Navigation


Content

Tip: keyboard shortcut Ctrl+F searches in the page contents.

Configure Microsoft Security Essentials

How to configure and automate Microsoft Security Essentials and manage quarantined items in Windows XP, Vista and 7

By . Last modified: 2014-04-09.

Attention, Windows XP users: Microsoft will stop providing malware definition updates for you after July 14, 2015. Because outdated definitions cannot provide adequate protection, see avast! Free Antivirus instructions instead.

If you're reading this article right after installing Microsoft Security Essentials, please wait until updating of virus and spyware definitions is complete. During updating process, History and Settings tabs are disabled.

Microsoft Security Essentials uses Windows Update to download and install new definitions once a day. If updates fail constantly, follow instructions in the Reinstall Windows Update article.

If you want to schedule more frequent virus and malware signature updates, use MpCmdRun and Task Scheduler as described in the Configure Windows Defender in Windows 8 article. Please note that Microsoft Security Essentials is located in C:\Program Files\Microsoft Security Client folder.
Microsoft Security Essentials updating virus and spyware definitions. Please stand by.

After updating is complete, a quick scan will start. Please note that there will be a red bar stating "Computer status - At risk" until the scan has finished. This bar displays status of Microsoft Security Essentials, it can be red "At risk", yellow-orange "Potentially unprotected" or green "Protected".

As there is no point in waiting until scanning process is complete, click the Settings tab above. This will open the Scheduled scan tab on the left.
Leave Quick scan for Scan type. This will check essential files and settings only and the scan will not take much time.
Then decide when and how often a scheduled scan will be performed. By default, there is a scan performed every Sunday, around 2:00 in the morning. I recommend selecting Daily from When: box to be on the safe side. Then specify a time when your computer is most probably turned on in Around: box.
Always leave Check for the latest virus & spyware definitions before running a scheduled scan box checked - this ensures that Microsoft Security Essentials will be up to date during the scheduled scan.
The Start the scheduled scan only when my PC is turned on but not in use box specifies whether you want to start the scheduled scan only when you're not using the computer (the computer is idle or doing nothing much). To ensure that scheduled scanning really starts, uncheck this box.
If you are normally using your computer at the time of scheduled scans, select something lower than the default 50% from the Limit CPU usage during scan to: box.
Microsoft Security Essentials Settings tab, Scheduled scan. Leave Quick scan for Scan type. Specify a time when your computer is most probably turned on in When and Around boxes. Always leave the 'Check for the latest virus & spyware definitions before running a scheduled scan' box checked. Then select a percentage from 'Limit CPU usage during scan to' box to set maximum processor usage during the scan.

To schedule a full monthly scan, use MpCmdRun and Task Scheduler as described in Configure Windows Defender in Windows 8 tutorial. Please note that Microsoft Security Essentials is located in C:\Program Files\Microsoft Security Client folder.

Click Default Actions in the left part of the window. Select Remove for Severe alert level, High alert level and Medium alert level. Leave the default selection, Recommended action, for Low alert level.
Also leave the Apply recommended actions: Help protect your PC by applying the actions above after Security Essentials detects potential threats box selected - this means that the selected actions will be performed automatically for different alert levels.
Microsoft Security Essentials Settings tab, Default actions. Select 'Remove' for everything except Low alert level.

Click Real-time protection on the left. Make sure there is a check mark in the Turn on real-time protection (recommended) check box.
Microsoft Security Essentials Settings tab, Real-time protection. Make sure the 'Turn on real-time protection (recommended)' option is selected.

Click Advanced in the left part of the window. Enable Scan archive files and Scan removable drives options. The first one will scan compressed folders (.zip files) for malicious software. The latter one enables scanning connected USB drives during a full scan. This is very important, as malicious software can spread via such media.
Then check the Create a system restore point box. This will create a System Restore point each time before a detected malware or virus is removed or quarantined. In case something goes wrong, you can use System Restore to recover your computer to a working state.
Set Remove quarantined files after to 3 months. This helps to free some space on your computer's hard drive.
Tick the Send file samples automatically when further analysis is required check box to prevent popup dialogs in case Microsoft Security Essentials is unable to determine if a file is malicious. Those who really want to avoid sending data to Microsoft, can leave the box unchecked.
Finally, click Save changes.
Microsoft Security Essentials Settings tab, Advanced. Enable all check boxes. Then click Save changes button.

Windows Vista's and 7's User Account Control will again warn that Microsoft Security Essentials will make changes to the computer. As changes are necessary for saving settings, click Continue or Yes.
Windows XP users see no prompt.
Windows 7 User Account Control dialog for Microsoft Security Essentials settings change. Click Yes.

The settings are now saved. Please wait until quick scan is complete and then make sure the top bar turns green and says: "Computer status - Protected".
Now you can safely close Microsoft Security Essentials window by pressing Alt+F4 on your keyboard.
Microsoft Security Essentials will run in the background and monitor files and settings. The program will automatically update its virus and spyware definitions at least once a day.
Microsoft Security Essentials scanning complete. Make sure there is a green bar with 'Computer status - Protected' after this. If not, select Full from the right and click Scan.

If the bar does not turn green, you should perform a full scan.

Microsoft Security Essentials' messages

You can always check the status of Microsoft Security Essentials by checking the color of its icon in Taskbar Notification Area (aka System Tray).

When the fortress icon is green, everything is fine.

