If you're reading this article right after installing Microsoft Security Essentials, please wait until updating of virus and spyware definitions is complete. During updating process, History and Settings tabs are disabled.
Microsoft Security Essentials uses Windows Update to download and install new definitions once a day. If updates fail constantly, follow instructions in the Reinstall Windows Update article.
If you want to schedule more frequent virus and malware signature updates, use MpCmdRun and Task Scheduler as described in the Configure Windows Defender in Windows 8 article. Please note that Microsoft Security Essentials is located in C:\Program Files\Microsoft Security Client folder.
After updating is complete, a quick scan will start. Please note that there will be a red bar stating "Computer status - At risk" until the scan has finished. This bar displays status of Microsoft Security Essentials, it can be red "At risk", yellow-orange "Potentially unprotected" or green "Protected".
As there is no point in waiting until scanning process is complete, click the Settings tab above. This will open the Scheduled scan tab on the left.
Leave Quick scan for Scan type. This will check essential files and settings only and the scan will not take much time.
Then decide when and how often a scheduled scan will be performed. By default, there is a scan performed every Sunday, around 2:00 in the morning. I recommend selecting Daily from When: box to be on the safe side. Then specify a time when your computer is most probably turned on in Around: box.
Always leave Check for the latest virus & spyware definitions before running a scheduled scan box checked - this ensures that Microsoft Security Essentials will be up to date during the scheduled scan.
The Start the scheduled scan only when my PC is turned on but not in use box specifies whether you want to start the scheduled scan only when you're not using the computer (the computer is idle or doing nothing much). To ensure that scheduled scanning really starts, uncheck this box.
If you are normally using your computer at the time of scheduled scans, select something lower than the default 50% from the Limit CPU usage during scan to: box.
To schedule a full monthly scan, use MpCmdRun and Task Scheduler as described in Configure Windows Defender in Windows 8 tutorial. Please note that Microsoft Security Essentials is located in C:\Program Files\Microsoft Security Client folder.
Click Default Actions in the left part of the window. Select Remove for Severe alert level, High alert level and Medium alert level. Leave the default selection, Recommended action, for Low alert level.
Also leave the Apply recommended actions: Help protect your PC by applying the actions above after Security Essentials detects potential threats box selected - this means that the selected actions will be performed automatically for different alert levels.
Click Real-time protection on the left. Make sure there is a check mark in the Turn on real-time protection (recommended) check box.
Click Advanced in the left part of the window. Enable Scan archive files and Scan removable drives options. The first one will scan compressed folders (.zip files) for malicious software. The latter one enables scanning connected USB drives during a full scan. This is very important, as malicious software can spread via such media.
Then check the Create a system restore point box. This will create a System Restore point each time before a detected malware or virus is removed or quarantined. In case something goes wrong, you can use System Restore to recover your computer to a working state.
Set Remove quarantined files after to 3 months. This helps to free some space on your computer's hard drive.
Tick the Send file samples automatically when further analysis is required check box to prevent popup dialogs in case Microsoft Security Essentials is unable to determine if a file is malicious. Those who really want to avoid sending data to Microsoft, can leave the box unchecked.
Finally, click Save changes.
Windows Vista's and 7's User Account Control will again warn that Microsoft Security Essentials will make changes to the computer. As changes are necessary for saving settings, click Continue or Yes.
Windows XP users see no prompt.
The settings are now saved. Please wait until quick scan is complete and then make sure the top bar turns green and says: "Computer status - Protected".
Now you can safely close Microsoft Security Essentials window by pressing Alt+F4 on your keyboard.
Microsoft Security Essentials will run in the background and monitor files and settings. The program will automatically update its virus and spyware definitions at least once a day.
If the bar does not turn green, you should perform a full scan.
Microsoft Security Essentials' messages
You can always check the status of Microsoft Security Essentials by checking the color of its icon in Taskbar Notification Area.
When the fortress icon is green, everything is fine.
When it's yellow-orange, Microsoft Security Essentials has not been able to update its definition database or perform a quick scan for a few days. It might also mean that an upgrade to the program is available. Launch the program by clicking its icon and then selecting Open. In case of no scanning done for some time, click the yellow-orange Scan now button; if an upgrade is available, click the yellow-orange Upgrade now button and read instructions here.
If the icon is red, MSE or its service is turned off, the definition database is really old or something was found during a scan and Microsoft Security Essentials does not know how to handle the detected item (you decide whether to allow or remove it).
In case updates fail all the time, follow instructions in the Reinstall Windows Update tutorial.
On slower computers or computers with limited amount of RAM (Random Access Memory) it takes time for the Microsoft Security Essentials service to start after you log on to Windows. This causes Windows XP and Vista Security Center or Windows 7 Action Center to pop up a message about that. You can safely ignore that message and red status of Microsoft Security Essentials icon - after the service starts, the warning will disappear and the fortress icon will turn green. This happens only right after you restart or start your computer.
A far more serious problem is when Microsoft Security Essentials pops up a window saying that the program's service stopped. This means that something caused the Microsoft Antimalware Service to crash or stop. This might happen because of malware. In either case, click Start now button. If such situation occurs repeatedly, run a full scan of your computer.
In case malware is detected and Microsoft Security Essentials is able to handle it automatically, a green notification will appear above Notification Area/System Tray. As the message states, no action is needed on your behalf.
If Microsoft Security Essentials detects a virus or malware and is unable to perform an automatic action, a small red or yellow-orange window (depening on alert level) will pop up above Taskbar Notification area. Click Clean computer.
After cleaning is complete, sometimes a restart is required to delete some stubborn malicious files. Microsoft Security Essentials will turn its Taskbar Notification area icon yellow-orange and pop up a Restart required window. Close all your open documents and click Restart now as soon as possible.
Stupidly enough, another window with basically the same message opens. Click Yes.
Your computer will then restart and Microsoft Security Essentials will delete the remains of the virus or malware.
Managing items quarantined by Microsoft Security Essentials
By default, all infected items are moved to quarantine, a safe place where these malicious files can not harm your computer. Microsoft Security Essentials removes the items after three months (if configured to do so). To check or manage quarantined items, open Microsoft Security Essentials by clicking its icon in Taskbar Notification area and clicking Open.
Click History tab and make sure Quarantined items is selected.
Normally I suggest clicking Remove all button - all those items were quarantined for a reason.
If you are just curious and you want to know more about which files got quarantined for which reason, you can click an item in the list and read its description and previous location from.
You can also select any detected item by checking its check box on the left. Then you can delete just some items by clicking Remove.
You can also restore an item to its previous location by clicking Restore button. But be very-very careful with that - false detections are really rare! Never restore items with Alert levels "High" or "Medium"!
