Windows Defender is the default real-time (always on) protection program in Windows 8. Unlike the one in Windows XP, Vista and 7, the Windows 8 version does protect from viruses and other types of malware, not only spyware. It is much like the free Microsoft Security Essentials for Windows XP, Vista and 7, but it lacks several features, such as the ability to select a time or limit CPU resources used for scheduled scanning in GUI (Graphical User Interface), right-click menus in Windows (File) Explorer, Taskbar Notification area (System tray) icon, etc.
Windows Defender uses Windows Update to download and install new virus and spyware definitions once a day. If updates fail constantly, follow instructions in the Reinstall Windows Update article.
Please note that you cannot install Microsoft Security Essentials in Windows 8. If you choose to install another real-time anti-virus program (such as avast! Free Antivirus), Windows Defender will be automatically turned off - there is no point in hogging system resources by running multiple virus protection software.
Configuring Windows Defender in Windows 8
To launch Windows Defender, open Apps Search using keyboard shortcut Windows Key+Q, type "defender" into Search box and click the result.
Touch screen users should reveal Charms bar by swiping in from the right edge of screen and then tap/touch Search.
Click Advanced in the left part of the window. Enable Scan archive files and Scan removable drives options. The first one will scan compressed folders (.zip files) for malicious software. The latter one enables scanning connected USB drives during a full scan. This is very important, as malicious software can spread via such media.
Then check the Create a system restore point box. This will create a System Restore point each time before a detected malware or virus is removed or quarantined. In case something goes wrong, you can use System Restore to recover your computer to a working state.
If you want all users (including those who are not administrators) to be able to see detected items on History tab, tick the Allow all users to view the full History results check box.
Set Remove quarantined files after to 3 months. This helps to free some space on your computer's hard drive.
Those very concerned about their privacy can open the MAPS tab and select the I don't want to join MAPS option. This will disable sending basic information about detected items to Microsoft.
Others can safely choose Basic membership here.
Finally, open the Administrator tab and make sure the Turn on Windows Defender check box is ticked.
Click Save changes.
The settings are now saved.
Now you can safely close Windows Defender window by pressing Alt+F4 on your keyboard.
Defender will run in the background and monitor files and settings. The program will automatically update its virus and spyware definitions once a day when Windows Update runs.
Windows Defender messages in Windows 8
Because Windows Defender has no icon in Taskbar Notification Area (aka System Tray) anymore, it is best to check Action Center icon (the white flag) once in a while. If it has a red circle with white X mark, something is wrong. Click the icon to see the list of detected problems - these might or might not be related to Windows Defender.
If you see the Turn on virus protection (Important) and Turn on spyware protection (Important) messages, click either one and wait until Windows Defender launches. PC status on top of Windows Defender window should soon turn green. After it does, you can safely close the window. Such messages appear if Windows Defender's service or real-time scanning has been turned off.
If you see the "Couldn't start the Windows Defender service" error message instead, the service has probably been disabled. Click Close.
Open Settings Search (Windows Key+W), type "services" and click View local services.
Scroll down to the Windows Defender Service and verify its Startup Type is set to Disabled.
Right-click the service and select Properties.
In the Windows Defender Service Properties window, set Startup type to Automatic. Then click Start. and OK.
If Windows Defender is unable to start no matter what, run a full anti-malware scan with Malwarebytes Anti-Malware.
If Action Center lists Update virus protection (Important) and Update spyware protection (Important) messages instead, click either one to open Windows Defender and download the latest signatures.
In case updates fail all the time, follow instructions in the Reinstall Windows Update tutorial.
In case malware is detected, a message appears on top right of screen (called Toast notification in Windows 8). You do not need to do anything, because Windows Defender automatically removes or quarantines the threat.
The Toast notification disappears automatically. If no other messages pop up, your computer has been cleaned successfully.
If cleaning needs restarting your PC, the following notification appears. Click it to launch Windows Defender.
Click the large Restart now button in Windows Defender window.