After April 8th of 2014, Windows XP users will always see the System Tray icon in red and pop-ups stating "Support for this operating system has ended, which means Microsoft Security Essentials is no longer supported and your PC is at risk" appear from time to time. You will still get definition updates until July 14th of 2015, but it is time to switch your anti-virus software.
Windows XP, Microsoft Security Essentials popup about end of support in Taskbar Notification Area.

The main window also displays the same message and states "operating system support has ended" in status line of both Real-time protection and Virus and spyware definitions.
Windows XP, Microsoft Security Essentials main window, notifications about end of support.

When it's yellow-orange, Microsoft Security Essentials has not been able to update its definition database or perform a quick scan for a few days. It might also mean that an upgrade to the program is available. Launch the program by clicking its icon and then selecting Open. In case of no scanning done for some time, click the yellow-orange Scan now button; if an upgrade is available, click the yellow-orange Upgrade now button and read instructions here.

If the icon is red, you're still using Windows XP, MSE or its service is turned off, the definition database is really old or something was found during a scan and Microsoft Security Essentials does not know how to handle the detected item (you decide whether to allow or remove it).
In case updates fail all the time, follow instructions in the Reinstall Windows Update tutorial.
Windows 7, Microsoft Security Essentials icon in Taskbar Notification Area. Green color means that MSE is working normally. Windows 7, Microsoft Security Essentials icon in Taskbar Notification Area. Red color means that MSE is turned off. Windows 7, Microsoft Security Essentials icon in Taskbar Notification Area. The moving arrow means that virus database update is in progress. Windows 7, Microsoft Security Essentials icon in Taskbar Notification Area. The rotating disc means that malware cleaning is in progress.

On slower computers or computers with limited amount of RAM (Random Access Memory) it takes time for the Microsoft Security Essentials service to start after you log on to Windows. This causes Windows XP and Vista Security Center or Windows 7 Action Center to pop up a message about that. You can safely ignore that message and red status of Microsoft Security Essentials icon - after the service starts, the warning will disappear and the fortress icon will turn green. This happens only right after you restart or start your computer.
On slow computers Microsoft Security Essentials icon is red after a restart. This happens because it takes time for MSSE service to start. You can safely ignore this message, it will disappear right after MSSE service starts.

A far more serious problem is when Microsoft Security Essentials pops up a window saying that the program's service stopped. This means that something caused the Microsoft Antimalware Service to crash or stop. This might happen because of malware. In either case, click Start now button. If such situation occurs repeatedly, run a full scan of your computer.
Microsoft Security Essentials isn't monitoring your PC because the program's service stopped. Click Start now button. If the problem recurs, run a full virus scan.

In case malware is detected and Microsoft Security Essentials is able to handle it automatically, a green notification will appear above Notification Area/System Tray. As the message states, no action is needed on your behalf.
Microsoft Security Essentials, Detected threats are being cleaned, No action needed.

If Microsoft Security Essentials detects a virus or malware and is unable to perform an automatic action, a small red or yellow-orange window (depening on alert level) will pop up above Taskbar Notification area. Click Clean computer.
Microsoft Security Essentials detected a potential threat on your PC. Click Clean computer.

After cleaning is complete, sometimes a restart is required to delete some stubborn malicious files. Microsoft Security Essentials will turn its Taskbar Notification area icon yellow-orange and pop up a Restart required window. Close all your open documents and click Restart now as soon as possible.
Microsoft Security Essentials, To complete the cleanup you'll need to restart your PC. Click Restart now.

Stupidly enough, another window with basically the same message opens. Click Yes.
Microsoft Security Essentials, To complete the cleanup, you'll need to restart your PC. Click Yes.

Your computer will then restart and Microsoft Security Essentials will delete the remains of the virus or malware.

Managing items quarantined by Microsoft Security Essentials

By default, all infected items are moved to quarantine, a safe place where these malicious files can not harm your computer. Microsoft Security Essentials removes the items after three months (if configured to do so). To check or manage quarantined items, open Microsoft Security Essentials by clicking its icon in Taskbar Notification area and clicking Open.
Windows 7, open Microsoft Security Essentials by clicking its icon in Taskbar Notification Area. Then click Open.

Click History tab and make sure Quarantined items is selected.
To review items quarantined by Microsoft Security Essentials, click History tab. Then click Quarantined items.

Normally I suggest clicking Remove all button - all those items were quarantined for a reason.

If you are just curious and you want to know more about which files got quarantined for which reason, you can click an item in the list and read its description and previous location from.
You can also select any detected item by checking its check box on the left. Then you can delete just some items by clicking Remove.

You can also restore an item to its previous location by clicking Restore button. But be very-very careful with that - false detections are really rare! Never restore items with Alert levels "High" or "Medium"!

Please support winhelp.us:
No PayPal account required!

Comments





 Comments? Suggestions? Ideas? Let me know! 
Your name (public):
Your e-mail (will not be displayed):
Title:
Notify me of new comments to this item: (send e-mail to info[at]winhelp.us to stop receiving)
Your comments/suggestions/ideas (no HTML code!)
winhelp.us owners reserve the right to remove or not publish comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming.
winhelp.us Privacy Policy.
This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)
Share: Facebook Google+ Twitter LinkedIn StumbleUpon Pinterest E-mail

Browser and plugin check Google Custom Search Donate to keep this site running