Navigation


Content

Tip: keyboard shortcut Ctrl+F searches in the page contents.

Configure Windows Defender in Windows 8 and 8.1

How to configure and automate Windows Defender in Windows 8 and 8.1

By . Last modified: 2014-06-03.

Windows Defender is the default real-time (always on) protection program in Windows 8 and 8.1. Unlike the one in Windows XP, Vista and 7, the Windows 8/8.1 version does protect from viruses and other types of malware, not only spyware. It is much like the free Microsoft Security Essentials for Windows XP, Vista and 7, but it lacks several features, such as the ability to select a time or limit CPU resources used for scheduled scanning in GUI (Graphical User Interface), right-click menus in Windows (File) Explorer, Taskbar Notification area (System tray) icon, etc.

Windows Defender uses Windows Update to download and install new virus and spyware definitions once a day. If updates fail constantly, follow instructions in the Reinstall Windows Update article.

Please note that you cannot install Microsoft Security Essentials in Windows 8 or 8.1. If you choose to install any other real-time anti-virus program (such as avast! Free Antivirus), Windows Defender will be automatically turned off - there is no point in hogging system resources by running multiple virus protection software.

Configuring Windows Defender in Windows 8 and 8.1

To launch Windows Defender, open Apps search using keyboard shortcut Windows Key+Q, type "defender" into Search box and click the result.
Touch screen users should reveal Charms bar by swiping in from the right edge of screen and then tap/touch Search.
Windows 8, Start screen, Apps search. To run Windows Defender, type 'defender' into Search box and click the result. Windows 8.1, Search Everywhere. To run Windows Defender, type 'defender' into Search box and click the result.

If you've previously uninstalled a third-party antivirus product (avast!, AVG, Norton/Symantec, McAfee or some other product), you might see a dialog that states that Windows Defender is turned off. In that case, either click Action Center's white flag icon in Taskbar Notification Area (aka System Tray) and click Turn on virus protection (Important) or Turn on spyware protection (Important), or open Control Panel (Windows Key+X has a nice shortcut), type action into Search field, click Action Center and then click one of the Turn on now buttons in Security section.
Please note that Action Center might have no red warning icon for several days after you've removed a third-party virus protection tool.
Windows 8.1, Action Center icon in System Tray. To enable Windows Defender, click the 'Turn on virus protection (Important)' link. Windows 8.1, Control Panel, Action Center. To enable Windows Defender, click one of the 'Turn on now' buttons in the Security section.

Open Settings tab and click Real-time protection on the left. Make sure there is a check mark in the Turn on real-time protection (recommended) check box. That's how you activate or enable Windows Defender in Windows 8 and 8.1 after uninstalling some competing free or paid anti-virus product.
Windows 8, Windows Defender, Settings, Real-time protection. Enable the 'Turn on real-time protection' option.

If something seems to be blocking the activation, run RKill to terminate malware processes and services that might interfere enabling Windows Defender. Then retry the process, without rebooting your PC.

Next three tabs deal with exclusions: you can prevent Windows Defender from scanning certain files and locations (folders), file types and processes. These are to be used by experienced users only, you really must know why you are disabling the scanning of an item in Windows Defender.

Click Advanced in the left part of the window. Enable Scan archive files and Scan removable drives options. The first one will scan compressed folders (.zip files) for malicious software. The latter one enables scanning connected USB drives during a full scan. This is very important, as malicious software can spread via such media.
Then check the Create a system restore point box. This will create a System Restore point each time before a detected malware or virus is removed or quarantined. In case something goes wrong, you can use System Restore to recover your computer to a working state.
If you want all users (including those who are not administrators) to be able to see detected items on History tab, tick the Allow all users to view the full History results check box.
Set Remove quarantined files after to 3 months. This helps to free some space on your computer's hard drive.
In Windows 8.1, there is an additional option - Send samples automatically when further analysis is required. Enabling it prevents the somewhat annoying sample submission dialogs from appearing. I recommend leaving this one ticked.
Windows 8, Windows Defender, Settings, Advanced. Enable all check boxes. Windows 8.1, Windows Defender, Settings, Advanced. Enable all check boxes.

