How malware can infect your PC

These are some of the most common ways that your devices can get infected with malware.

Spam emails

Malware authors often use tricks to try to convince you to download malicious files. This can be an email with a file attached that tells you it is a receipt for a delivery, a tax refund, or an invoice for a ticket. It might say you have to open the attachment to get the items delivered to you, or to get money.

If you do open the attachment, you’ll end up installing malware on your PC.

Sometimes a malicious email will be easy to spot—it could have bad spelling and grammar, or come from an email address you’ve never seen before. However, these emails can also look like they come from a legitimate business or someone you know. Some malware can hack email accounts and use them to send malicious spam to any contacts they find.

To prevent your PC from being infected it’s a good idea to consider the following:

If you aren’t sure who sent you the email—or something doesn’t look quite right—don’t open it.

If an email says you have to update your details, don’t click on the link in the email.

Don’t open an attachment to an email that you weren’t expecting, or that was sent by someone you don’t know.

Microsoft OneDrive has built-in protection against Ransomware attacks. To learn more, see Ransomware detection and recovering your files

Infected removable drives

Many worms spread by infecting removable drives such as USB flash drives or external hard drives. The malware can be automatically installed when you connect the infected drive to your PC.

There are a couple of things you can do to avoid this type of infection:

First and foremost, be very wary of any USB device that you don’t own. If you find a USB device that was apparently lost or discarded, be reluctant to plug it into a computer with data you care about. Sometimes attackers will deliberately leave infected USB devices laying around in popular areas in hopes that somebody will find them and plug them into their computer.

If you don’t plug it in, you can’t get infected.

Second, if you do plug an unknown removable device into your computer be sure to run a security scan of it immediately.

Bundled with other software

Some malware can be installed at the same time as other programs that you download. This includes software from third-party websites or files shared through peer-to-peer networks.

Some programs will also install other software that Microsoft detects as potentially unwanted software. This can include toolbars or programs that show you extra ads as you browse the web. Usually you can opt out and not install this extra software by clearing a check box during the installation. Windows Secuity can help to protect you from potentially unwanted applications. To learn more, see Protect your PC from potentially unwanted applications.

Programs used to generate software keys (keygens) often install malware at the same time. Microsoft security software finds malware on more than half of PCs with keygens installed.

You can avoid installing malware or potentially unwanted software this way by:

Always downloading software from the official vendor’s website.

Making sure you read exactly what you are installing—don’t just click OK.

Hacked or compromised webpages

Malware can use known software vulnerabilities to infect your PC. A vulnerability is like a hole in your software that can give malware access to your PC.

When you go to a website, it can try to use those vulnerabilities to infect your PC with malware. The website might be malicious or it could be a legitimate website that has been compromised or hacked.

Vulnerabilities are fixed by the company that made the software. They are sent as updates that you need to install to be protected. This is why it’s extremely important to keep all your software up to date, and remove software you don’t use.

If your software isn’t up to date you could also get repeated alerts about the same threat, so be sure to update your software.

Other malware

Some types of malware can download other threats to your PC. Once these threats are installed on your PC they will continue to download more threats.

The best protection from malware and potentially unwanted software is an up-to-date, real-time security product, such as Microsoft Defender Antivirus for Windows 10 and Windows 8.1.

Troubleshoot problems with detecting and removing malware

The troubleshooting info in this topic might help you if you’re experiencing any of the following problems when detecting and removing malware with Microsoft Defender Antivirus, Microsoft Security Essentials, or other Microsoft antimalware solutions:

If scans are taking too long or appear to be progressing very slowly, consider the following solutions:

Ensure you have sufficient disk space

Run scans while your PC is idle by closing all other programs

Microsoft Defender Antivirus requires disk space to remove and quarantine malware files. It might be prevented from completely removing a threat if there isn’t enough space on your PC, particularly on your system drive (commonly drive C). See the following to help free up space:

After you’ve freed up some space, update and then run a scan again.

In general, full scans can take a long time if you have a large disk with lots of files. Large files, especially archives such as ZIP files, take longer to scan.

If Microsoft Defender Antivirus continually encounters errors during scans or during malware removal, try the following solutions:

Please provide feedback to us, so we can deliver fixes as fast as possible. By default, Windows automatically collects error information, but describing the error on the Feedback Hub app can help us address the error more efficiently.

Tip: You can quickly launch the Windows Feedback Hub app in Windows 10 by pressing the Windows logo key + F.

Run Windows Update to apply any fixes and ensure you have the latest components.

If Microsoft Defender Antivirus continually encounters errors during updates, try installing the latest protection updates manually.

To detect the latest threats, use a robust antimalware product, like Microsoft Defender Antivirus, which is built into Windows 10 and Windows 8.1. Ensure that critical security features are turned on and that Microsoft Defender Antivirus is fully updated before scanning.

