Turn on Windows Defender to access company resources

Organizations want to ensure that devices accessing their resources are secured so they may require you to use Windows Defender. Windows Defender is an antivirus software that’s included in Windows and can help protect your device from viruses and other malware and threats.

This article describe how to update your device settings to meet your organization’s antivirus requirements and resolve access problems.

Turn on Windows Defender

Complete the following steps to turn on Windows Defender on your device.

1. Select the Start menu.
2. In the search bar, type group policy. Then select Edit group policy from the listed results. The Local Group Policy Editor will open.
3. Select Computer Configuration >Administrative Templates >Windows Components >Windows Defender Antivirus.
4. Scroll to the bottom of the list and select Turn off Windows Defender Antivirus.
5. Select Disabled or Not configured. It might feel counter-intuitive to select these options because the names suggest that you’re turning Windows Defender off. Don’t worry, these options actually ensure that it’s turned on.
6. Select Apply >OK.

Turn on real-time and cloud-delivered protection

Complete the following steps to turn on real-time and cloud-delivered protection. Together, these antivirus features protect you against spyware and can deliver fixes for malware issues via the cloud.

1. Select the Start menu.
2. In the search bar, type Windows Security. Select the matching result.
3. Select Virus & threat protection.
4. Under Virus & threat protection settings, select Manage settings.
5. Flip each switch under Real-time protection and Cloud-delivered protection to turn them on.

If you don’t see these options on your screen, they may be hidden. Complete the following steps to make them visible.

1. Select the Start menu.
2. In the search bar, type group policy. Then select Edit group policy from the listed results. The Local Group Policy Editor will open.
3. Select Computer Configuration >Administrative Templates >Windows Components >Windows Security >Virus and threat protection.
4. Select Hide the Virus and threat protection area.
5. Select Disabled >Apply >OK.

Update your antivirus definitions

Complete the following steps to update your antivirus definitions.

1. Select the Start menu.
2. In the search bar, type Windows Security. Select the matching result.
3. Select Virus & threat protection.
4. Under Virus & threat protection updates, select Check for updates. If you don’t see this option on your screen, complete the first set of steps in Turn on Real-time Protection. Then try checking for updates again.

Next steps

Still need help? Contact your company support. For their contact information, check the Company Portal website.

How to Enable or Start Windows Defender manually in Windows 10

If you have installed 3rd-party antivirus software, Windows Defender will turn itself off, automatically. When you uninstall your antivirus software, then on restart, Windows Defender will turn on automatically and protect your Windows PC. But if you find that it does not, then you will have to start Windows Defender manually. This post will show you how to enable or start Windows Defender manually on a Windows 10/8/7 computer.

Start Windows Defender manually

To start Windows Defender, you have to open the Control panel and Windows Defender Settings and click on Turn On, and ensure that the following are enabled and set to On position:

1. Real-time protection
2. Cloud-based protection.

We have already seen how to disable Windows Defender now let us see how to enable it.

When there is no security software protecting your computer, you will see notifications like these appear.

Clicking on it will show you the installed security apps on your system. If you miss this notification, you can see it in the Notification & Action Center.

Clicking on it too will show you the installed security apps on your computer, as follows.

Select Windows Defender and then click on the Turn on button.

Windows Defender will start. The first thing you want to do when this happens is to update your definitions.

Clicking on the Settings link in the top right corner will open the following panel. You can also access it via Settings > Update & security > Windows Defender.

Once here, ensure that Real-time protection and Cloud-based protection is set to On. You may also set Automatic sample submission to the On position. You may then configure Windows Defender according to your needs.

Windows 8 and Windows 7 users can search for ‘Windows Defender’ via the Start Search and do the needful.

Date: June 30, 2018 Tags: Windows Defender

How to enable and use the built in Windows Defender for Antivirus Protection in Windows 10

Technical Level : Basic

Update: Starting with Windows 10 Creators Update and later versions, Windows Defender has been succeeded by a new security client called Windows Defender Security Center. Windows Defender Security Center includes a suite of protection tools for your Windows 10 device, these include: Antivirus, Performance, Firewall, App and Browser Control and Family Safety.

This also means, users don’t need uninstall third party Antivirus products compatible with Windows 10. Third party Antivirus utilities can co-exist with Windows Defender Security Center just fine. If you are running an older release of Windows 10, such as 1607 and earlier, you can follow the instructions below for enabling your third party Antivirus utility.

Summary — Enabling Windows Defender on Older Releases of Windows 10

Windows 10 might require a new version of your Antivirus designed for Windows 10. If you have a subscription that has not expired, contact the developer to find out about Windows 10 support. Most Antivirus utilities should now support Windows 10. If your subscription is still active, then you should be entitled to a compatible update for Windows 10. If your current Antivirus is incompatible with Windows 10 or you do not plan to renew your subscription, you can use the built in Windows Defender or Windows Defender Security Center as an alternative. Lets take a quick look at enabling and updating Windows Defender.

