Windows Defender is the default real-time (always on) protection program in Windows 8 and 8.1. Unlike the one in Windows XP, Vista and 7, the Windows 8/8.1 version does protect from viruses and other types of malware, not only spyware. It is much like the free Microsoft Security Essentials for Windows XP, Vista and 7, but it lacks several features, such as the ability to select a time or limit CPU resources used for scheduled scanning in GUI (Graphical User Interface), right-click menus in Windows (File) Explorer, Taskbar Notification area (System tray) icon, etc.
Please note that you cannot install Microsoft Security Essentials in Windows 8 or 8.1. If you choose to install any other real-time anti-virus program (such as avast! Free Antivirus), Windows Defender will be automatically turned off - there is no point in hogging system resources by running multiple virus protection software.
Configuring Windows Defender in Windows 8 and 8.1
To launch Windows Defender, open Apps search using keyboard shortcut Windows Key+Q, type "defender" into Search box and click the result.
Touch screen users should reveal Charms bar by swiping in from the right edge of screen and then tap/touch Search.
If you've previously uninstalled a third-party antivirus product (avast!, AVG, Norton/Symantec, McAfee or some other product), you might see a dialog that states that Windows Defender is turned off. In that case, either click Action Center's white flag icon in Taskbar Notification Area (aka System Tray) and click Turn on virus protection (Important) or Turn on spyware protection (Important), or open Control Panel (Windows Key+X has a nice shortcut), type action into Search field, click Action Center and then click one of the Turn on now buttons in Security section.
Please note that Action Center might have no red warning icon for several days after you've removed a third-party virus protection tool.
Open Settings tab and click Real-time protection on the left. Make sure there is a check mark in the Turn on real-time protection (recommended) check box. That's how you activate or enable Windows Defender in Windows 8 and 8.1 after uninstalling some competing free or paid anti-virus product.
If something seems to be blocking the activation, run RKill to terminate malware processes and services that might interfere enabling Windows Defender. Then retry the process, without rebooting your PC.
Next three tabs deal with exclusions: you can prevent Windows Defender from scanning certain files and locations (folders), file types and processes. These are to be used by experienced users only, you really must know why you are disabling the scanning of an item in Windows Defender.
Click Advanced in the left part of the window. Enable Scan archive files and Scan removable drives options. The first one will scan compressed folders (.zip files) for malicious software. The latter one enables scanning connected USB drives during a full scan. This is very important, as malicious software can spread via such media.
Then check the Create a system restore point box. This will create a System Restore point each time before a detected malware or virus is removed or quarantined. In case something goes wrong, you can use System Restore to recover your computer to a working state.
If you want all users (including those who are not administrators) to be able to see detected items on History tab, tick the Allow all users to view the full History results check box.
Set Remove quarantined files after to 3 months. This helps to free some space on your computer's hard drive.
In Windows 8.1, there is an additional option - Send samples automatically when further analysis is required. Enabling it prevents the somewhat annoying sample submission dialogs from appearing. I recommend leaving this one ticked.
Those very concerned about their privacy can open the MAPS tab and select the I don't want to join MAPS option. This will disable sending basic information about detected items to Microsoft.
Others can safely choose Basic membership here.
Finally, open the Administrator tab and make sure the Turn on Windows Defender (in Windows 8) or Turn on this app (Windows 8.1) check box is ticked.
Click Save changes.
The settings are now saved.
Now you can safely close Windows Defender window by pressing Alt+F4 on your keyboard.
Defender will run in the background and monitor files and settings. The program will automatically update its virus and spyware definitions once a day when Windows Update runs.
Because Windows Defender has no icon in Taskbar Notification Area (aka System Tray) anymore, it is best to check Action Center icon (the white flag) once in a while. If it has a red circle with white X mark, something is wrong. Click the icon to see the list of detected problems - these might or might not be related to Windows Defender.
If you see the Turn on virus protection (Important) and Turn on spyware protection (Important) messages, click either one and wait until Windows Defender launches. PC status on top of Windows Defender window should soon turn green. After it does, you can safely close the window. Such messages appear if Windows Defender's service or real-time scanning has been turned off.
If you see the "Couldn't start the Windows Defender service" error message instead, the service has probably been disabled. Click Close.
Open Settings Search (Windows Key+W), type "services" and click View local services.
Scroll down to the Windows Defender Service and verify its Startup Type is set to Disabled.
Right-click the service and select Properties.
In the Windows Defender Service Properties window, set Startup type to Automatic. Then click Start. and OK.
If Action Center lists Update virus protection (Important) and Update spyware protection (Important) messages instead, click either one to open Windows Defender and download the latest signatures.
In case updates fail all the time, follow instructions in the Reinstall Windows Update tutorial.
In case malware is detected, a message appears on top right of screen (called Toast notification in Windows 8 and 8.1). You do not need to do anything, because Windows Defender automatically removes or quarantines the threat.