Those very concerned about their privacy can open the MAPS tab and select the I don't want to join MAPS option. This will disable sending basic information about detected items to Microsoft.
Others can safely choose Basic membership here.
Windows 8, Windows Defender, Settings, MAPS. To prevent sending any information to Microsoft, choose the 'I don't want to join MAPS' option.

Finally, open the Administrator tab and make sure the Turn on Windows Defender (in Windows 8) or Turn on this app (Windows 8.1) check box is ticked.
Click Save changes.
Windows 8, Windows Defender, Settings, Administrator. Ensure the 'Turn on Windows Defender' option is turned on. 

The settings are now saved.
Now you can safely close Windows Defender window by pressing Alt+F4 on your keyboard.
Defender will run in the background and monitor files and settings. The program will automatically update its virus and spyware definitions once a day when Windows Update runs.

Windows Defender messages in Windows 8 and 8.1

Because Windows Defender has no icon in Taskbar Notification Area (aka System Tray) anymore, it is best to check Action Center icon (the white flag) once in a while. If it has a red circle with white X mark, something is wrong. Click the icon to see the list of detected problems - these might or might not be related to Windows Defender.
If you see the Turn on virus protection (Important) and Turn on spyware protection (Important) messages, click either one and wait until Windows Defender launches. PC status on top of Windows Defender window should soon turn green. After it does, you can safely close the window. Such messages appear if Windows Defender's service or real-time scanning has been turned off.
Windows 8, Taskbar, Action Center icon. If the messages include 'Turn on virus protection (Important)', click it to enable Windows Defender.

If you see the "Couldn't start the Windows Defender service" error message instead, the service has probably been disabled. Click Close.
Windows 8, Windows Defender, Couldn't start the Windows Defender service. Click Close and open Services console.

Open Settings Search (Windows Key+W), type "services" and click View local services.
Scroll down to the Windows Defender Service and verify its Startup Type is set to Disabled.
Right-click the service and select Properties.
Windows 8, Services. If Windows Defender Service is disabled, right-click it and select Properties.

In the Windows Defender Service Properties window, set Startup type to Automatic. Then click Start. and OK.
Windows 8, Windows Defender Service Properties. Set Startup type to Automatic. Click Start. Then click OK.

If Windows Defender is unable to start no matter what, run RKill first and then perform a full anti-malware scan with Malwarebytes Anti-Malware without rebooting your computer.

If Action Center lists Update virus protection (Important) and Update spyware protection (Important) messages instead, click either one to open Windows Defender and download the latest signatures.
In case updates fail all the time, follow instructions in the Reinstall Windows Update tutorial.
Windows 8, Taskbar, Action Center icon. If the messages include 'Update virus protection (Important)', click it to download latest signatures.

In case malware is detected, a message appears on top right of screen (called Toast notification in Windows 8 and 8.1). You do not need to do anything, because Windows Defender automatically removes or quarantines the threat.
The Toast notification disappears automatically. If no other messages pop up, your computer has been cleaned successfully.
Windows 8, Malware Detected, Windows Defender is taking action to clean detected malware. Stand by.

If cleaning needs restarting your PC, the following notification appears. Click it to launch Windows Defender.
Windows 8, Reboot Required, Windows Defender requires a reboot to clean malware. Click the notification.

Click the large Restart now button in Windows Defender window.
Windows 8, Windows Defender, To complete the cleanup you'll need to restart your PC. Click Restart now.

Just like in Microsoft Security Essentials, the duplicate message appears. Click Yes to restart your computer.
Windows 8, Windows Defender, To complete the cleanup you'll need to restart your PC. Click Yes.

Your computer will then reboot and Windows Defender will delete the remains of the malware.

In case you see repeating messages about malware detection and/or removal, run RKill to end malicious processes and then launch a full scan with Malwarebytes Anti-Malware.