Details

Press Windows key + X

Click Programs and Features

Select the Antivirus utility you have installed, then click Uninstall/Change. You might have a different one installed, I have Norton for example.

This will launch the setup wizard which will guide you through uninstalling your Antivirus. Follow the on screen instructions, a reboot might be required.

During the uninstallation, you might receive a notification indicating virus protection is turned off. You can use this opportunity to enable Windows Defender right away. If not, follow the next steps to enable it yourself manually.

Click Start
Click Settings or press Windows key + i
Click Click Update & Security

Click Windows Defender

Make sure Real-time protection is enabled

Windows Defender should automatically turn on and prompt you update. Do so right away, as the definitions tend to be out of date by many months or years (depending on when you install Windows 10).

That’s it, you now have a free built in Antivirus utility you don’t have to pay for.

Problems starting Windows Defender in Windows 8/8.1/10

Technical Level : Intermediate

Summary
Windows Defender in Windows 8/8.1/10 sometimes do not start automatically and may report an error when started manually. This wiki describes some methods that can be used to fix the problem.

Sometimes, due to various factors, Windows Defender do not start automatically when Windows starts and when Windows Defender is started manually via Action Center it may display an error code. Factors contributing to these issues may include malware infection, software conflicts (possibly with another antivirus program), corrupted registry, etc.

When you encounter these problems, here are some things you can try:

1. Restart your PC

Many times the issue is resolved by simple restart.

2. Remove existing antivirus and antispyware software

If your PC still has another antivirus installed or if one was installed previously then you should use appropriate removal tool to remove all third party antivirus and antispyware programs. You can download removal tools from here:

3. Scan your PC for malwares

This wiki lists out some malware scanners recommended here:

4. SFC scan

System File Checker (SFC) tool repairs corruption in system files. Use this tool to verify whether Windows Defender is corrupted or not. Follow this KB article:

5. Clean Boot

Start your PC in clean boot status to ensure any 3rd party application is not conflicting with Windows Defender. Here is a support article that will help you:

6. Restart Security Center Service

As reported in this and this thread, restarting Security Center service can help in solving the problem. To restart Security Center service, follow these steps:

1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for ‘Run’.
2. In Run dialog box, type ‘services.msc‘ and hit enter.
3. In Services, search for ‘Security Center‘.
4. Right click on ‘Security Center’ and click on ‘Restart‘.

7. Delete conflicting Registry Entry

Some malwares adds malicious entries in registry that blocks real antiviruses from running. To remove these entries, follow these steps:

1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for ‘Run’.
2. In Run dialog box, type ‘regedit‘ and hit enter. This will open Registry Editor.
3. In Registry Editor, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options.
4. In this key, if you find any entry for MSASCui.exe, MpCmdRun.exe or MsMpEng.exe then right click on it and click on Delete. If you do not find any of these entry then it is normal and you don’t need to do anything.

8. Enabling Windows Defender from Group Policy

Important: You must proceed with this step only after trying all the steps mentioned above.

If you are facing an error like «This app is turned off by Group Policy» then Windows Defender can be manually enabled via registry. Windows Defender is disabled by Windows if it detects presence of another antivirus. Therefore, before enabling it manually, it must be ensured that there are no conflicting softwares and system is not infected. To enable Windows Defender manually, follow these steps:

1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for ‘Run’.
2. In Run dialog box, type ‘regedit‘ and hit enter. This will open Registry Editor.
3. In Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
4. If you see a registry entry named DisableAntiSpyware, then change its value to 0. If you don’t find this registry key then add this it. To do that, right click on Windows Defender key and go to New > DWORD. Give this DWORD name ‘DisableAntiSpyware‘ and value 0. Registry will then look like this:

If these steps doesn’t solve your problem, please post a question in Virus and Malware forum with as much details as you can give and results of all the methods you have tried.

Windows Defender on Windows 8 — Introduction and Frequently Asked Questions

Technical Level : Basic

The purpose of this article is to address various issues, concerns, and address frequently asked questions, regarding Windows Defender on Windows 8, and to help you Protect your PC.

Note that the article was written for Windows 8, but also applies to Windows 8.1 and Windows 10.

Windows 8 was released on October 26, 2012. One of the notable features about this OS release from Microsoft is that it contains integrated anti-malware protection known as Windows Defender.

There is confusion concerning the name “Windows Defender”, as that product name has had multiple implementations. Windows Defender, as discussed in this document, APPLIES ONLY TO WINDOWS 8.

