Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.
Windows 11, version 22H2 supports additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.
Windows has several critical processes to verify a user’s identity. The LSA is one of those processes, responsible for authenticating users and verifying Windows logins. It is responsible for handling user credentials, like passwords, and tokens used to provide single sign-on to Microsoft accounts and Azure services. Attackers have developed tools and have abused Microsoft tools to take advantage of this process to steal credentials. To combat this, additional LSA protection will be enabled by default in the future for new, enterprise-joined Windows 11 devices making it significantly more difficult for attackers to steal credentials by ensuring LSA loads only trusted, signed code.
This tutorial will show you how to enable or disable Local Security Authority (LSA) protection for all users in Windows 11.
Windows Security provides built-in security options to help protect your device from malicious software attacks.
The Ransomware data recovery area is included on the Virus & threat protection page in Windows Security.
Ransomware detection notifies you when your OneDrive files have been attacked and guides you through the process of restoring your files. Ransomware is a type of malicious software (malware) designed to block access to your files until you pay money.
You can hide the Virus & threat protection page or the Ransomware data recovery area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Ransomware data recovery area on the Virus & threat protection page in Windows Security for all users in Windows 10 and Windows 11.
To help you keep your device secure, Windows Security monitors your device for security issues and provides a health report, which appears on the Device performance & health page. The Health report alerts you to common issues in four key areas and offers recommendations to remedy them.
You can hide the Device performance & health area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Device performance & health page in Windows Security for all users in Windows 10 and Windows 11.
Windows Security provides built-in security options to help protect your device from malicious software attacks.
The Account protection page in Windows Security allows you to access sign-in options and account settings, including Windows Hello and dynamic lock.
You can hide the Device security area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Account protection page in Windows Security for all users in Windows 10 and Windows 11.
Windows Security provides built-in security options to help protect your device from malicious software attacks.
Firewall & network protection in Windows Security lets you view the status of Microsoft Defender Firewall and see what networks your device is connected to. You can turn Microsoft Defender Firewall on or off and access advanced Microsoft Defender Firewall options for the following network types:
You can hide the Firewall & network protection area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Firewall & network protection page in Windows Security for all users in Windows 10 and Windows 11.
Windows Security provides built-in security options to help protect your device from malicious software attacks.
App & browser control in Windows Security provides the settings for Microsoft Defender SmartScreen, which helps protect your device from potentially dangerous apps, files, websites, and downloads.
App & browser control includes the following features:
You can hide the App & browser control area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the App & browser control page in Windows Security for all users in Windows 10 and Windows 11.
Windows Security provides built-in security options to help protect your device from malicious software attacks.
The Family options feature in Windows Security provides you with easy access to tools to manage your children’s digital life. Use Family options to help keep your children’s devices clean and up to date with the latest version of Windows 10/11 and to protect your kids when they’re online.
You can hide the Family options area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Device security page in Windows Security for all users in Windows 10 and Windows 11.
Windows Security provides built-in security options to help protect your device from malicious software attacks.
What you see on the Device security page in Windows Security may vary depending upon what your hardware supports:
You can hide the Device security area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Device security page in Windows Security for all users in Windows 10 and Windows 11.
Windows Security is built-in to Windows 10/11 and includes an antivirus program called Microsoft Defender Antivirus. Your device will be actively protected from the moment you start Windows 10/11. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.
The Virus & threat protection section in Windows Security contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products. This section also contains information and settings for ransomware protection and recovery. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there’s a ransomware attack.
You can hide the Virus & threat protection section or the Ransomware protection area from users of the machine. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Virus & threat protection area in Windows Security for all users in Windows 10 and Windows 11.
The Notifications page of Windows Security settings lets you configure what kind of notifications you want to receive.
The Account protection notifications below can notify you if there are issues with your Windows Hello or Dynamic Lock, such as bad lighting making it difficult for Hello to recognize you, or your mobile device not being found to activate Device Lock.