Use Microsoft Defender Antivirus with cloud-based protection

By default, the following advanced features are enabled. If you’ve turned them off, you should enable them for the best protection:

Automatic sample submission

To turn on these features:

Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.

Under Virus & threat protection settings, select Manage settings.

Make sure the settings for Cloud-delivered protection and Automatic sample submission are turned On.

These settings significantly increase the chances of detecting never-before-seen malware and enable the automated creation of new protection updates that help immunize all other computers running Microsoft Defender Antivirus from the newly discovered threats.

Update Microsoft Defender Antivirus before scanning

By default, Microsoft Defender Antivirus updates definitions automatically at least once every day. You can also manually check for updates:

Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.

Under Virus & threat protection updates, select Check for updates.

Under Threat definitions, select Check for updates.

If you continue to encounter suspicious files that are not detected by Microsoft Defender Antivirus, submit the files to Microsoft for analysis.

Even after a malware has been removed, it might come back if you visit the website that hosts it or receive it again by email. Avoid websites that might contain malware, such as sites that provide illegal downloads.

To block threats from malicious websites, use a modern browser like Microsoft Edge, which uses Microsoft Defender SmartScreen to identify sites with poor reputation. Upgrade to the latest version of Windows to benefit from a host of built-in security enhancements.

In some cases, redetection of the same malware is due to an undetected malware component constantly, quietly, reinstalling the detected malware. The malware is typically reinstalled, and redetected, right after you restart your PC. To resolve this, try scanning with Microsoft Defender Offline to catch hidden threats

Scan with Windows Defender Offline

If the same malware keeps infecting your PC, use Windows Defender Offline to look for and remove recurring malware. Microsoft Defender Offline is a scanning tool that works outside of Windows, allowing it to catch and clean infections that hide themselves when Windows is running.

Note: Before initiating a Microsoft Defender Offline scan, make sure you’ve saved your work. Your PC will restart before starting the scan.

To start an offline scan in Windows 10:

Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.

Under Current threats, select Scan options.

Select Windows Defender Offline scan and then select Scan now.

On Windows 8.1 you will need to download Microsoft Defender Offline as a separate tool. For more information, see Help protect my PC with Microsoft Defender Offline.

If malware has caused irreversible changes to your PC, you can try to reset your PC. This might involve restoring data from backup.

Reset, restore, or reinstall your PC

Back up any files and settings you want to keep so that you can restore them later. Windows provides several options on how you can reset or refresh your PC. If you choose to manually reinstall, you will need to prepare installation discs, product keys, and setup files.

Note: Whenever possible, restore your files from backups generated before the infection and stored in an external location, such as OneDrive, which provides regular cloud-based backups with version histories. Backups that are on your PC during an infection might have already been modified by the malware.

See the following articles for more information about reinstalling or recovering Windows:

As soon as you restore your PC, make sure you have the latest software running. The latest versions of software include available fixes of known security issues. This will help ensure your PC is not infected by malware that exploit security vulnerabilities.

See the following articles for more information about updating Microsoft software and third-party applications:

Provide feedback to Microsoft

Microsoft continually works on enhancing the user experience on all current products, including Windows Defender Antivirus. We encourage all customers to make use of the following feedback channels included in Windows 10:

Set Windows to automatically prompt for your feedback. Windows is already configured to automatically prompt for feedback by default. To ensure this feature is turned on, select Start > Settings > Privacy > Diagnostics & feedback. Under Feedback frequency, make sure that Windows is set to ask for your feedback automatically.

Manually send feedback at any time through the Feedback Hub app. To send feedback, type Feedback Hub in the search box on the taskbar, then select it from the list of results to open the app. In the app, select Feedback > Add new feedback. Select Security, Privacy, and Accounts > Windows Defender Antivirus as the category.

Read Diagnostics, feedback, and privacy in Windows 10 for questions about privacy and feedback settings.

Windows Defender and Malwarebytes for windows 10

I have been unable to run a windows defender scan since 1/4/2018. I noticed there was an update on 1/8/2018. Is there away to re-install or repair windows defender without fresh install. I tried to download and install windows defender but was told a copy already exists.

I have Malwarebytes Pro antimalware installed and have never had an issue with it interfering with windows defender before.

[Original Title: Windows Defender for windows 10]

Replies (4) 

55 people found this reply helpful

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

From the first day I owned this computer, with windows 8 OS, to today when I have upgrade to windows 10 OS I have been able to run both windows defender and Malwarebytes together with no issues. That is until sometime after January 4, 2018 and the update from Microsoft.

And I believe Microsoft even updated windows defender in 2016 to allow another antivirus/antimalware program to run simultaneously.

I have real-time protection turned on for both program but I don’t run automatic scans. I try to run a Malwarebytes antimalware full scan daily because it runs so much faster than windows defender quick scan. If necessary I would run a quick scan with windows defender but not since January 4th.