This document is specifically for Windows 8 64-bit, and Windows Defender as integrated into Windows 8. This document assumes the use of Internet Explorer and Windows Firewall. For 32-bit users, or those using a different browser or firewall, you will have to adapt any specifics. This document does not discuss Windows Server 2012, or any server product.

And, there is no discussion of Microsoft Security Essentials because MSE is not designed for, or supported on, W8 .

This document is divided into four sections:

• SECTION 1: How do I get Windows Defender on Windows 8?
• SECTION 2: Issues affecting WD on W8
• SECTION 3: Frequently Asked Questions and General Concerns
• SECTION 4: A well-protected system

With all that said, it is hoped that you find the information below helpful.

SECTION 1: How do I get Windows Defender on Windows 8?

There is no need, nor is it possible, to install WD on Windows 8. WD is integrated with Windows 8, protecting you from malware . Conversely, you cannot uninstall WD.

If you install a third-party anti-malware product, WD will be disabled. If you [properly] uninstall a third-party product, WD will be enabled.

Before we can do anything with Windows Defender, we need to know how to open it! To open Windows Defender, do the following:

• Use the charms and search for Defender. Then, click on Windows Defender.

However, how you get to Windows 8 is the issue:

• Upgrading to Windows 8: Previously installed anti-malware is a problem and can/will disable WD. Prior to upgrading, if you intend to use WD as your anti-malware protection, you must completely remove all previously installed anti-malware products (including MSE if installed). The List of anti-malware product removal tools should be used to this end. Uninstall all previous anti-malware products, and use the appropriate manufacturer’s cleanup tool. Then, upgrade to W8 . With a successful upgrade to W8, you will be using WD as your anti-malware protection.

• New PC or fresh install of W8, with NO pre-installed third-party anti-malware product: There is no need to install any third-party anti-malware product. WD is there, protecting you. However, you can install a third-party anti-malware product. A successful install of such a product will disable, or should disable, WD. This is the correct behavior/procedure. The issue of having multiple real-time anti-malware products installed has been discussed many times. Regardless of what you have been told, or what a few will recommend, you cannot have more than one real-time anti-malware product installed. This is discussed in more detail later in this document.

• New W8 PC with pre-installed third-party anti-malware: If your new PC came with a free or trial version of a third-party anti-malware product (i.e. Norton, McAfee, TrendMicro, etc.), and you want to use WD, you must uninstall and use that manufacturer’s cleanup tool, even if you never used or activated the third-party product. The List of anti-malware product removal tools should be used to remove completely the third-party product. If your product manufacturer is not listed, go directly to their website to find their removal/cleanup tool. After removal, restart your PC. Also, you may have to enable [and restart] Windows Defender.

• Reverting to WD: Reverting to WD after you have installed a third-party anti-malware product is possible. However, to do so, you must uninstall the third-party anti-malware product, and then use the manufacturer cleanup/removal tool as discussed above. After removal, restart your PC. Also, you may have to enable [and restart] Windows Defender. Once this is accomplished, WD is enabled and protecting you.

SECTION 2: Issues affecting WD on W8

What can affect WD on W8? Most issues with WD can be corrected by following the steps below:

• Verify that you have removed all other anti-virus applications or security suites that were ever installed on your PC , including any free/trial products that were installed when the PC was purchased (i.e. Norton, McAfee, TrendMicro, etc.). Then, use the List of anti-malware product removal tools to complete the removal of these products.
• If you have installed Java, Adobe Reader, or any other “free” product, you may have been presented with the option to install a “free virus checker”, which is selected by default. If you were caught by this, and unknowingly/accidently installed this “free virus checker”, uninstall it and use the cleanup tool(s) in the list above. Note that these “free” downloads can also occur in products purchased by you. Your ISP may also provide an anti-malware product (and perhaps a firewall). Install these products ONLY if you do not intend to use WD and/or the Windows Firewall.
• Verify that your PC clock is correctly set. If not, correct it.
• Verify that you are up-to-date with the latest Service Pack and updates.
• Verify that the Windows Firewall is on, and set to defaults. Remove any other firewall that may be installed and use the Windows Firewall. Third-party firewalls (as well as those included in some anti-malware products) can cause problems if incorrectly configured.
• Verify that you are not using a proxy server. If you are using a proxy, configure it as per the instructions later in this FAQ.
• Verify that you have “Install updates automatically (recommended)” selected in Windows Update.
• In Internet Explorer, reset all security zones to default level.
• Then, restart your PC.

If a third-party anti-malware product was installed, it disabled WD. If you want to return to using WD, and you have properly removed that third-party product, you may have to re-enable WD.

