitions are files that Windows Defender Antivirus uses to protect your device against the latest threats.
The Device performance and health scan was run to ensure your device is operating efficiently.

Starting with Windows 10 17093, the Account protection and Device security protection areas have been added to the Windows Defender Security Center.

Starting with Windows 10 version 1709, the Account protection area can be hidden from users of the PC. This can be useful if you don’t want them to see or have access to this area.

If you choose to hide the Account protection area, it will no longer appear on the home page of the Windows Defender Security Center app, and its icon will not be shown on the navigation bar on the side of the app.

This tutorial will show you how to hide or show the Account protection area in the Windows Defender Security Center app for all users in Windows 10.

Read more…