Managing items quarantined by Windows Defender in Windows 8 and 8.1

By default, most infected items are moved to quarantine, a safe place where these malicious files can not harm your computer. Windows Defender removes the items after three months (if configured to do so). To check or manage quarantined items, open Apps Search using keyboard shortcut Windows Key+Q, type "defender" into Search box and click the result.
Touch screen users should reveal Charms bar by swiping in from the right edge of screen and then tap/touch Search.
Windows 8, Start screen, Apps search. To run Windows Defender, type 'defender' into Search box and click the result. Windows 8.1, Search Everywhere. To run Windows Defender, type 'defender' into Search box and click the result.

Click History tab and make sure Quarantined items is selected. If you did not enable the Allow all users to view the full History results option in Windows Defender settings, you need to click the View details button first (even if you are an administrator).
Windows 8, Windows Defender, History tab. To view quarantined items, click View details.

Normally I suggest clicking Remove all button - all those items were quarantined for a reason.
If you are just curious and you want to know more about which files got quarantined for which reason, you can click an item in the list and read its description and previous location from.
You can also select any detected item by checking its check box on the left. Then you can delete just some items by clicking Remove.
You can also restore an item to its previous location by clicking Restore button. But be very-very careful with that - false detections are really rare! Never restore items with Alert levels "Severe", "High" or "Medium"!
Windows 8, Windows Defender, History tab. To clear quarantine folder, click Remove all.

Advanced tweaking - scheduling Windows Defender scans and updates in Windows 8 and 8.1

Unlike Microsoft Security Essentials, Windows Defender has no configuration options for scheduled scanning in its GUI (Graphical User Interface), but you still might want to automate quick or full scans.
In Windows 8.1, a quick scan is performed during daily scheduled maintenance (3:00 AM by default) along with Windows Update and other tasks. If the schedule is missed or cancelled by a restart/shutdown, the scan runs shortly after starting or restarting your device the next time.
You'll see Action Center flag with clock in Notification area of Taskbar (aka System Tray) during the maintenance.

In case no scanning has been performed for a prolonged time, Action Center will notify about this, stating "Windows Defender needs to scan your computer".

To schedule Windows Defender scanning, open Settings Search using keyboard shortcut Windows Key+W, type "schedule" into Search box and click Schedule tasks.
Touch screen owners should first swipe in from the right edge of screen - this opens Charms bar where you can click the Search icon.
Windows 8, Start screen, Settings search. To schedule Windows Defender tasks, type 'schedule' into Search box. Then click 'Schedule tasks'. Windows 8.1, Search Settings. To schedule Windows Defender tasks, type 'schedule' into Search box. Then click 'Schedule tasks'.

Right-click Task Scheduler (Local) on the left side and select Create Basic Task.
Windows 8, Task Scheduler. Right-click 'Task Scheduler (Local)' and select Create Basic Task.

Create Basic Task Wizard opens. Type a descriptive name for the scanning task and click Next.
Windows 8, Task Scheduler, Create a Basic Task. Type a name and description. Then click Next.

If you want to run quick weekly scans in Windows 8, set the frequency to Weekly (Windows 8.1 already has quick scan scheduled by default).
As full scans can take long to complete, you should use Monthly for these instead.
Windows 8, Task Scheduler, Create a Basic Task, Task Trigger. Select 'Weekly' for quick scans and 'Monthly' for full scans. Click Next.

Set a weekday and time for quick scans, or all months, a day and time for full scans.
Because you cannot limit CPU usage, choose a time when your PC is most probably turned on, but not in very active use - during scanning, your computer slows down.
Windows 8, Task Scheduler, Create a Basic Task, Task Trigger, Weekly. Select a weekday and set a good time for automated malware scanning.

In action selection, the default Start a program is fine.
Windows 8, Task Scheduler, Create a Basic Task, Action. Leave 'Start a program' selected and click Next.

Click Browse.
Windows 8, Task Scheduler, Create a Basic Task, Action, Start a Program. Click Browse.