• Use the charms and search for Defender. Then, click on Windows Defender.
• Select Settings tab.
• Check Turn on real-time protection (recommended)
• Click Save changes
• Click Update tab then Update button to have current updates downloaded and installed
• You may also want to do a Quick scan by selecting the Home tab and then selecting Quick scan

If you are still having problems with WD, post a message in the community forum. To do so:

• Note what version of WD you are using. Open WD, click on the “down pointer” to the right of “Help”. Then, click on “About Windows Defender”. Provide this information when asking a question in the Virus and Malware community forum .

SECTION 3: Frequently Asked Questions and General Concerns

The questions/topics included in this section are:

1. Can I have more than one anti-virus application or security suite installed?
2. Having multiple real-time anti-malware products provides “layered-protection”, correct?
3. What is ELAM?
4. What if I rebuild/reinstall/recover my Windows PC from my manufacturer supplied media?
5. Does WD provide a registry cleaner?
6. How well does WD protect you?
7. How do I know if WD is really working?
8. Can I schedule when WD definition updates occur?
9. What if I leave my PC turned off for several days?
10. I do not understand WD’s definition updates.
11. How do I get definition updates and program upgrades?
12. What is the difference between a Quick scan and a Full scan
13. Will WD scan and update while my PC is asleep?
14. Can WD shutdown my PC once a scan is finished?
15. How do I schedule a scan with WD?
16. Where are WD Settings?
17. How do I temporarily disable Real-Time scanning?
18. Where are the WD desktop and tray icons?
19. How do I determine what version or build of WD I have?
20. How do I get support for, and provide feedback on, WD?
21. Can WD be used from the Command Prompt?
22. Where are the WD log files?
23. Can I use a proxy?
24. I cannot use my VPN.
25. Does WD scan email?
26. Does WD filter junk email?
27. Does WD include a Firewall?
28. Are there other scanning options/solutions/tools from Microsoft?
29. What about cookies?
30. How do I remove/release a file or program that is being quarantined?
31. Windows Backup and quarantined items
32. How do I backup my computer and data?
33. How do I control Startup programs?
34. Can I improve my startup performance?
35. How do I use the MS Community forums?
36. Are calls from Microsoft to remove viruses legitimate?
37. What if I get a Pop-up for one of those fake anti-virus products?
38. Can I use a cleaner like CCleaner or Advanced System Care?
39. Do I need JAVA?
40. What about Adobe Flash Player?

1. Can I have more than one anti-virus application or security suite installed?

No. Having more than one real-time anti-virus application or security suite installed will compete with other anti-malware product(s), and can cause severe performance problems and system stability issues, and may limit the effectiveness of the products installed. Even if you attempt to have more than one product installed, with one active and another disabled, the disabled product will likely still have active components and/or drivers installed that will conflict with WD. The important issue here is that any other product with real-time scanning will conflict with WD (or any other real-time product).

However, you can have an on-demand scanner, such as Malwarebytes , installed. Malwarebytes offers two different scanners – one on-demand (free), and one real-time (paid). The on-demand scanner does not conflict with WD’s real-time scanning. Some users consider having one real-time product (e.g. WD) and an on-demand product (e.g. Malwarebytes (free)) a good combination on their system.

2. Having multiple real-time anti-malware products provides “layered-protection”, correct?

A few users believe that having more than one real-time anti-malware product installed provides “layered-protection”. This is incorrect. It is overlapping protection. Layered protection is good, overlapping protection is bad.

Since many/most anti-malware products available today provide protection for spyware, viruses, worms, Trojans, etc., their coverage overlaps. As soon as their protection begins to overlap, the risk for a conflict begins to increase. There is no “design” that allows them to coexist. Rather, they compete. It is a common misconception that “if having one real-time anti-malware product is good, then two must be better” when, in reality, it is just “piling on” overlapping applications.

“Layered protection” is having complimentary items/protection, as in this example:

• Hardware router firewall
• UEFI booted 64-bit Windows 8
• Data Execution Prevention (DEP) set to ON for all programs and services
• Windows Firewall
• Real-time anti-malware protection (such as Windows Defender on Windows 8)
• Spam/junk filter (usually provided by your ISP, email provider, or email client)

3. What is ELAM?

ELAM is Early Launch Anti-Malware protection and is a key feature/benefit of WD on W8. The reason that ELAM exists is to stop rootkits and other device driver types of malware, since the driver modules can all be validated and checked for malware before they are loaded, protecting the system from the moment the system begins to boot. This not only stops virtually all existing rootkits, but properly applied will also avoid the potential for future boot time malware, since it only loads what it absolutely must and then should make you aware of anything it can’t identify that absolutely must be loaded to allow the system to boot.

To achieve this level of protection, you must be using hardware that provides UEFI (defined in the UEFI 2.3.1 specification ), and you must be using 64-bit Windows 8.