Windows Defender on Windows 8 — Introduction and Frequently Asked Questions

Technical Level : Basic

The purpose of this article is to address various issues, concerns, and address frequently asked questions, regarding Windows Defender on Windows 8, and to help you Protect your PC.

Note that the article was written for Windows 8, but also applies to Windows 8.1 and Windows 10.

Windows 8 was released on October 26, 2012. One of the notable features about this OS release from Microsoft is that it contains integrated anti-malware protection known as Windows Defender.

There is confusion concerning the name “Windows Defender”, as that product name has had multiple implementations. Windows Defender, as discussed in this document, APPLIES ONLY TO WINDOWS 8.

This document is specifically for Windows 8 64-bit, and Windows Defender as integrated into Windows 8. This document assumes the use of Internet Explorer and Windows Firewall. For 32-bit users, or those using a different browser or firewall, you will have to adapt any specifics. This document does not discuss Windows Server 2012, or any server product.

And, there is no discussion of Microsoft Security Essentials because MSE is not designed for, or supported on, W8 .

This document is divided into four sections:

• SECTION 1: How do I get Windows Defender on Windows 8?
• SECTION 2: Issues affecting WD on W8
• SECTION 3: Frequently Asked Questions and General Concerns
• SECTION 4: A well-protected system

With all that said, it is hoped that you find the information below helpful.

SECTION 1: How do I get Windows Defender on Windows 8?

There is no need, nor is it possible, to install WD on Windows 8. WD is integrated with Windows 8, protecting you from malware . Conversely, you cannot uninstall WD.

If you install a third-party anti-malware product, WD will be disabled. If you [properly] uninstall a third-party product, WD will be enabled.

Before we can do anything with Windows Defender, we need to know how to open it! To open Windows Defender, do the following:

• Use the charms and search for Defender. Then, click on Windows Defender.

However, how you get to Windows 8 is the issue:

• Upgrading to Windows 8: Previously installed anti-malware is a problem and can/will disable WD. Prior to upgrading, if you intend to use WD as your anti-malware protection, you must completely remove all previously installed anti-malware products (including MSE if installed). The List of anti-malware product removal tools should be used to this end. Uninstall all previous anti-malware products, and use the appropriate manufacturer’s cleanup tool. Then, upgrade to W8 . With a successful upgrade to W8, you will be using WD as your anti-malware protection.

• New PC or fresh install of W8, with NO pre-installed third-party anti-malware product: There is no need to install any third-party anti-malware product. WD is there, protecting you. However, you can install a third-party anti-malware product. A successful install of such a product will disable, or should disable, WD. This is the correct behavior/procedure. The issue of having multiple real-time anti-malware products installed has been discussed many times. Regardless of what you have been told, or what a few will recommend, you cannot have more than one real-time anti-malware product installed. This is discussed in more detail later in this document.

• New W8 PC with pre-installed third-party anti-malware: If your new PC came with a free or trial version of a third-party anti-malware product (i.e. Norton, McAfee, TrendMicro, etc.), and you want to use WD, you must uninstall and use that manufacturer’s cleanup tool, even if you never used or activated the third-party product. The List of anti-malware product removal tools should be used to remove completely the third-party product. If your product manufacturer is not listed, go directly to their website to find their removal/cleanup tool. After removal, restart your PC. Also, you may have to enable [and restart] Windows Defender.

• Reverting to WD: Reverting to WD after you have installed a third-party anti-malware product is possible. However, to do so, you must uninstall the third-party anti-malware product, and then use the manufacturer cleanup/removal tool as discussed above. After removal, restart your PC. Also, you may have to enable [and restart] Windows Defender. Once this is accomplished, WD is enabled and protecting you.

SECTION 2: Issues affecting WD on W8

What can affect WD on W8? Most issues with WD can be corrected by following the steps below:

• Verify that you have removed all other anti-virus applications or security suites that were ever installed on your PC , including any free/trial products that were installed when the PC was purchased (i.e. Norton, McAfee, TrendMicro, etc.). Then, use the List of anti-malware product removal tools to complete the removal of these products.
• If you have installed Java, Adobe Reader, or any other “free” product, you may have been presented with the option to install a “free virus checker”, which is selected by default. If you were caught by this, and unknowingly/accidently installed this “free virus checker”, uninstall it and use the cleanup tool(s) in the list above. Note that these “free” downloads can also occur in products purchased by you. Your ISP may also provide an anti-malware product (and perhaps a firewall). Install these products ONLY if you do not intend to use WD and/or the Windows Firewall.
• Verify that your PC clock is correctly set. If not, correct it.
• Verify that you are up-to-date with the latest Service Pack and updates.
• Verify that the Windows Firewall is on, and set to defaults. Remove any other firewall that may be installed and use the Windows Firewall. Third-party firewalls (as well as those included in some anti-malware products) can cause problems if incorrectly configured.
• Verify that you are not using a proxy server. If you are using a proxy, configure it as per the instructions later in this FAQ.
• Verify that you have “Install updates automatically (recommended)” selected in Windows Update.
• In Internet Explorer, reset all security zones to default level.
• Then, restart your PC.