Navigate to C:\Program Files\Windows Defender folder and double-click MpCmdRun.exe. This is the executable file that allows performing common tasks in Windows Defender.
Windows 8, Task Scheduler, Open, Windows Defender folder. Click 'MpCmdRun.exe' and click Open.

For a weekly quick scan, type "-Scan -ScanType 1" into Add arguments (optional) field. To perform a full scan, type "-Scan -ScanType 2" instead.
Windows 8, Task Scheduler, Create a Basic Task, Action, Start a Program. Type arguments and click Next.

We're almost finished here. Enable the Open the Properties dialog for this task when I click Finish option before clicking Finish.
Windows 8, Task Scheduler, Create a Basic Task, Finish. Turn on the 'Open the Properties dialog for this task' option and click Finish.

Task Properties window opens in General tab. Click Change User or Group button in Security options section.
Windows 8.1, Task Scheduler, Task Properties, General. Click the 'Change User or Group' button.

In the Enter the object name to select field, type system and click Check Names. The name should then turn into capital letters and be underlined. Click OK.
This chooses a built-in account with highest level of user rights for the Windows Defender scan. SYSTEM account is also always logged on.
Windows 8.1, Task Scheduler, Task Properties, Select User or Group. Type 'system' without quotes and click 'Check Names'. Then click OK.

Back in the General tab of the Task, tick the Run with highest privileges check box. This allows Windows Defender to run with elevated rights and ensures all malware really is removed.
Windows 8, Task Scheduler, Task Properties, General. Enable the 'Run with highest privileges' option.

Open Settings tab and turn on the Run task as soon as possible after a scheduled start is missed option. If your computer is turned off or you are not signed in at scheduled time, the scanning will start after you log in to Windows the next time.
Click OK to close the Task Properties window.
Windows 8, Task Scheduler, Task Properties, Settings. Enable the 'Run task as soon as possible after a scheduled start is missed' option. Click OK.

At scheduled times, a black Command Prompt window appears. It will close automatically after the scanning is complete.
Windows 8, Windows Defender scan starting on schedule.

Updating Windows Defender more often than once a day

If you are not satisfied that Windows Defender signature databases are updated only when Windows Update checks for patches (once a day), you can follow almost the same steps above.
Create a new Basic Task, but set its frequency to Daily and set start time to 12:00 AM (or 00:00).
In the Action, Start a Program dialog, browse to the same MpCmdRun.exe file, but set its argument to "-SignatureUpdate".
Windows 8, Task Scheduler, Create a Basic Task, Action, Start a Program. Type arguments and click Next.

After you've created the task and opened its properties, click Triggers tab, click the existing schedule and click Edit.
Windows 8, Task Scheduler, Task Properties, Trigger. Click a schedule and then click Edit.

Enable the Repeat task every option and set the frequency to 4 hours. The item is not in the list, but you can select 1 hour and replace "1" with "4".
Then click OK and close Task Properties.
Windows 8, Task Scheduler, Task Properties, Edit Trigger. Turn on 'Repeat task every' option and set it to '4 hours'.

Now Windows Defender updates its signatures every 4 hours. Every time, the black Command Prompt window opens and closes automatically.
Please note that this does not mean that Windows Update runs every 4 hours - you've only scheduled Windows Defender update.


Please support winhelp.us:
No PayPal account required!

Page 1 Of 2 > >>

Comments













Page 1 Of 2 > >>

 Comments? Suggestions? Ideas? Let me know! 
Your name (public):
Your e-mail (will not be displayed):
Title:
Notify me of new comments to this item: (send e-mail to info[at]winhelp.us to stop receiving)
Your comments/suggestions/ideas (no HTML code!)
winhelp.us owners reserve the right to remove or not publish comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming.
winhelp.us Privacy Policy.
This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)
Share: Facebook Google+ Twitter LinkedIn StumbleUpon Pinterest E-mail

Browser and plugin check Google Custom Search Donate to keep this site running