Windows 10 has a built-in security tool that constantly "beats" commercial tools in independent lab tests. They recently received 100 percent points on the AV-Test security lab test and it is the best security solution on the market.
Windows Defender has been renamed Microsoft Defender and is a very simple tool that runs in the background of Windows. Most users never "dig" a little deeper in the settings of Defender, so today we will show you in this text what to pay attention to and what features we recommend to enable. So let's go in order…
1) Detect and remove hidden malware
By default, the antivirus component of Microsoft Defender does a Quick Scan every day. This checks certain folders where viruses, malware, and the like are most often found. To run this search manually, go to Settings> Update & Security> Windows Security. Select Virus & threat protection and select Quick Scan.
If you want a little better and safer scanning, select Full Scan instead of Quick Scan. This will allow Defender to scan all folders and files on your disk. You can also select Custom Scan and tell Defender what you want it to scan for you.
If you suspect that your system is infected, it is best to select the Microsoft Defender Offline Scan option. This is how you target the various rootkits that can be found on your system.
Don't worry, your computer will reset, enter Safe Mode and a scan will be done there, and you will eventually get a report and the ability to delete the rootkit or other "threat" you have on your computer. If you do not receive anything, it means that the Defender did not find any problem, and the computer will reset again and return to the "initial" state.
2) Protect files from Ransomware
Ransomware can cause you serious problems on your computer, and that includes encrypting your files and folders, and “searching” for a bunch of Bitcoins to get the key to unlocking them. Of course, you won’t pay for it with Bitcoins, but you will with data you won’t be able to get anymore.
Strangely, Defender has ransomware protection turned off by default. But the good thing is that you can easily turn it on. Go to the Virus & threat protection screen again, scroll down to “Ransomware protection” and click on the “Manage ransomware protection” option.
Click on “Controlled folder access” to turn on the option. This will protect folders such as Pictures, Documents, Videos, Music, and Desktop. If you have a special folder where you store private (or business) data that you don't want to lose, just click on "Protected folders" and then on "Add a protected folder". Add the folder you want to protect separately.
3) Automatically block the latest malware
Microsoft Defender offers real-time protection against malware. How? So it is constantly updating the database of known malware, so it can immediately detect and remove it from your system. Therefore, you should enable Cloud-delivered protection, or MAPS (Microsoft Active Protection Service). That ability to upload a suspicious file to Microsoft and they tell you if the file is secure or not.
This feature is enabled by default, but you should check that the other AV protection has not disabled it or that the malware has not done it for you. Go to the Virus & threat protection screen, click “Manage settings” under Virus & threat protection settings, and make sure the cloud protection is on. You should also turn on the “Automatic sample submission” option. While it may sound like a privacy threat, Defender will ask you before uploading a file containing private information.
4) Block unknown and unwanted applications
Windows May 2020 Update has introduced protection against potentially unwanted programs (PUP) to complement its SmartScreen feature.
To take full advantage of this tool and maximize your protection, select "Apps & browser control" within Windows Security. A “Reputation-based protection” screen will appear in which you will see two options that you can turn on or off. These are “Check apps and Files” and “SmartScreen for Microsoft Edge”.
It is advisable to include both options. As for the Edge, turn it on even if you’re not using the Edge. And the other - "Check apps and files" could sometimes block a legitimate program. But this rarely happens and it is not an excuse to turn off this protection. More times they will save you than block you in what you do.
5) Configure Firewall settings
Microsoft Defender Firewall automatically blocks incoming and outgoing security threats, but as long as they are well configured. Click on "Firewall & network protection" in Windows Security and make sure Domain, Private and Public are enabled.
The firewall uses "rules" to check Internet traffic. They are already set to suit most users. But if you want to set some of your own rules and have knowledge of networks, you can open Advanced settings, and select Inbound or Outbound Rules and add your own rules.
They can refer to incoming or outgoing Internet traffic. For example, you can block traffic on port 21 related to FTP with rules. We won’t go into too much of the topic, but you can do a lot here for your safety.
6) Advanced settings (ConfigureDefender)
Microsoft Defender has many advanced settings, but you can't access them all through Windows Security. You have to unlock them with complicated PowerShell commands. But that's why there is a free ConfigureDefender tool that is very useful.
It is a tool that gives you a graphical interface for all Defender settings and with which you can take more control over security. That is, you can better adjust the security settings to suit you. Maybe Defender will be safer after that, maybe not.
But if you have the will, definitely try this tool. With it, you can adjust from basic settings such as scanning your computer to more advanced ones such as blocking potentially dangerous Office macros and USB sticks.
You have a bunch of options and the end of each option is a drop-down menu with 3 options: Default, High, and Max. After you set everything up, reset Windows and that’s it.