Windows Security – Windows Blog by Brink

Windows Security

Enable or Disable Local Security Authority (LSA) Protection in Windows 11

Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.

Windows 11, version 22H2 supports additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.

Windows has several critical processes to verify a user’s identity. The LSA is one of those processes, responsible for authenticating users and verifying Windows logins. It is responsible for handling user credentials, like passwords, and tokens used to provide single sign-on to Microsoft accounts and Azure services. Attackers have developed tools and have abused Microsoft tools to take advantage of this process to steal credentials. To combat this, additional LSA protection will be enabled by default in the future for new, enterprise-joined Windows 11 devices making it significantly more difficult for attackers to steal credentials by ensuring LSA loads only trusted, signed code.

This tutorial will show you how to enable or disable Local Security Authority (LSA) protection for all users in Windows 11.

Read more…

Hide or Show Ransomware Data Recovery area in Windows Security

Windows Security provides built-in security options to help protect your device from malicious software attacks.

The Ransomware data recovery area is included on the Virus & threat protection page in Windows Security.

Ransomware detection notifies you when your OneDrive files have been attacked and guides you through the process of restoring your files. Ransomware is a type of malicious software (malware) designed to block access to your files until you pay money.

You can hide the¬†Virus & threat protection¬†page or the¬†Ransomware data recovery¬†area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.

This tutorial will show you how to hide or show the Ransomware data recovery area on the Virus & threat protection page in Windows Security for all users in Windows 10 and Windows 11.

Read more…

Hide or Show Device Performance and Health page in Windows Security

To help you keep your device secure, Windows Security monitors your device for security issues and provides a health report, which appears on the Device performance & health page. The Health report alerts you to common issues in four key areas and offers recommendations to remedy them.

You can hide the¬†Device performance & health¬†area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.

This tutorial will show you how to hide or show the Device performance & health page in Windows Security for all users in Windows 10 and Windows 11.

Read more…

Hide or Show Firewall and Network Protection page in Windows Security

Windows Security provides built-in security options to help protect your device from malicious software attacks.

Firewall & network protection in Windows Security lets you view the status of Microsoft Defender Firewall and see what networks your device is connected to. You can turn Microsoft Defender Firewall on or off and access advanced Microsoft Defender Firewall options for the following network types:

  • Domain (workplace) networks
  • Private (discoverable) networks
  • Public (non-discoverable) networks

You can hide the¬†Firewall & network protection¬†area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.

This tutorial will show you how to hide or show the Firewall & network protection page in Windows Security for all users in Windows 10 and Windows 11.

Read more…

Hide or Show App and Browser Control page in Windows Security

Windows Security provides built-in security options to help protect your device from malicious software attacks.

App & browser control in Windows Security provides the settings for Microsoft Defender SmartScreen, which helps protect your device from potentially dangerous apps, files, websites, and downloads.

App & browser control includes the following features:

  • Smart App Control¬†provides enhanced protection from untrusted apps in Windows 11.
  • Reputation-based protection¬†leverages what Microsoft knows about various sites, services, and publishers, as well as threats we’ve seen in action to help protect you from malicious or¬†potentially unwanted apps,¬†files, or¬†websites.
  • Isolated browsing¬†is for¬†Microsoft Defender Application Guard for Edge¬†that can help to protect you against untrusted and potentially dangerous sites by opening them in a virtualized container, isolated from your important files and folders.
  • Exploit protection¬†is already running and protecting your device, and your device is set up with the protection settings that work best for most people. However, you can always customize the settings for your device and the programs you run. If you manage devices and programs in an organization, you can use the export feature to share customized exploit protection settings across all of the devices in your organization.

You can hide the¬†App & browser control¬†area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.

This tutorial will show you how to hide or show the App & browser control page in Windows Security for all users in Windows 10 and Windows 11.

Read more…

Hide or Show Family Options page in Windows Security

Windows Security provides built-in security options to help protect your device from malicious software attacks.

The Family options feature in Windows Security provides you with easy access to tools to manage your children’s digital life. Use Family options to help keep your children’s devices clean and up to date with the latest version of Windows 10/11 and to protect your kids when they’re online.

You can hide the¬†Family options¬†area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.

This tutorial will show you how to hide or show the Device security page in Windows Security for all users in Windows 10 and Windows 11.

Read more…

Hide or Show Device Security page in Windows Security

Windows Security provides built-in security options to help protect your device from malicious software attacks.

What you see on the Device security page in Windows Security may vary depending upon what your hardware supports:

  • Core isolation¬†provides added protection against malware and other attacks by isolating computer processes from your operating system and device.
  • Your¬†security processor, called the¬†trusted platform module (TPM), provides additional encryption for your device.
  • Secure boot¬†prevents a sophisticated and dangerous type of malware‚ÄĒa¬†rootkit‚ÄĒfrom loading when you start your device. Rootkits use the same permissions as the operating system and start before it, which means they can completely hide themselves. Rootkits are often part of an entire suite of malware that can bypass local logins, record passwords and keystrokes, transfer private files, and capture cryptographic data.
  • Data encryption¬†helps protect your data from unauthorized access in case your device is lost or stolen.

You can hide the¬†Device security¬†area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.

This tutorial will show you how to hide or show the Device security page in Windows Security for all users in Windows 10 and Windows 11.

Read more…

Hide or Show Virus and Threat Protection page in Windows Security

Windows Security is built-in to Windows 10/11 and includes an antivirus program called Microsoft Defender Antivirus. Your device will be actively protected from the moment you start Windows 10/11. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.

The¬†Virus & threat protection¬†section in Windows Security contains information and settings for antivirus protection from¬†Microsoft Defender Antivirus¬†and third-party AV products. This section also contains information and settings for ransomware protection and recovery. These settings include¬†Controlled folder access¬†settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there’s a ransomware attack.

You can hide the¬†Virus & threat protection¬†section or the¬†Ransomware protection¬†area from users of the machine. This option can be useful if you don’t want users to see or have access to user-configured options for these features.

This tutorial will show you how to hide or show the Virus & threat protection area in Windows Security for all users in Windows 10 and Windows 11.

Enable or Disable Windows Security Account Protection Notifications

The Notifications page of Windows Security settings lets you configure what kind of notifications you want to receive.

The Account protection notifications below can notify you if there are issues with your Windows Hello or Dynamic Lock, such as bad lighting making it difficult for Hello to recognize you, or your mobile device not being found to activate Device Lock.

  • Problems with Windows Hello
  • Problems with Dynamic lock

This tutorial will show you how to enable or disable account protection notifications from Windows Security in Windows 10 and Windows 11.

Read more…

Enable or Disable Windows Security Virus and Threat Protection Notifications

The Notifications page of Windows Security settings lets you configure what kind of notifications you want to receive.

The¬†Virus & threat protection¬†notifications below are purely informational and none of them require immediate action from you. You’ll always receive notifications when there’s a problem that requires immediate action. The settings on this page simply let you specify whether you want to know things such as that a threat was successfully blocked, or that a malware scan completed uneventfully.

  • Recent activity and scan results
  • Threats found, but no immediate action is needed
  • Files or activities are blocked

In some cases, it may not be appropriate to show these non-critical notifications, for example, if you want to hide regular status updates. You can hide notifications that describe regular events related to the health and security of the device. These notifications are the ones that don’t require any action.

This tutorial will show you how to enable or disable non-critical virus & threat protection notifications from Windows Security in Windows 10 and Windows 11.

Read more…

View Security Providers in Windows Security in Windows 11

The Security providers page in Windows Security provides you a list of all antivirus, firewall, and web protection security providers that are running on your device and registered with Windows Security. Here you can easily open the providers’ apps, or get more information on how to resolve any issue that they have reported to you in Windows Security.

This tutorial will show you how to view all security providers running on your Windows 11 device in the Windows Security app.