The Toast notification disappears automatically. If no other messages pop up, your computer has been cleaned successfully.
If cleaning needs restarting your PC, the following notification appears. Click it to launch Windows Defender.
Click the large Restart now button in Windows Defender window.
Just like in Microsoft Security Essentials, the duplicate message appears. Click Yes to restart your computer.
Your computer will then reboot and Windows Defender will delete the remains of the malware.
By default, most infected items are moved to quarantine, a safe place where these malicious files can not harm your computer. Windows Defender removes the items after three months (if configured to do so). To check or manage quarantined items, open Apps Search using keyboard shortcut Windows Key+Q, type "defender" into Search box and click the result.
Touch screen users should reveal Charms bar by swiping in from the right edge of screen and then tap/touch Search.
Click History tab and make sure Quarantined items is selected. If you did not enable the Allow all users to view the full History results option in Windows Defender settings, you need to click the View details button first (even if you are an administrator).
Normally I suggest clicking Remove all button - all those items were quarantined for a reason.
If you are just curious and you want to know more about which files got quarantined for which reason, you can click an item in the list and read its description and previous location from.
You can also select any detected item by checking its check box on the left. Then you can delete just some items by clicking Remove.
You can also restore an item to its previous location by clicking Restore button. But be very-very careful with that - false detections are really rare! Never restore items with Alert levels "Severe", "High" or "Medium"!
Unlike Microsoft Security Essentials, Windows Defender has no configuration options for scheduled scanning in its GUI (Graphical User Interface), but you still might want to automate quick or full scans.
In Windows 8.1, a quick scan is performed during daily scheduled maintenance (3:00 AM by default) along with Windows Update and other tasks. If the schedule is missed or cancelled by a restart/shutdown, the scan runs shortly after starting or restarting your device the next time.
You'll see Action Center flag with clock in Notification area of Taskbar (aka System Tray) during the maintenance.
In case no scanning has been performed for a prolonged time, Action Center will notify about this, stating "Windows Defender needs to scan your computer".
To schedule Windows Defender scanning, open Settings Search using keyboard shortcut Windows Key+W, type "schedule" into Search box and click Schedule tasks.
Touch screen owners should first swipe in from the right edge of screen - this opens Charms bar where you can click the Search icon.
Right-click Task Scheduler (Local) on the left side and select Create Basic Task.
Create Basic Task Wizard opens. Type a descriptive name for the scanning task and click Next.
If you want to run quick weekly scans in Windows 8, set the frequency to Weekly (Windows 8.1 already has quick scan scheduled by default).
As full scans can take long to complete, you should use Monthly for these instead.
Set a weekday and time for quick scans, or all months, a day and time for full scans.
Because you cannot limit CPU usage, choose a time when your PC is most probably turned on, but not in very active use - during scanning, your computer slows down.
In action selection, the default Start a program is fine.
Navigate to C:\Program Files\Windows Defender folder and double-click MpCmdRun.exe. This is the executable file that allows performing common tasks in Windows Defender.
For a weekly quick scan, type "-Scan -ScanType 1" into Add arguments (optional) field. To perform a full scan, type "-Scan -ScanType 2" instead.
We're almost finished here. Enable the Open the Properties dialog for this task when I click Finish option before clicking Finish.
Task Properties window opens in General tab. Click Change User or Group button in Security options section.
In the Enter the object name to select field, type system and click Check Names. The name should then turn into capital letters and be underlined. Click OK.
This chooses a built-in account with highest level of user rights for the Windows Defender scan. SYSTEM account is also always logged on.
Back in the General tab of the Task, tick the Run with highest privileges check box. This allows Windows Defender to run with elevated rights and ensures all malware really is removed.
Open Settings tab and turn on the Run task as soon as possible after a scheduled start is missed option. If your computer is turned off or you are not signed in at scheduled time, the scanning will start after you log in to Windows the next time.
Click OK to close the Task Properties window.
At scheduled times, a black Command Prompt window appears. It will close automatically after the scanning is complete.
If you are not satisfied that Windows Defender signature databases are updated only when Windows Update checks for patches (once a day), you can follow almost the same steps above.
Create a new Basic Task, but set its frequency to Daily and set start time to 12:00 AM (or 00:00).
In the Action, Start a Program dialog, browse to the same MpCmdRun.exe file, but set its argument to "-SignatureUpdate".
After you've created the task and opened its properties, click Triggers tab, click the existing schedule and click Edit.
Enable the Repeat task every option and set the frequency to 4 hours. The item is not in the list, but you can select 1 hour and replace "1" with "4".
Then click OK and close Task Properties.
Now Windows Defender updates its signatures every 4 hours. Every time, the black Command Prompt window opens and closes automatically.
Please note that this does not mean that Windows Update runs every 4 hours - you've only scheduled Windows Defender update.