If a third-party anti-malware product was installed, it disabled WD. If you want to return to using WD, and you have properly removed that third-party product, you may have to re-enable WD.

• Use the charms and search for Defender. Then, click on Windows Defender.
• Select Settings tab.
• Check Turn on real-time protection (recommended)
• Click Save changes
• Click Update tab then Update button to have current updates downloaded and installed
• You may also want to do a Quick scan by selecting the Home tab and then selecting Quick scan

If you are still having problems with WD, post a message in the community forum. To do so:

• Note what version of WD you are using. Open WD, click on the “down pointer” to the right of “Help”. Then, click on “About Windows Defender”. Provide this information when asking a question in the Virus and Malware community forum .

SECTION 3: Frequently Asked Questions and General Concerns

The questions/topics included in this section are:

1. Can I have more than one anti-virus application or security suite installed?
2. Having multiple real-time anti-malware products provides “layered-protection”, correct?
3. What is ELAM?
4. What if I rebuild/reinstall/recover my Windows PC from my manufacturer supplied media?
5. Does WD provide a registry cleaner?
6. How well does WD protect you?
7. How do I know if WD is really working?
8. Can I schedule when WD definition updates occur?
9. What if I leave my PC turned off for several days?
10. I do not understand WD’s definition updates.
11. How do I get definition updates and program upgrades?
12. What is the difference between a Quick scan and a Full scan
13. Will WD scan and update while my PC is asleep?
14. Can WD shutdown my PC once a scan is finished?
15. How do I schedule a scan with WD?
16. Where are WD Settings?
17. How do I temporarily disable Real-Time scanning?
18. Where are the WD desktop and tray icons?
19. How do I determine what version or build of WD I have?
20. How do I get support for, and provide feedback on, WD?
21. Can WD be used from the Command Prompt?
22. Where are the WD log files?
23. Can I use a proxy?
24. I cannot use my VPN.
25. Does WD scan email?
26. Does WD filter junk email?
27. Does WD include a Firewall?
28. Are there other scanning options/solutions/tools from Microsoft?
29. What about cookies?
30. How do I remove/release a file or program that is being quarantined?
31. Windows Backup and quarantined items
32. How do I backup my computer and data?
33. How do I control Startup programs?
34. Can I improve my startup performance?
35. How do I use the MS Community forums?
36. Are calls from Microsoft to remove viruses legitimate?
37. What if I get a Pop-up for one of those fake anti-virus products?
38. Can I use a cleaner like CCleaner or Advanced System Care?
39. Do I need JAVA?
40. What about Adobe Flash Player?

1. Can I have more than one anti-virus application or security suite installed?

No. Having more than one real-time anti-virus application or security suite installed will compete with other anti-malware product(s), and can cause severe performance problems and system stability issues, and may limit the effectiveness of the products installed. Even if you attempt to have more than one product installed, with one active and another disabled, the disabled product will likely still have active components and/or drivers installed that will conflict with WD. The important issue here is that any other product with real-time scanning will conflict with WD (or any other real-time product).

However, you can have an on-demand scanner, such as Malwarebytes , installed. Malwarebytes offers two different scanners – one on-demand (free), and one real-time (paid). The on-demand scanner does not conflict with WD’s real-time scanning. Some users consider having one real-time product (e.g. WD) and an on-demand product (e.g. Malwarebytes (free)) a good combination on their system.

2. Having multiple real-time anti-malware products provides “layered-protection”, correct?

A few users believe that having more than one real-time anti-malware product installed provides “layered-protection”. This is incorrect. It is overlapping protection. Layered protection is good, overlapping protection is bad.

Since many/most anti-malware products available today provide protection for spyware, viruses, worms, Trojans, etc., their coverage overlaps. As soon as their protection begins to overlap, the risk for a conflict begins to increase. There is no “design” that allows them to coexist. Rather, they compete. It is a common misconception that “if having one real-time anti-malware product is good, then two must be better” when, in reality, it is just “piling on” overlapping applications.

“Layered protection” is having complimentary items/protection, as in this example:

• Hardware router firewall
• UEFI booted 64-bit Windows 8
• Data Execution Prevention (DEP) set to ON for all programs and services
• Windows Firewall
• Real-time anti-malware protection (such as Windows Defender on Windows 8)
• Spam/junk filter (usually provided by your ISP, email provider, or email client)

3. What is ELAM?

ELAM is Early Launch Anti-Malware protection and is a key feature/benefit of WD on W8. The reason that ELAM exists is to stop rootkits and other device driver types of malware, since the driver modules can all be validated and checked for malware before they are loaded, protecting the system from the moment the system begins to boot. This not only stops virtually all existing rootkits, but properly applied will also avoid the potential for future boot time malware, since it only loads what it absolutely must and then should make you aware of anything it can’t identify that absolutely must be loaded to allow the system to boot.