UEFI is short for “Unified Extensible Firmware Interface”. A discussion of UEFI is beyond the scope of this document. A simplistic explanation is that it is the replacement for what we have known for the past 30+ years as the BIOS. UEFI provides many advances and features beyond BIOS. A key feature, and what makes ELAM possible, is the ability to authenticate module signatures at system boot time.

This is not “ boot time scanning”, which was a manual boot time scan of the files on a PC similar to other old and archaic methods used by some third-party antivirus products of the past, and now a nearly useless feature, since boot time malware had rendered this method ineffective years ago.

The new Secure Boot ability in Windows 8 is made possible by the UEFI firmware standard. Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure, assuming that UEFI firmware is available and enabled (in place of BIOS) on the PC itself.

There are huge differences in the two items mentioned above, so understanding these differences is important to determine if “ boot time scanning” is useful or simply an anachronism from another time in the distant past.

For more information on how UEFI and ELAM work together, review Protecting the pre-OS environment with UEFI .

4. What if I rebuild/reinstall/recover my Windows PC from my manufacturer supplied media?

If you rebuild or reinstall using the supplied media or restore partition on your PC provided by the manufacturer, it is likely that a free or trial anti-malware product was part of that installation. You will need to uninstall the anti-malware product to return to Windows Defender, even if it was never activated. The List of anti-malware product removal tools should be used to remove completely the third-party product.

5. Does WD provide a registry cleaner?

No. Moreover, you should not fall prey to all those websites that want to scan and clean your registry. There are many debates regarding “ cleaning” the registry. The “registry”, to many users, is a magical, mysterious thing that contains thousands upon thousands of settings, coded cryptically in decimal, hexadecimal, and various other formats. Anything that affects your PC must be in registry, right? Well, no, but many who want access to your PC to sell you worthless software and tools, or to gain access to your PC for some purpose, will tell you that this is the case. You can find thousands of these registry tools on the internet. DO NOT USE THEM. Read the Microsoft support policy for the use registry cleaning utilities .

There are many users who have used a registry cleaning tool, only to find their PC inoperable later. For a discussion on this topic, read this . Additionally, there is no such thing as a registry booster. Moreover, any space reclaimed by cleaning the registry is miniscule and insignificant. Lastly, in the process of removing a virus or threat, if such a virus or threat has made changes to the registry, WD will correct those registry entries.

6. How well does WD protect you?

WD provides excellent protection. However, no anti-malware product (free or paid), or combination of products, will provide 100% protection, 100% of the time. Malware (viruses, worms, Trojans, spyware, rootkits, malicious scripts, etc.) is constantly changing, and anti-malware products always have to keep up.

Note that very few of the commonly referenced testing groups are certified by any recognized bodies. Most of these choose to call their results ‘comparative’ rather than a certification as a result. If a testing body has no certification itself, it is rather a stretch for them to purport that they have any right to call their own results a certification.

7. How do I know if WD is really working?

You can test WD using the EICAR test file. You can download the test file from here . You may want to review this page on intended use and contents of the test file. Additional options for sample submissions and online scanners can be found here: List of Online File analyzers & services

8. Can I schedule when WD definition updates occur?

The ability to do this does not exist at this time. If you are concerned about an update occurring while using an application, or playing a game, do a manual update before starting such activity.

9. What if I leave my PC turned off for several days?

The virus definitions get out of date, and WD will update when you do turn on your PC. You can update manually by opening WD, selecting the Update tab, and clicking on UPDATE. If new definitions are available, they will be downloaded. You can also update WD by using Windows Update. If you encounter an error, WD may have already begun the update process. Wait a minute or so, and try again.

10. I do not understand WD’s definition updates.

The update process for WD is similar to MSE. For a detailed explanation of the WD update process, read this: Microsoft Security Essentials Update FAQ . The exception is that WD updating respects the settings selected for Automatic Updates in Windows 8. If you have set AU to notify you, then WD will not automatically update and it will alert in about 7 days. WD will normally update itself about every 24 hours. You can update WD manually, if you want. Otherwise, it is not needed and causes unnecessary overhead. If an event occurs that requires immediate attention, the WD update system will force an update to occur. In addition, WD employs a “Dynamic Signature Service” (DSS). Whenever WD encounters something it does not know or recognize, it will send information to “Microsoft Active Protection Service” (MAPS). Depending on what MAPS determines from inspecting the information, it will cause an automatic download of definition updates to handle the malware.

11. How do I get definition updates and program upgrades?

WD definition updates are provided by Windows Update, and the “Update” tab in WD. Also, WD will update itself every 24-hours. If you need to update WD definitions while offline or using a slow connection, go to Microsoft Malware Protection Center and select the W8 definition files, and follow the instructions for installation.