Just like in Microsoft Security Essentials, the duplicate message appears. Click Yes to restart your computer.
Your computer will then reboot and Windows Defender will delete the remains of the malware.
Managing items quarantined by Windows Defender in Windows 8
By default, most infected items are moved to quarantine, a safe place where these malicious files can not harm your computer. Windows Defender removes the items after three months (if configured to do so). To check or manage quarantined items, open Apps Search using keyboard shortcut Windows Key+Q, type "defender" into Search box and click the result.
Touch screen users should reveal Charms bar by swiping in from the right edge of screen and then tap/touch Search.
Click History tab and make sure Quarantined items is selected. If you did not enable the Allow all users to view the full History results option in Windows Defender settings, you need to click the View details button first (even if you are an administrator).
Normally I suggest clicking Remove all button - all those items were quarantined for a reason.
If you are just curious and you want to know more about which files got quarantined for which reason, you can click an item in the list and read its description and previous location from.
You can also select any detected item by checking its check box on the left. Then you can delete just some items by clicking Remove.
You can also restore an item to its previous location by clicking Restore button. But be very-very careful with that - false detections are really rare! Never restore items with Alert levels "Severe", "High" or "Medium"!
Advanced tweaking - scheduling Windows Defender scans and updates in Windows 8
Unlike Microsoft Security Essentials, Windows Defender has no configuration options for scheduled scanning in its GUI (Graphical User Interface), but you still might want to automate quick or full scans.
To do that, open Settings Search using keyboard shortcut Windows Key+W, type "schedule" into Search box and click Schedule tasks.
Touch screen owners should first swipe in from the right edge of screen - this opens Charms bar where you can click the Search icon.
Right-click Task Scheduler (Local) on the left side and select Create Basic Task.
Create Basic Task Wizard opens. Type a descriptive name for the scanning task and click Next.
If you want to run quick weekly scans, set the frequency to Weekly. As full scans take long to complete, you should use Monthly for these instead.
Set a weekday and time for quick scans, or all months, a day and time for full scans.
Because you cannot limit CPU usage, choose a time when your PC is most probably turned on, but not in very active use - during scanning, your computer slows down.
In action selection, the default Start a program is fine.
Click Browse.
Navigate to C:\Program Files\Windows Defender folder and double-click MpCmdRun.exe. This is the executable file that allows performing common tasks in Windows Defender.
To schedule a weekly quick scan, type "-Scan -ScanType 1" into Add arguments (optional) field. To perform a full scan, type "-Scan -ScanType 2" instead.
We're almost finished here. Enable the Open the Properties dialog for this task when I click Finish option before clicking Finish.
In the General tab of the Task you just created, tick the Run with highest privileges check box. This allows Windows Defender to run with elevated rights and ensures all malware really is removed.
Open Settings tab and turn on the Run task as soon as possible after a scheduled start is missed option. If your computer is turned off or you are not signed in at scheduled time, the scanning will start after you log in to Windows the next time.
Click OK to close the Task Properties window.
At scheduled times, a black Command Prompt window appears. It will close automatically after the scanning is complete.
Updating Windows Defender more often than once a day
If you are not satisfied that Windows Defender signature databases are updated only when Windows Update checks for patches (once a day), you can follow almost the same steps above.
Create a new Basic Task, but set its frequency to Daily and set start time to 12:00 AM (or 00:00).
In the Action, Start a Program dialog, browse to the same MpCmdRun.exe file, but set its argument to "-SignatureUpdate".
After you've created the task and opened its properties, click Triggers tab, click the existing schedule and click Edit.
Enable the Repeat task every option and set the frequency to 4 hours. The item is not in the list, but you can select 1 hour and replace "1" with "4".
Then click OK and close Task Properties.
Now Windows Defender updates its signatures every 4 hours. Every time, the black Command Prompt window opens and closes automatically.
Please note that this does not mean that Windows Update runs every 4 hours - you've only scheduled Windows Defender update.