To achieve this level of protection, you must be using hardware that provides UEFI (defined in the UEFI 2.3.1 specification ), and you must be using 64-bit Windows 8.

UEFI is short for “Unified Extensible Firmware Interface”. A discussion of UEFI is beyond the scope of this document. A simplistic explanation is that it is the replacement for what we have known for the past 30+ years as the BIOS. UEFI provides many advances and features beyond BIOS. A key feature, and what makes ELAM possible, is the ability to authenticate module signatures at system boot time.

This is not “ boot time scanning”, which was a manual boot time scan of the files on a PC similar to other old and archaic methods used by some third-party antivirus products of the past, and now a nearly useless feature, since boot time malware had rendered this method ineffective years ago.

The new Secure Boot ability in Windows 8 is made possible by the UEFI firmware standard. Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure, assuming that UEFI firmware is available and enabled (in place of BIOS) on the PC itself.

There are huge differences in the two items mentioned above, so understanding these differences is important to determine if “ boot time scanning” is useful or simply an anachronism from another time in the distant past.

For more information on how UEFI and ELAM work together, review Protecting the pre-OS environment with UEFI .

4. What if I rebuild/reinstall/recover my Windows PC from my manufacturer supplied media?

If you rebuild or reinstall using the supplied media or restore partition on your PC provided by the manufacturer, it is likely that a free or trial anti-malware product was part of that installation. You will need to uninstall the anti-malware product to return to Windows Defender, even if it was never activated. The List of anti-malware product removal tools should be used to remove completely the third-party product.

5. Does WD provide a registry cleaner?

No. Moreover, you should not fall prey to all those websites that want to scan and clean your registry. There are many debates regarding “ cleaning” the registry. The “registry”, to many users, is a magical, mysterious thing that contains thousands upon thousands of settings, coded cryptically in decimal, hexadecimal, and various other formats. Anything that affects your PC must be in registry, right? Well, no, but many who want access to your PC to sell you worthless software and tools, or to gain access to your PC for some purpose, will tell you that this is the case. You can find thousands of these registry tools on the internet. DO NOT USE THEM. Read the Microsoft support policy for the use registry cleaning utilities .

There are many users who have used a registry cleaning tool, only to find their PC inoperable later. For a discussion on this topic, read this . Additionally, there is no such thing as a registry booster. Moreover, any space reclaimed by cleaning the registry is miniscule and insignificant. Lastly, in the process of removing a virus or threat, if such a virus or threat has made changes to the registry, WD will correct those registry entries.

6. How well does WD protect you?

WD provides excellent protection. However, no anti-malware product (free or paid), or combination of products, will provide 100% protection, 100% of the time. Malware (viruses, worms, Trojans, spyware, rootkits, malicious scripts, etc.) is constantly changing, and anti-malware products always have to keep up.

Note that very few of the commonly referenced testing groups are certified by any recognized bodies. Most of these choose to call their results ‘comparative’ rather than a certification as a result. If a testing body has no certification itself, it is rather a stretch for them to purport that they have any right to call their own results a certification.

7. How do I know if WD is really working?

You can test WD using the EICAR test file. You can download the test file from here . You may want to review this page on intended use and contents of the test file. Additional options for sample submissions and online scanners can be found here: List of Online File analyzers & services

8. Can I schedule when WD definition updates occur?

The ability to do this does not exist at this time. If you are concerned about an update occurring while using an application, or playing a game, do a manual update before starting such activity.

9. What if I leave my PC turned off for several days?

The virus definitions get out of date, and WD will update when you do turn on your PC. You can update manually by opening WD, selecting the Update tab, and clicking on UPDATE. If new definitions are available, they will be downloaded. You can also update WD by using Windows Update. If you encounter an error, WD may have already begun the update process. Wait a minute or so, and try again.

10. I do not understand WD’s definition updates.

The update process for WD is similar to MSE. For a detailed explanation of the WD update process, read this: Microsoft Security Essentials Update FAQ . The exception is that WD updating respects the settings selected for Automatic Updates in Windows 8. If you have set AU to notify you, then WD will not automatically update and it will alert in about 7 days. WD will normally update itself about every 24 hours. You can update WD manually, if you want. Otherwise, it is not needed and causes unnecessary overhead. If an event occurs that requires immediate attention, the WD update system will force an update to occur. In addition, WD employs a “Dynamic Signature Service” (DSS). Whenever WD encounters something it does not know or recognize, it will send information to “Microsoft Active Protection Service” (MAPS). Depending on what MAPS determines from inspecting the information, it will cause an automatic download of definition updates to handle the malware.