For upgrades or updates to the WD application, these are delivered by Windows Update.

12. What is the difference between a Quick scan and a Full scan?

Real-time protection is the real protection against malware. Next, a quick scan will find orphaned files and auto-starts and stop them from running. Finally, a full scan can find malware missed by the quick scan. A full scan will “deep” scan every file on your system, including archive files (i.e. zip, rar, cab, etc.). A full scan can take hours to run. The decision to run a full scan is a personal preference. You might choose to run a full scan once per month, or before a complete backup. The decision is yours.

To scan a specific hard drive or USB device, select Custom scan and Scan Now, then choose the drive you wish to scan. A full scan will then be performed on the selected drive.

13. Will WD scan and update while my PC is asleep?

No. The PC must be on (not off, standby, hibernating, or asleep) for the scheduled scan to occur and for updates to download/install.

14. Can WD shutdown my PC once a scan is finished?

This cannot be accomplished from the WD user interface. However, you can accomplish this using the task scheduler or batch scripts. Review this thread for more information.

15. How do I schedule a scan with WD?

Windows Defender «scheduled scan» is included in Windows 8 Automatic Maintenance. Open the Action Center, click on «Maintenance», then on «Change maintenance settings», and then choose a time.

There is also a «Wake the computer» option. However, there is no reason to leave the computer on overnight. Leave the setting at the default of 3am, and turn off the computer normally. The scan will occur a short time after you turn on your PC.

For other options, look at Windows Defender in the Task Scheduler.

See this thread for information from GreginMich on the topic of scheduling a scan.

16. Where are WD Settings?

Open WD and click the Settings tab. There you will find various categories and their settings.

17. How do I temporarily disable Real-Time scanning?

You should not need to do this, even if a product manufacturer tells you it should be done prior to installing their software. However, if you feel you must temporarily disable real-time scanning, open WD, click the Settings tab, select Real-Time Protection, and clear the check box for “Turn on real-time protection”. Remember, you must turn real-time protection back on.

18. Where are the WD desktop and tray icons?

Windows Defender can be found on the Start screen, All Apps. If you really want a Desktop icon, do the following:

Use the charms , and search for Defender. Alternatively, go to the Start Screen, right-click, and select All Apps. Under the Windows System group, you will find Windows Defender.

Once you have found Windows Defender, right-click on it and select Open File Location. There you will find a shortcut to Windows Defender. Copy the shortcut, and paste it on your Desktop.

There is no tray icon with WD on W8. The Action Center icon reports WD issues.

19. How do I determine what version or build of WD I have?

Open WD and click on the “down pointer” to the right of “Help”. Then, click on “About Windows Defender”.

20. How do I get support for, and provide feedback on, WD?

Support for Windows Defender is provided by Microsoft for retail purchased copies of Windows 8 or by the computer manufacturer if Windows 8 was provided with the computer. For Microsoft provided Support options, start here: http://support.microsoft.com/get-support

Feedback on WD is unavailable at this time. It is suggested that you use MSE feedback in the interim, where your suggestions and feedback will likely be handled in the same manner as the feedback on MSE.

21. Can WD be used from the Command Prompt?

Yes. The MpCmdRun function of WD provides this ability.

To run this tool, go to the Start Screen, right-click, and select All Apps.

Under the Windows System group, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the following commands:

> cd \Program Files\Windows Defender

> MpCmdRun /?

This will provide you with a list of commands and options that can be used from the Command Prompt with Windows Defender. You may want to review this thread for more information.

22. Where are the WD log files?

The MpCmdRun function of WD provides the ability to gather the following information/logs and packages them together in a compressed file in the support directory. This information includes:

• Any trace files from Microsoft Antimalware Service
• The Windows Update history log
• All Microsoft Antimalware Service events from the System event log
• All relevant Microsoft Antimalware Service registry locations
• The log file of this tool
• The log file of the signature update helper tool

To run this tool, go to the Start Screen, right-click and select All Apps.

Under the Windows System group, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the following commands:

> cd \Program Files\Windows Defender

> MpCmdRun -getfiles -scan

At this point, logs will be collected and placed in a cab file. This process can take several minutes. When the process is complete, you will find the collected information here:

• C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab

Now, close the Command Prompt window. Then, using Windows Explorer, navigate to the above folder and extract the logs from the cab file to a location of your choice. Then, using Notepad, browse, examine, and peruse the logs and information.