This tutorial will show you how to enable or disable account protection notifications from Windows Security in Windows 10 and Windows 11.
The Notifications page of Windows Security settings lets you configure what kind of notifications you want to receive.
The Virus & threat protection notifications below are purely informational and none of them require immediate action from you. You’ll always receive notifications when there’s a problem that requires immediate action. The settings on this page simply let you specify whether you want to know things such as that a threat was successfully blocked, or that a malware scan completed uneventfully.
In some cases, it may not be appropriate to show these non-critical notifications, for example, if you want to hide regular status updates. You can hide notifications that describe regular events related to the health and security of the device. These notifications are the ones that don’t require any action.
This tutorial will show you how to enable or disable non-critical virus & threat protection notifications from Windows Security in Windows 10 and Windows 11.
The Security providers page in Windows Security provides you a list of all antivirus, firewall, and web protection security providers that are running on your device and registered with Windows Security. Here you can easily open the providers’ apps, or get more information on how to resolve any issue that they have reported to you in Windows Security.
This tutorial will show you how to view all security providers running on your Windows 11 device in the Windows Security app.
Starting with Windows 10 (KB5018482) and Windows 11 (KB5018483 and KB5018496), the Microsoft Vulnerable Driver Blocklist is enabled by default.
The vulnerable driver blocklist is also enforced when either memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode is active. Users can opt in to HVCI using the Windows Security app, and HVCI is on by-default for most new Windows 11 devices.
The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
This tutorial will show you how to turn on or off the Microsoft Vulnerable Driver Blocklist for all users in Windows 10 and Windows 11.
Windows Security is built-in to Windows 11 and includes an antivirus program called Microsoft Defender Antivirus. Your device will be actively protected from the moment you start Windows 11. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.
Windows Security is your home to view and manage the security and health of your device.
The Windows Security notification icon shows on the taskbar system tray by default.
This tutorial will show you how to add or remove the Windows Security notification icon on the taskbar for your account or all users in Windows 11.
The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.
Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.
This tutorial will show you how to manually clear Windows Security protection history in Windows 10 and Windows 11.
The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.
Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.
You can change the number of days to keep items in the scan history folder. After this time, Microsoft Defender removes the items. If you specify a value of zero, Microsoft Defender does not remove items.
This tutorial will show you how to change how many days to automatically clear Windows Security protection history in Windows 10 and Windows 11.
The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.
Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.
This tutorial will show you how to view the protection history of Microsoft Defender Antivirus in Windows Security in Windows 11.
Windows Security is built-in to Windows 11 and includes an antivirus program called Microsoft Defender Antivirus. Your device will be actively protected from the moment you start Windows 11. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.
Windows Security is your home to view and manage the security and health of your device.
If Windows Security is crashing or not opening, you can reset the Windows Security app to hopefully fix it.
This tutorial will show you how to reset the Windows Security app for your account or all users in Windows 11.
To help you keep your device secure, Windows Security monitors your device for security issues and provides a health report, which appears on the Device performance & health page. The Health report alerts you to common issues in four key areas and offers recommendations to remedy them.
The Health report starts off by showing you the last time a Device Health scan was run. The time displayed should be basically the current time, as Windows Security tries to run a Device Health scan when you open the Device performance & health page.
Beyond the time of last scan you’ll see the status of the key areas that Device Health monitors:
This tutorial will show you how to check your device performance and health report in Windows 11.
Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.
Memory integrity, also known as Hypervisor-protected Code Integrity (HVCI) is a Windows security feature that makes it difficult for malicious programs to use low-level drivers to hijack your computer.
A driver is a piece of software that lets the operating system (Windows in this case) and a device (like a keyboard or a webcam, for two examples) talk to each other. When the device wants Windows to do something it uses the driver to send that request.
Memory integrity works by creating an isolated environment using hardware virtualization.
In most cases memory integrity is on by default in Windows 11.
This tutorial will show you how to turn on or off core isolation memory integrity in Windows 11.