11. How do I get definition updates and program upgrades?

WD definition updates are provided by Windows Update, and the “Update” tab in WD. Also, WD will update itself every 24-hours. If you need to update WD definitions while offline or using a slow connection, go to Microsoft Malware Protection Center and select the W8 definition files, and follow the instructions for installation.

For upgrades or updates to the WD application, these are delivered by Windows Update.

12. What is the difference between a Quick scan and a Full scan?

Real-time protection is the real protection against malware. Next, a quick scan will find orphaned files and auto-starts and stop them from running. Finally, a full scan can find malware missed by the quick scan. A full scan will “deep” scan every file on your system, including archive files (i.e. zip, rar, cab, etc.). A full scan can take hours to run. The decision to run a full scan is a personal preference. You might choose to run a full scan once per month, or before a complete backup. The decision is yours.

To scan a specific hard drive or USB device, select Custom scan and Scan Now, then choose the drive you wish to scan. A full scan will then be performed on the selected drive.

13. Will WD scan and update while my PC is asleep?

No. The PC must be on (not off, standby, hibernating, or asleep) for the scheduled scan to occur and for updates to download/install.

14. Can WD shutdown my PC once a scan is finished?

This cannot be accomplished from the WD user interface. However, you can accomplish this using the task scheduler or batch scripts. Review this thread for more information.

15. How do I schedule a scan with WD?

Windows Defender «scheduled scan» is included in Windows 8 Automatic Maintenance. Open the Action Center, click on «Maintenance», then on «Change maintenance settings», and then choose a time.

There is also a «Wake the computer» option. However, there is no reason to leave the computer on overnight. Leave the setting at the default of 3am, and turn off the computer normally. The scan will occur a short time after you turn on your PC.

For other options, look at Windows Defender in the Task Scheduler.

See this thread for information from GreginMich on the topic of scheduling a scan.

16. Where are WD Settings?

Open WD and click the Settings tab. There you will find various categories and their settings.

17. How do I temporarily disable Real-Time scanning?

You should not need to do this, even if a product manufacturer tells you it should be done prior to installing their software. However, if you feel you must temporarily disable real-time scanning, open WD, click the Settings tab, select Real-Time Protection, and clear the check box for “Turn on real-time protection”. Remember, you must turn real-time protection back on.

18. Where are the WD desktop and tray icons?

Windows Defender can be found on the Start screen, All Apps. If you really want a Desktop icon, do the following:

Use the charms , and search for Defender. Alternatively, go to the Start Screen, right-click, and select All Apps. Under the Windows System group, you will find Windows Defender.

Once you have found Windows Defender, right-click on it and select Open File Location. There you will find a shortcut to Windows Defender. Copy the shortcut, and paste it on your Desktop.

There is no tray icon with WD on W8. The Action Center icon reports WD issues.

19. How do I determine what version or build of WD I have?

Open WD and click on the “down pointer” to the right of “Help”. Then, click on “About Windows Defender”.

20. How do I get support for, and provide feedback on, WD?

Support for Windows Defender is provided by Microsoft for retail purchased copies of Windows 8 or by the computer manufacturer if Windows 8 was provided with the computer. For Microsoft provided Support options, start here: http://support.microsoft.com/get-support

Feedback on WD is unavailable at this time. It is suggested that you use MSE feedback in the interim, where your suggestions and feedback will likely be handled in the same manner as the feedback on MSE.

21. Can WD be used from the Command Prompt?

Yes. The MpCmdRun function of WD provides this ability.

To run this tool, go to the Start Screen, right-click, and select All Apps.

Under the Windows System group, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the following commands:

> cd \Program Files\Windows Defender

> MpCmdRun /?

This will provide you with a list of commands and options that can be used from the Command Prompt with Windows Defender. You may want to review this thread for more information.

22. Where are the WD log files?

The MpCmdRun function of WD provides the ability to gather the following information/logs and packages them together in a compressed file in the support directory. This information includes:

• Any trace files from Microsoft Antimalware Service
• The Windows Update history log
• All Microsoft Antimalware Service events from the System event log
• All relevant Microsoft Antimalware Service registry locations
• The log file of this tool
• The log file of the signature update helper tool

To run this tool, go to the Start Screen, right-click and select All Apps.

Under the Windows System group, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the following commands:

> cd \Program Files\Windows Defender

> MpCmdRun -getfiles -scan

At this point, logs will be collected and placed in a cab file. This process can take several minutes. When the process is complete, you will find the collected information here:

• C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab

Now, close the Command Prompt window. Then, using Windows Explorer, navigate to the above folder and extract the logs from the cab file to a location of your choice. Then, using Notepad, browse, examine, and peruse the logs and information.

Also, review the system event log for more information regarding WD events and the following event codes. These events are found in Event Viewer (Local), Applications and Services, Microsoft, Windows, Windows Defender, Operational:

• 1000 – Scan started
• 1001 – Scan completed
• 1002 – Scan stopped (canceled)
• 1005 – Scan terminated due to error
• 1011 – Item deleted from quarantine
• 1013 – History removed
• 1116 – Malware detection
• 1117 – Malware remediation
• 1118 – Malware remediation error (non-critical) [not confirmed]
• 1119 – Malware remediation error (critical)
• 2000 – Successful update
• 2001 – Failed update
• 2002 – Engine update
• 2010 – Dynamic Signature Service retrieved additional signatures
• 2011 – Dynamic Signature Service discarded obsolete signatures
• 3002 – Real-time protection failure: behavior monitoring
• 5000 – Real-time protection enabled
• 5001 – Real-time protection disabled
• 5004 – Real-time protection configuration changed
• 5007 – Configuration changed

23. Can I use a proxy?

If Windows 8 updates work, Windows Defender updates will work. However, KB2599808 may be of some interest to you.

You may also use this procedure:

Go to the Start Screen, right-click, and select All Apps.

Under the Windows System group, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the command as per the examples below:

> NETSH WINHTTP SET PROXY 1.1.1.1:8080

> NETSH WINHTTP SET PROXY MYPROXY.NET:8080

24. I cannot use my VPN.

This is not a problem with WD. You must have your VPN provider update their software to recognize WD.

25. Does WD scan email?

No. There is no need for this to be done. What is important are attachments and links in email. When you attempt to open or save an attachment, or open a link, WD’s real-time protection inspects those items. Read this thread regarding the handling of email. However, the best rule you will ever find is “if you do not know the sender, do not open the attachments”. Better yet, do not open the mail.

26 . Does WD filter junk email?

No, junk/spam email is not malware. Junk/Spam filters are a function of your email provider, and the email client that you use.

27. Does WD include a Firewall?

No. This is not necessary. W8 includes Windows Firewall in addition to Windows Defender. If you do install a third-party product, and later remove/uninstall it, make certain that the Windows Firewall is on. You can find the Windows Firewall in the Control Panel.

28. Are there other scanning options/solutions/tools from Microsoft?

• The Malicious Software Removal Tool (MSRT) is provided via the monthly update from Microsoft, regardless of what anti-malware solution you have installed. It runs during the update process. MSRT can also be run on-demand if you download it.
• Also available is the Microsoft Safety Scanner . This is not a real-time scanner. It is a free, downloadable, on-demand scanner.
• Use Windows Defender Offline to create a bootable USB stick or CD to help remove threats from your system.
• For corporate/commercial users, Microsoft Forefront is available.

29. What about cookies?

Cookies are not malware. Cookies are a browser issue, and are not a problem (except for privacy concerns). This is where third-party Cookies are used. Organizations and companies use third-party cookies to collect information about your viewing habits and preferences.

If these cookies concern you, you can turn them off. To turn them off in Internet Explorer, go to

• Control Panel, All Control Panel items, Internet Options
• Select the Privacy tab, Advanced
• Check the box for Override automatic cookie handling and select the button to Block Third-Party Cookies.

Also, note that other anti-malware products will report cookies in their scans, while WD does not. This gives the appearance that WD is not finding as many “viruses” as these other products, which is incorrect.

An additional note: If you are concerned about privacy and tracking, please visit the Do Not Track Test Page .

30. How do I remove/release a file or program that is being quarantined?

Open WD. Go to the History tab and select the Quarantined items radio button. Next, highlight the item you want restored and select Restore. Note that doing this will allow the file to exist and exposes you to risk of infection (if the file was infected).

31 . Windows Backup and quarantined items

If you have items that are quarantined , and you use Windows 7 File Recovery (Windows Backup and Restore on Windows 7), you may see the backup fail (with error 0x81000031), complaining «Shadow Files Cannot be Read». You must either REMOVE or ALLOW any quarantined items, and re-run your backup. If you look up 0x81000031, you will likely be directed to KB973455 , which will instruct you to delete reparse (junction) points, which is the incorrect answer to this problem. Simply remediate the quarantined files, and re-run the backup.

32. How do I backup my computer and data?

You should explore these W8 options for backing up your system/data:

• Control Panel, All Control Panel Items, File History
• Control Panel, All Control Panel Items, Windows 7 File Recovery
• Using the charms, search for Windows Easy Transfer

Y ou may also want to explore the use of a third-party backup solution, or storing your data on SkyDrive (or some other cloud solution).

33. How do I control Startup programs?

You can use press Ctrl+Shift+Esc to bring up Task Manager and use STARTUP tab to disable those programs you do not need.

