By default, Windows Defender does such a great job protecting your PC, that you probably won’t need another antivirus software. However, if you are concerned about security, this guide shows a number of advanced Windows Defender features that will secure your PC.
Note: some of these features are disabled by default to enhance usability over security. When enabled, they can prevent access to some of your apps – or even affect performance.
Content
- 1. Enable Controlled Folder Access
- 2. Enable Microsoft Defender Application Guard
- 3. Run Windows Defender Offline Scan
- 4. Enable Force Randomization for Images (Mandatory ASLR)
- 5. Run a Custom Scan
- 6. Enable Core Isolation Memory Integrity
- 7. Manually Submit a File Sample
1. Enable Controlled Folder Access
The Controlled folder access feature prevents unauthorized apps from modifying data in specified folders. This protects your data from becoming a target of ransomware and other malware.
However, the screening process is very aggressive. It only allows system apps and a handful of Microsoft-approved apps that aren’t even on an official list. After enabling, be ready to manually permit trustable apps to modify data.
Type “windows security” in Windows Search, and open the Windows Security app. You’ll find all Windows Defender settings that you need to configure here.
Click on Virus & threat protection in the left panel, then click on Manage ransomware protection at the bottom.
Enable Controlled folder access. There are a few options to manage it.
Click on Protected folders to see important data folders, like Pictures, Videos, etc. Click on the Add a protected folder button to add folders that you want to protect from modification.
If this prevents any of your trustable apps from functioning, you can add it to the allowed list by clicking on the Allow an app through Controlled folder access button.
2. Enable Microsoft Defender Application Guard
When enabled, this feature will launch Microsoft Edge in an isolated virtual environment, separate from your main system. Malicious websites won’t be able to attack your personal data, as it’s separate from the browser environment.
Of course, running a hardware-powered virtual environment does consume more resources and could negatively impact websites that have compatibility issues with virtual machines. You may notice sluggish performance (especially on older PCs) and some website features not working as intended.
In the Windows Security app, click on App & browser control, then click on Install Microsoft Defender Application Guard.
In the Windows Features window, enable Microsoft Defender Application Guard, and click OK to install the feature. You’ll have to reboot the PC.
Go to the App & browser control section again, and click on Change Application Guard Settings.
For protection, a bunch of features are disabled, such as copy/paste, printing, camera and microphone access, etc. You can enable these features here if you must use them.
3. Run Windows Defender Offline Scan
Although real-time protection and daily scans do a fine job of protecting your system, you may need to manually run an offline scan for more stubborn malware. The offline scan runs outside the Windows environment, so it can detect malware that may try to shield itself from regular scans or prevent the scan from blocking it.
If you think your PC is infected, or just want to make sure nothing suspicious is happening behind your back, run a Windows Defender offline scan.
Go to the Virus & threat protection section in the Windows Security app, and click on Scan options.
Select Microsoft Defender Offline scan, and click on Scan now. Once you confirm the prompt, your PC will restart, and the scan will run.
4. Enable Force Randomization for Images (Mandatory ASLR)
ASLR (Address Space Layout Randomization) is an OS feature that randomizes the memory location of programs to prevent malware from taking advantage of memory location vulnerability in programs. By default, this only applies to executables with the /DYNAMICBASE flag.
With the Force randomization for images (Mandatory ASLR) option enabled, ASLR security will be forced for all executables, even without the /DYNAMICBASE flag. Using ASLR on vulnerable executable files will improve overall security, but it may cause compatibility issues with some old legitimate programs.
To enable this feature, go to the App & browser control section, and click on Exploit protection settings.
Select On by default under the Force randomization for images (Mandatory ASLR) option, and restart the PC.
5. Run a Custom Scan
The Custom scan feature of Windows Defender will lead to better security. The quick scan feature only covers vulnerable locations, and a full system scan isn’t feasible to run every time, as it takes too much time and resources. If you doubt a program, it’s better to run a targeted custom scan.
Click on Scan options in the Virus & threat protection section.
Choose Custom scan, then click on the Scan now button. Select the location you want to scan, and the scan will run.
You can also use the Custom scan option to scan removable storage devices, like USBs, to make sure they are clean before use.
6. Enable Core Isolation Memory Integrity
This feature protects critical system processes from malware injection by running them in an isolated virtual environment. It separates a critical Windows kernel, system services, and security processes, like wininit.exe, isass.exe, smss.exe, and some instances of svchost.exe.
However, enabling it can lead to a slight impact on performance, as the system needs to run additional security checks and virtualization. More importantly, it can cause driver incompatibility that can affect your apps and possibly cause glitches and crashes.
In the Windows Security app, move to the Device security section, then click Core isolation details.
Enable Memory integrity to turn it on. (No restart required.)
If you face driver incompatibility issues, update all the drivers to the latest version and try again.
7. Manually Submit a File Sample
Although this will not immediately improve your PC security, this feature can improve overall Windows Defender scan capability for everyone. Microsoft lets you submit a potentially malicious file for a human analyst to go over, and upgrade Windows Defender security if it’s a new threat.
Submit a malicious file that Windows Defender didn’t detect or a clean file it flagged as malicious for an analyst to check by following these steps:
Go to the Virus & threat protection section, and click on Manage settings under Virus & threat protection settings.
Click on Submit a sample manually under Automatic sample submission.
This will open the Microsoft Security Intelligence page in your browser. Log in with your Microsoft account, and fill in the form to submit the file.
Once submitted, you will receive a reply from an analyst in a few days. Go to the View submission history section on the website to view your submission’s status.
These Windows Defender security features will surely enhance your overall PC security. They will cause compatibility issues, but you can put the affected apps on the allowed list. Don’t forget to enable all the other security settings of Windows to minimize vulnerabilities.
All images and screenshots by Karrar Haider.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time. Subscribe
Karrar Haider –
Contributor
Karrar is drenched in technology and always fiddles with new tech opportunities. He has a bad habit of calling technology “Killer”, and doesn’t feel bad about spending too much time in front of the PC. If he is not writing about technology, you will find him spending quality time with his little family.
Leave a comment