Windows 10 has built-in real-time antivirus named Windows Defender, and it’s actually pretty good. It automatically runs in the background, ensuring all Windows users are protected against viruses and other nasties. Here’s how it works.
Starting with the Creators Update for Windows 10, Windows Defender’s interface changed a bit, and it was integrated into the new Windows Defender Security Center—which also provides access to security-related tools like family protection, firewall settings, device performance and health reports, and browser security controls. If you haven’t yet updated to the Creators Update, you should still be able to follow along pretty well.
What Is Windows Defender?
Microsoft offered a standalone antivirus app named Microsoft Security Essentials in the days of Windows XP, Vista, and 7. With Windows 8, the product was tidied up a bit, bundled with Windows, and renamed Windows Defender. And it’s pretty good, if something of a mixed bag. It’s true that other antivirus apps (like BitDefender and Kaspersky) protect against more viruses in benchmarks.
But Windows Defender boasts some advantages, too. It’s by far the most non-invasive app, handling things in the background whenever it can and not nagging you all the time. Windows Defender also plays nicer with web browsers and other apps (respecting their security and privacy settings more than most other antivirus apps).
What you use is up to you, but Windows Defender is not a bad choice (and has overcome most of its problems from a few years back). We do, however, recommend running an anti-malware app like Malwarebytes in addition to whatever antivirus app you choose.
Take Advantage of Automatic Scans and Updates
Like other antivirus apps, Windows Defender automatically runs in the background, scanning files when they’re downloaded, transferred from external drives, and before you open them.
You don’t really have to think about Windows Defender at all. It will only pop up to inform you when it finds malware. It won’t even ask you what you want to do with the malicious software it finds, it just cleans things up and quarantines the files automatically.
You’ll occasionally see a notification popup to let you know when a scan has been performed, and you can usually see the details of the last scan by opening the Action Center in Windows 10.
If Windows Defender does find a threat, you’ll also see a notification letting you know that it’s taking action to clean those threats, and no action is required from you.
Antivirus definition updates automatically arrive through Windows Update and are installed like any other system update. These types of updates don’t require rebooting your computer. That way, don’t need to worry about updating Windows Defender, because it’s all handled quietly and automatically in the background.
View Your Scan History and Quarantined Malware
You can view Windows Defender’s scan history anytime you want, and if you’re notified that it has blocked malware, you can view that information too. To fire up the Windows Defender Security Center, just hit Start, type defender, and then select Windows Defender Security Center.
In the Windows Defender Security Center window, switch to the Windows Defender tab (the shield icon) and then click the Scan history link.
The Scan history screen shows you all current threats, plus information about your last scan. If you want to see the full history of quarantined threats, just click the See full history link in that section.
Here, you can see all the threats that Windows Defender has quarantined. To see more about a threat, click the arrow to its right. And to see even more, click the See details link that shows up when you expand a particular threat.
You don’t really need to do anything else here, but if you didn’t have Windows Defender delete the threat when it was found, you’ll be given the option to do that on this screen. You’ll also be able to restore the item from quarantine, but you should only do this if you’re absolutely sure the detected malware is a false positive. If you’re not absolutely, 100 percent sure, don’t allow it to run.
Perform a Manual Scan
Back on the main Windows Defender tab, you can also have Windows Defender run a quick manual scan by clicking the Quick Scan button. Typically, you won’t need to bother with this since Windows Defender offers real-time protection and also performs regular automatic scans. However, if you just want to be safe (maybe you just updated your virus definitions) there’s absolutely no harm in running a quick scan.
You can also click the Advanced scan link on that screen to run three different types of scans:
- Full scan: The quick scan only scans your memory and common locations. A full scan checks every file and running program. It can easily take an hour or more, so it’s best to do this when you don’t plan on using your PC much.
- Custom scan: A custom scan lets you choose a particular folder to scan. You can also do this by right-clicking any folder on your PC and choose Scan with Windows Defender from the context menu.
- Windows Defender Offline scan: Some malware is tough to remove while Windows is running. When you select an offline scan, Windows restarts and runs a scan before Windows loads on the PC.
Configure Virus and Threat Protection Settings
By default, Windows Defender automatically enables real-time protection, cloud-based protection, and sample submission. Real-time protection ensures Windows Defender automatically finds malware by scanning your system in real time. You could disable this for a short period if necessary for performance reasons, but Windows Defender will automatically re-enable real-time protection to keep you safe later. Cloud-based protection and sample submission allow Windows Defender to share information about threats and the actual malware files it detects with Microsoft.
To enabled or disable any of these settings, click the Virus & threat protection settings link on the main Windows Defender tab.
And then toggle the settings on the screen that appears.
Set Up Exclusions for Certain Folders or Files
If you scroll down the very bottom of that same Virus & threat protection settings page, you can also set exclusions (files, folders, file types, or processes that you don’t want Windows Defender to scan). Just click the Add or remove exclusions link.
If antivirus is dramatically slowing down a certain app you know is safe by scanning it, creating an exclusion can speed things up again. If you use virtual machines, you might want to exclude those large files from the scanning process. If you have a huge photo or video library that you know is safe, you don’t really want scanning slowing down your editing.
To add an exclusion, click the Add an exclusion button, select the type of exclusion you want to add from the dropdown menu, and then point Windows Defender to whatever you want to exclude.
Just be careful to use exclusions sparingly and smartly. Each exclusion you add reduces your PC’s security by a bit, because they tell Windows Defender not to look in certain places.
What if You Install Another Antivirus?
Windows 10 automatically disables Windows Defender if you install another antivirus app. While another antivirus app is installed, Windows Defender won’t continue performing real-time scans, so it won’t interfere with your other app. You can still use Windows Defender to perform a manual (or offline) scan as a backup to your preferred antivirus app, though.
If you ever uninstall the other antivirus, Windows Defender will automatically kick into gear once again and take over, providing antivirus protection.
Do note, however, that certain anti-malware apps (like Malwarebytes) can be installed alongside Windows Defender and both will offer complimentary real-time protection.
Whichever antivirus product you prefer, it’s good that every single new Windows installation going forward will come with at least a baseline built-in antivirus protection. While it may not be perfect, Windows Defender does do a decent job, is minimally intrusive, and (when combined with other safe computing and browsing practices) might just be enough.