34. Can I improve my startup performance?

Examine the necessity of the number of startup programs you have. To examine your startup programs, use the Task Manager. To do this, press Ctrl+Shift+Esc to bring up Task Manager and use STARTUP tab to disable those programs you do not need. Which startup programs should you keep, and which should you disable? Look at the startup program database on bleepingcomputer.com .

35. How do I use the MS Community forums?

The Microsoft Answer Forums support Windows, Internet Explorer, Office, Viruses and Malware , and Microsoft products. If your concern/issue is not addressed in these forums, just select the appropriate forum and ask your question. Provide your OS information, browser used, and any anti-malware products you have or had installed. You may want to review Suggestions for asking a question on help forums . Volunteers and users support the forums.

Note that the MS Community forums are for Microsoft Products. If you need help with a third-party product, contact the manufacturer of that product for support with their software.

36. Are calls from Microsoft to remove viruses legitimate?

No. It is not Microsoft that called you. Unless you specifically initiated a support case with Microsoft, this is a fraud/scam attempt. For more information, read Avoid scams that use the Microsoft name fraudulently and Avoid tech support phone scams .

37. What if I get a Pop-up for one of those fake anti-virus products?

If you clicked on it, or even if you simply closed the pop-up, you are likely infected and need to go into virus removal mode.

If you have not touched anything on the screen since the pop-up, you may be able to avoid being infected. The following assumes you are using Internet Explorer and WD. If not, adapt this procedure for the browser and anti-malware product you are using. Whenever you encounter one of these pop-ups while browsing, immediately do either of the following:

• Shut down the PC without touching any browser windows.

• Do not touch any browser window to close it or browse further. Immediately press Ctrl+Shift+Esc to bring up Task Manager. Select the Processes tab and END all instances of Internet Explorer by right clicking on the entry(s) and selecting END TASK. Then, shut down the PC.

• Press Alt+F4 until all browser windows are closed. Then, shut down the PC.

Next, restart the PC. Once the PC restarts, go to

• Control Panel, All Control Panel Items, Internet Options
• Select the General tab, Browsing History, Delete
• Select Temporary Internet files and Cookies, and Delete
• Then, perform a full scan with WD.

If you are still having difficulty removing these fake products, use the Microsoft Answers Viruses and Malware forum for additional help, or get support from Microsoft as previously described in these faqs. You may also want to visit bleepingcomputer.com , where removal instructions are provided for many of these viruses.

38. Can I use a cleaner like CCleaner or Advanced System Care?

Yes, but make sure these cleaners are not deleting important WD files. You must find the appropriate settings in those tools and set them correctly if they concern you, or contact the manufacturer of those products for support. However, there is no need to use such tools, which can cause problems by deleting folders and files needed by W8, WD, and other applications.

If you really want to clean/remove temporary files, use Disk Cleanup that is included in W8. To find Disk Cleanup, use the charms and search for CLEANMGR.

39. Do I need JAVA?

Most likely not. There is Java and Javascript. Javascript is built into Internet Explorer. Very few applications need to install the Java application. If you are not sure, do not install JAVA. If you encounter an application that requires JAVA, it will inform you. You can then choose to install JAVA at that time. If you find that you have JAVA installed and do not need it, remove it. By not installing JAVA, you can avoid problems and issues associated with JAVA, its updates, and associated security issues/concerns. For more information on the risks of Java, read this document .

40. What about Adobe Flash Player?

Adobe Flash Player is now included in Internet Explorer, in both Modern and Desktop mode. Windows Update provides updates for Adobe Flash Player.

SECTION 4: A well-protected system

A well-protected system consists of several of areas of concern. Attention to each area will help keep your system protected. There is a Microsoft Fixit , which can address some of these concerns for you. To achieve a well-protected system, please consider these items/issues:

• Hardware that supports UEFI-based Secure Boot
• Windows 8, fully updated (including service packs), with Automatic Update ON
• Data Execution Prevention (DEP) for all programs and services. For information on DEP, refer to KB912923 and to PAE/NX/SSE2 Support Requirement Guide for Windows 8 .
• All third-party applications (i.e. Java, Adobe Reader, etc.) updated. You must keep these applications up-to-date, as they are frequently updated to address security issues.
• Windows Defender providing comprehensive real-time anti-malware protection
• Internet Explorer with:
  • Security tab: Default security settings (Reset all zones to default level)
  • Privacy tab: Pop-up Blocker ON
  • Advanced tab: Settings, Security, Enable SmartScreen Filter ON
• Windows Firewall ON
• Remote Registry Service NOT started
• User Account Control (UAC) ON, and not running with elevated privileges
• A good password policy in effect
• A good backup procedure in effect
• Only download software and drivers from the manufacturer/provider. There is no need to go anywhere else. Doing so will only put you at risk.
• Visit Microsoft’s Malware Protection Center for the latest news on viruses and threats
• And, YOU must practice safe surfing!

Special thanks to the following contributors to this article: