Windows Defender in Vista

Before you start

Objectives: learn where to find and how to configure Windows Defender in Vista

Prerequisites: you should know what is Windows Defender in general.

Key terms: software, defender, scan, program, information, real time, system, spyware, alert, action, security


Defender in Vista

We can open Defender in Vista by going to Control Panel > Security > Windows Defender.

Defender

Image 234.1 – Defender

From this window we can manually scan our computer. We can select to do a Quick scan, Full scan or Custom scan. From custom scan we can select which files and folders to scan.

Scanning Options

Image 234.2. – Scan Options

Custom Scan

Image 234.3 – Custom Scan

Options

To check automatic scan settings we can go to Tools and then Options.

Options

Image 234.4 – Options

As we can see, our computer will be scanned around 2 a.m. every day. We can change those settings as we like. It is recommended to check for updated definitions before scanning. Also, we can select to apply default actions to items detected during scan. Default actions are set below.

Default Actions

Image 234.5 – Default Actions

Here we can choose the default action that we want Defender to apply when items with certain levels are detected. If we scroll down again, we can see real-time monitoring agents that are running.

Real-time Monitoring

Image 234.6 – Real-time Monitoring

We can turn them off or on. Scrolling down we can find other options relevant to scanning.

SpyNet

Let’s go to the Tools and then Microsoft SpyNet. The SpyNet community is an online Microsoft community that allows us to see if other people have downloaded and installed certain software. This may help us when trying to decide whether to trust downloaded software or not. SpyNet also allows our computer to send Defender information to Microsoft for use in analyzing software.

SpyNet

Image 234.7 – SpyNet Options

Joining SpyNet with a basic membership sends information about detected software and the actions we took to Microsoft. Most (but not all) personal information is excluded. We will not be notified of software that has not yet been analyzed.

Joining SpyNet with an advanced membership sends more information to Microsoft, which might include additional personal information (although this information will not be shared). We will be notified of software that has not yet been analyzed.

Quarantine

If we go to Tools and then Quarantined items, we can see which programs are prevented from running until we choose to restore them or remove them.

Quarantine

Image 234.8 – Quarantined Items

If we go back to Tools, and then to Allowed items, we can see which programs are always allowed to run.

9-Allowed-Items

Image 234.9 – Allowed Items

Software Explorer

From Tools we can open Software Explorer. Software Explorer displays information about software on our system, including programs that start with the computer boot process, programs running on screen or in the background, programs connected to the Internet (useful for spyware and malware, such as a Trojan horse, because they may create an unwanted Internet connection, passing personal data or downloaded unwanted software), and Winsock service providers (programs that provide low-level networking features on the computer).

Software Explorer

Image 234.10 – Software Explorer

By default, list of programs is sorted by Publisher. We can also sort those programs by startup type by right-clicking on any program and selecting ‘Startup Type’. When we select particular program, on the right side we can see additional information about that program.

Selected Software

Image 234.11 – Selected Software

When we select particular software, we can remove it or disable it by clicking on the appropriate buttons below. If we select the Currently Running Programs category, we can select particular software and end it by clicking the End Process button.

Alerts

When Windows Defender finds suspicious item it will warn us. Depending on the alert levels we can get different warnings and choose different actions.

Defender Alert

Image 234.12 – Severe Alert

Defender Alert Medium

Image 234.13 – Medium Alert

For best protection, we should always keep the definition files up to date. Defender can check for new updates every time a system scan takes place. Windows Defender also uses Windows Updates to automatically download definition files. Non-administrators can use Defender and take actions on software (such as Ignore, Remove, or Quarantine). To run a program in the Quarantined items list, we must restore it on our system. When we run it, Defender will identify it again as a potential security threat. When detected, then we can choose Always Allow to add the program to the list of allowed items so that we can run it again in the future without a prompting. We can review past actions taken by Windows Defender through the History screen, or check for Defender events in Event Viewer. In a corporate environment Group Policy can be used to manage Windows Defender settings on domain members.

Remember

With defender, we can select to do a Quick scan, Full scan or Custom scan. It is recommended to check for updated definitions before scanning. We can select default actions for items detected during scan. The SpyNet community may help us when trying to decide whether to trust downloaded software or not. Quarantined items are prevented from running until we choose to restore them or remove them. Software Explorer displays information about software on our system. When Windows Defender finds suspicious item it will warn us. Depending on the alert levels we can get different warnings and choose different actions.

Paths that are mentioned in this article
  • Control Panel > Security > Windows Defender – path to the Defender in Vista