Read more…

Enable or Disable Microsoft Vulnerable Driver Blocklist in Windows 11

Starting with Windows 10 (KB5018482) and Windows 11 (KB5018483 and KB5018496), the Microsoft Vulnerable Driver Blocklist is enabled by default.

The vulnerable driver blocklist is also enforced when either memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode is active. Users can opt in to HVCI using the Windows Security app, and HVCI is on by-default for most new Windows 11 devices.

The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:

  • Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
  • Malicious behaviors (malware) or certificates used to sign malware
  • Behaviors that aren’t malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel

This tutorial will show you how to turn on or off the Microsoft Vulnerable Driver Blocklist for all users in Windows 10 and Windows 11.

Read more…

Add or Remove Windows Security Notification Icon in Windows 11

Windows Security is built-in to Windows 11 and includes an antivirus program called Microsoft Defender Antivirus. Your device will be actively protected from the moment you start Windows 11. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.

Windows Security is your home to view and manage the security and health of your device.

The Windows Security notification icon shows on the taskbar system tray by default.

This tutorial will show you how to add or remove the Windows Security notification icon on the taskbar for your account or all users in Windows 11.

Read more…

Clear Windows Security Protection History in Windows 11

The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.

Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.

This tutorial will show you how to manually clear Windows Security protection history in Windows 10 and Windows 11.

Read more…

Change Time to Clear Windows Security Protection History in Windows 11

The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.

Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.

You can change the number of days to keep items in the scan history folder. After this time, Microsoft Defender removes the items. If you specify a value of zero, Microsoft Defender does not remove items.

This tutorial will show you how to change how many days to automatically clear Windows Security protection history in Windows 10 and Windows 11.

Read more…

View Windows Security Protection History in Windows 11

The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.

Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.

This tutorial will show you how to view the protection history of Microsoft Defender Antivirus in Windows Security in Windows 11.

Read more…

Reset Windows Security app in Windows 11

Windows Security is built-in to Windows 11 and includes an antivirus program called Microsoft Defender Antivirus. Your device will be actively protected from the moment you start Windows 11. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats.

Windows Security is your home to view and manage the security and health of your device.

If Windows Security is crashing or not opening, you can reset the Windows Security app to hopefully fix it.

This tutorial will show you how to reset the Windows Security app for your account or all users in Windows 11.

Read more…

Check Health Report in Windows 11

To help you keep your device secure, Windows Security monitors your device for security issues and provides a health report, which appears on the Device performance & health page. The Health report alerts you to common issues in four key areas and offers recommendations to remedy them.

The Health report starts off by showing you the last time a Device Health scan was run. The time displayed should be basically the current time, as Windows Security tries to run a Device Health scan when you open the Device performance & health page.

Beyond the time of last scan you’ll see the status of the key areas that Device Health monitors:

  • Storage capacity¬†– Is your system running low on disk space?
  • Apps and software¬†– Is any of your software failing, or in need of an update?
  • Battery life¬†– Is anything putting an extra strain on your PC’s battery?¬†You might not see this on on a desktop PC that is always plugged in.
  • Windows Time service¬†– Having your system set to the correct time is important for a lot of system processes. Windows Time service automatically synchronizes your system clock to an internet-based time service so your system time is always correct. If this service is off, or failing, Device performance & health will let you know so you can fix it.

This tutorial will show you how to check your device performance and health report in Windows 11.

Read more…

Enable or Disable Core Isolation Memory Integrity in Windows 11

Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.

Memory integrity, also known as Hypervisor-protected Code Integrity (HVCI) is a Windows security feature that makes it difficult for malicious programs to use low-level drivers to hijack your computer.

A driver is a piece of software that lets the operating system (Windows in this case) and a device (like a keyboard or a webcam, for two examples) talk to each other. When the device wants Windows to do something it uses the driver to send that request.

Memory integrity works by creating an isolated environment using hardware virtualization.

In most cases memory integrity is on by default in Windows 11.

This tutorial will show you how to turn on or off core isolation memory integrity in Windows 11.

Read more…