Also, review the system event log for more information regarding WD events and the following event codes. These events are found in Event Viewer (Local), Applications and Services, Microsoft, Windows, Windows Defender, Operational:

• 1000 – Scan started
• 1001 – Scan completed
• 1002 – Scan stopped (canceled)
• 1005 – Scan terminated due to error
• 1011 – Item deleted from quarantine
• 1013 – History removed
• 1116 – Malware detection
• 1117 – Malware remediation
• 1118 – Malware remediation error (non-critical) [not confirmed]
• 1119 – Malware remediation error (critical)
• 2000 – Successful update
• 2001 – Failed update
• 2002 – Engine update
• 2010 – Dynamic Signature Service retrieved additional signatures
• 2011 – Dynamic Signature Service discarded obsolete signatures
• 3002 – Real-time protection failure: behavior monitoring
• 5000 – Real-time protection enabled
• 5001 – Real-time protection disabled
• 5004 – Real-time protection configuration changed
• 5007 – Configuration changed

23. Can I use a proxy?

If Windows 8 updates work, Windows Defender updates will work. However, KB2599808 may be of some interest to you.

You may also use this procedure:

Go to the Start Screen, right-click, and select All Apps.

Under the Windows System group, right-click on Command Prompt, and select Run as Administrator. Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the command as per the examples below:

> NETSH WINHTTP SET PROXY 1.1.1.1:8080

> NETSH WINHTTP SET PROXY MYPROXY.NET:8080

24. I cannot use my VPN.

This is not a problem with WD. You must have your VPN provider update their software to recognize WD.

25. Does WD scan email?

No. There is no need for this to be done. What is important are attachments and links in email. When you attempt to open or save an attachment, or open a link, WD’s real-time protection inspects those items. Read this thread regarding the handling of email. However, the best rule you will ever find is “if you do not know the sender, do not open the attachments”. Better yet, do not open the mail.

26 . Does WD filter junk email?

No, junk/spam email is not malware. Junk/Spam filters are a function of your email provider, and the email client that you use.

27. Does WD include a Firewall?

No. This is not necessary. W8 includes Windows Firewall in addition to Windows Defender. If you do install a third-party product, and later remove/uninstall it, make certain that the Windows Firewall is on. You can find the Windows Firewall in the Control Panel.

28. Are there other scanning options/solutions/tools from Microsoft?

• The Malicious Software Removal Tool (MSRT) is provided via the monthly update from Microsoft, regardless of what anti-malware solution you have installed. It runs during the update process. MSRT can also be run on-demand if you download it.
• Also available is the Microsoft Safety Scanner . This is not a real-time scanner. It is a free, downloadable, on-demand scanner.
• Use Windows Defender Offline to create a bootable USB stick or CD to help remove threats from your system.
• For corporate/commercial users, Microsoft Forefront is available.

29. What about cookies?

Cookies are not malware. Cookies are a browser issue, and are not a problem (except for privacy concerns). This is where third-party Cookies are used. Organizations and companies use third-party cookies to collect information about your viewing habits and preferences.

If these cookies concern you, you can turn them off. To turn them off in Internet Explorer, go to

• Control Panel, All Control Panel items, Internet Options
• Select the Privacy tab, Advanced
• Check the box for Override automatic cookie handling and select the button to Block Third-Party Cookies.

Also, note that other anti-malware products will report cookies in their scans, while WD does not. This gives the appearance that WD is not finding as many “viruses” as these other products, which is incorrect.

An additional note: If you are concerned about privacy and tracking, please visit the Do Not Track Test Page .

30. How do I remove/release a file or program that is being quarantined?

Open WD. Go to the History tab and select the Quarantined items radio button. Next, highlight the item you want restored and select Restore. Note that doing this will allow the file to exist and exposes you to risk of infection (if the file was infected).

31 . Windows Backup and quarantined items

If you have items that are quarantined , and you use Windows 7 File Recovery (Windows Backup and Restore on Windows 7), you may see the backup fail (with error 0x81000031), complaining «Shadow Files Cannot be Read». You must either REMOVE or ALLOW any quarantined items, and re-run your backup. If you look up 0x81000031, you will likely be directed to KB973455 , which will instruct you to delete reparse (junction) points, which is the incorrect answer to this problem. Simply remediate the quarantined files, and re-run the backup.

32. How do I backup my computer and data?

You should explore these W8 options for backing up your system/data:

• Control Panel, All Control Panel Items, File History
• Control Panel, All Control Panel Items, Windows 7 File Recovery
• Using the charms, search for Windows Easy Transfer

Y ou may also want to explore the use of a third-party backup solution, or storing your data on SkyDrive (or some other cloud solution).

33. How do I control Startup programs?

You can use press Ctrl+Shift+Esc to bring up Task Manager and use STARTUP tab to disable those programs you do not need.

34. Can I improve my startup performance?

Examine the necessity of the number of startup programs you have. To examine your startup programs, use the Task Manager. To do this, press Ctrl+Shift+Esc to bring up Task Manager and use STARTUP tab to disable those programs you do not need. Which startup programs should you keep, and which should you disable? Look at the startup program database on bleepingcomputer.com .

35. How do I use the MS Community forums?

The Microsoft Answer Forums support Windows, Internet Explorer, Office, Viruses and Malware , and Microsoft products. If your concern/issue is not addressed in these forums, just select the appropriate forum and ask your question. Provide your OS information, browser used, and any anti-malware products you have or had installed. You may want to review Suggestions for asking a question on help forums . Volunteers and users support the forums.

Note that the MS Community forums are for Microsoft Products. If you need help with a third-party product, contact the manufacturer of that product for support with their software.

36. Are calls from Microsoft to remove viruses legitimate?

No. It is not Microsoft that called you. Unless you specifically initiated a support case with Microsoft, this is a fraud/scam attempt. For more information, read Avoid scams that use the Microsoft name fraudulently and Avoid tech support phone scams .

37. What if I get a Pop-up for one of those fake anti-virus products?

If you clicked on it, or even if you simply closed the pop-up, you are likely infected and need to go into virus removal mode.

If you have not touched anything on the screen since the pop-up, you may be able to avoid being infected. The following assumes you are using Internet Explorer and WD. If not, adapt this procedure for the browser and anti-malware product you are using. Whenever you encounter one of these pop-ups while browsing, immediately do either of the following:

• Shut down the PC without touching any browser windows.

• Do not touch any browser window to close it or browse further. Immediately press Ctrl+Shift+Esc to bring up Task Manager. Select the Processes tab and END all instances of Internet Explorer by right clicking on the entry(s) and selecting END TASK. Then, shut down the PC.

• Press Alt+F4 until all browser windows are closed. Then, shut down the PC.

Next, restart the PC. Once the PC restarts, go to

• Control Panel, All Control Panel Items, Internet Options
• Select the General tab, Browsing History, Delete
• Select Temporary Internet files and Cookies, and Delete
• Then, perform a full scan with WD.

If you are still having difficulty removing these fake products, use the Microsoft Answers Viruses and Malware forum for additional help, or get support from Microsoft as previously described in these faqs. You may also want to visit bleepingcomputer.com , where removal instructions are provided for many of these viruses.

38. Can I use a cleaner like CCleaner or Advanced System Care?

Yes, but make sure these cleaners are not deleting important WD files. You must find the appropriate settings in those tools and set them correctly if they concern you, or contact the manufacturer of those products for support. However, there is no need to use such tools, which can cause problems by deleting folders and files needed by W8, WD, and other applications.

If you really want to clean/remove temporary files, use Disk Cleanup that is included in W8. To find Disk Cleanup, use the charms and search for CLEANMGR.

39. Do I need JAVA?

Most likely not. There is Java and Javascript. Javascript is built into Internet Explorer. Very few applications need to install the Java application. If you are not sure, do not install JAVA. If you encounter an application that requires JAVA, it will inform you. You can then choose to install JAVA at that time. If you find that you have JAVA installed and do not need it, remove it. By not installing JAVA, you can avoid problems and issues associated with JAVA, its updates, and associated security issues/concerns. For more information on the risks of Java, read this document .

40. What about Adobe Flash Player?

Adobe Flash Player is now included in Internet Explorer, in both Modern and Desktop mode. Windows Update provides updates for Adobe Flash Player.

SECTION 4: A well-protected system

A well-protected system consists of several of areas of concern. Attention to each area will help keep your system protected. There is a Microsoft Fixit , which can address some of these concerns for you. To achieve a well-protected system, please consider these items/issues:

• Hardware that supports UEFI-based Secure Boot
• Windows 8, fully updated (including service packs), with Automatic Update ON
• Data Execution Prevention (DEP) for all programs and services. For information on DEP, refer to KB912923 and to PAE/NX/SSE2 Support Requirement Guide for Windows 8 .
• All third-party applications (i.e. Java, Adobe Reader, etc.) updated. You must keep these applications up-to-date, as they are frequently updated to address security issues.
• Windows Defender providing comprehensive real-time anti-malware protection
• Internet Explorer with:
  • Security tab: Default security settings (Reset all zones to default level)
  • Privacy tab: Pop-up Blocker ON
  • Advanced tab: Settings, Security, Enable SmartScreen Filter ON
• Windows Firewall ON
• Remote Registry Service NOT started
• User Account Control (UAC) ON, and not running with elevated privileges
• A good password policy in effect
• A good backup procedure in effect
• Only download software and drivers from the manufacturer/provider. There is no need to go anywhere else. Doing so will only put you at risk.
• Visit Microsoft’s Malware Protection Center for the latest news on viruses and threats
• And, YOU must practice safe surfing!

Special thanks to the following contributors to this article: