Windows Defender Security Center is the new configuration app for Windows Defender Antivirus default real-time (always on) antivirus/antimalware program in Windows 10 Creators Update (April, 2017) and later. Microsoft even decided to integrate several other functions, such as device health checks, Windows Firewall and Windows Defender SmartScreen management, plus parental controls into the new Security Center app.
The Desktop program is still there, named Windows Defender Antivirus, but its old user interface remains hidden for most of the time.
Users of Windows 8/8.1 should see the Configure Windows Defender in Windows 8 and 8.1 tutorial instead.
The Settings app, Update & security, Windows Defender tab displays only version info and a button to access the new Security Center app. In older versions of Windows 10, it controlled most settings of Windows Defender.
Windows Defender Antivirus uses Windows Update to download and install new virus and spyware definitions several times a day, and it also uses cloud-based protection for better and faster detection.
If Windows Defender Antivirus updates fail constantly, follow instructions in the Reinstall Windows Update article.
Since late January, 2019, some Windows 10 devices do not boot after Windows Defender antimalware platform has been updated to version 4.18.1901.7 (KB4052623). This happens on devices that have Secure Boot enabled in BIOS/UEFI.
To work around this issue:
- Boot into UEFI and disable Secure Boot. Your device or motherboard manufacturer has detailed instructions on this, some examples can be found in the Computer Boot Order tutorial.
- Restart your PC and sign in to Windows 10.
- Right-click or tap and hold Windows logo tip/button on bottom left (or use keyboard shortcut WINDOWS KEY+X) to open Quick Links menu and choose either Windows PowerShell (Admin) or Command Prompt (Admin).
- Type or copy-paste the following command: "%programdata%\Microsoft\Windows Defender\Platform\4.18.1901-7\MpCmdRun.exe" -revertplatform and press ENTER key once to run it.
- Restart your device, enter UEFI and re-enable Secure Boot.
Open Start menu or Cortana keyboard search (Windows Key+S), type "defender" and click or tap Windows Defender Security Center.
This is how the new Windows Defender Security Center looks like. If any of the listed items on the bottom of the window has a red circle with white cross or a yellow triangle with a black exclamation sign, you need to fix something.
Please note that as Security Center also checks driver installation state, some older devices may display the yellow triangle on the Device performance & health section forever as there are no suitable drivers available (for example, Bluetooth on Dell Latitude E5410). In such case, just ignore this.
To configure the most important part, click or tap the Virus & threat protection button. The same buttons are also available on the left side of the Windows Defender Security Center app window.
Continue by clicking the Virus & threat protection settings link.
First, enable the Real-time protection switch to turn on Windows Defender Antivirus. If this switch is off, other settings might be unavailable (greyed out).
The Cloud-based protection switch is safe for most of us. Only those who require extreme privacy can disable this option.
Automatic sample submission is similar to the previous settings, so leave this one on. It also enhances cloud-based protection reliability.
Please leave all exclusion options alone unless you are an IT professional and you really know possible consequences of what you are doing or testing.
The notifications feature (previously known as Enhanced notifications) lets users know about the latest scan results and presents weekly summaries. As the feature increases the number of Windows Defender Antivirus messages (toasts) in Action Center, some of you might want to turn it off.
Please note that Windows Defender Antivirus will always notify about malware detections and critical issues.
Click or touch the Change notification settings link and enable or disable the Receive recent activity and scan results switch as you wish.
It is strongly recommended to leave all Windows Firewall notifications on for maximum protection.
If your device has a third-party antivirus solution installed in Windows 10 Creators Update, you can enable the Periodic Scanning feature (aka Limited Periodic Scanning). After turning this on, Windows Defender icon will appear in Taskbar Notification Area (System Tray), and quick scan will run according to the Automatic Maintenance schedule when you're not actively using your device. Action Center might remind you in a while that you have not run a scan yet, and Windows Defender icon will have a yellow warning sign.
This type of scan might be helpful when the third-party antivirus/antimalware program has expired or has not been able to update its definitions.
To enable the additional scanning, click the Virus & threat protection button on the home screen of Windows Defender Security Center if the settings are not open already.
Then, in the Other antivirus providers section, expand Windows Defender Antivirus options and turn on the Periodic scanning switch.
You can still manage all Windows Defender Antivirus settings except for the real-time protection while Periodic Scanning is enabled.
Please note: the app will not turn black after other antivirus has been installed, the screenshots were taken on different devices - one with the light and the other with the dark app mode (Settings, Personalization, Colors).
If you've previously uninstalled a third-party antivirus product (Avast, BitDefender, Norton/Symantec, McAfee or some other product), you might see this warning in Action Center: Turn on virus protection, Tap or click to turn on Windows Defender Antivirus. In such case, click or touch the warning message and everything will be fixed automatically. This is one of the rare cases you'll see the Windows Defender Antivirus desktop program popping up in Windows 10 Creators Update.
By default, most infected items are moved to quarantine - a secured folder where these malicious files can not harm your computer. Windows Defender Antivirus automatically deletes the detected items from quarantine after three months.
If Windows Defender Security Center is not running already, open Start menu or Cortana keyboard search (WINDOWS KEY+S), type "defender" and click or tap Windows Defender Security Center.
Then click the Virus & threat protection button and the Scan history link.
If there are unresolved/current threats on your device, use the Start actions button to quarantine the detected items right away. After the process completes, the See full history link becomes available.
Otherwise, click the See full history link.
Do note that, confusingly, Windows Defender Security Center always displays the "No threats" line in all sections of Scan history, whether there have been recent detections and removals or not. The only exception is the situation where detected items have not been removed yet.
If you are just curious and want to know which files got quarantined, you can click an item in the list and use the See details link to read all about the threat.
The Clear history button applies to all sections of Scan history: it clears both quarantined and allowed threats forever.
This section displays health data about Windows Update, Storage capacity, Device driver and Battery life (on laptops and tablets only). The health scan might take several minutes to complete after your device starts, so full information on the categories might not be available immediately (the Health report is not available message).
If something has an issue in any of these categories, you can either open a Microsoft web page with instructions for resolving such issues, or you'll see a link to a quick fix. This is in the form of recommendations.
As said before, some Windows 10 compatible device drivers might not be available at all on older devices - in such cases, just ignore the warning, but please note that Windows Defender Antivirus icon keeps its yellow warning triangle.
Scrolling downwards reveals the Fresh start section. The whole feature is actually an automated version of Reset this PC that keeps your personal files. It does not have new features, but you can now use Windows Defender Security Center for reinstalling Windows and keeping your files (you will lose all installed desktop programs and custom drivers, though). This is a viable option if you just received a brand new device that has loads of manufacturer-provided useless software pre-installed (yes, we're looking at you HP, Acer, Samsung and others).
If you have important desktop programs and drivers installed, try an even better option that keeps all installed programs, drivers and your personal files, see the Non-destructive reinstall of Windows 8, 8.1 and 10 tutorial instead.
To launch Fresh start, click or tap the Additional info link, then hit the Get started button and follow further instructions. The process will take at least 20 minutes or so.
Here is a basic overview of Windows Firewall status and what type of network (Private or Public) your device is currently connected to.
Clicking on a network type allows turning firewall on and off, and blocking all incoming connections, including these from allowed apps.
The links below network types open Control Panel version of Windows Firewall.
This section configures the behavior of Windows Defender SmartScreen modules.
The Check apps and files section controls how unrecognized apps and files from the web are treated. The default here is Warn, sufficient for most users; high-security users should use the Block option for better protection from 0-day threats.
SmartScreen for Microsoft Edge, aka Windows Defender SmartScreen Filter is the same kind of SmartScreen we remember from the heydays of Internet Explorer. It protects your computer from malicious sites and downloads, and the default setting is Warn again. On devices with higher security requirements, Block would be the better option.
SmartScreen for Windows Store apps checks the web content Windows Store apps try to access. This one has only Warn and Off options, with Warn being the clear choice for security-aware people.
Parental controls in Windows probably require their own tutorial, but let's review the basics.
The section actually contains only two clickable links, both take you to your Microsoft account:
- View family settings lists your family members you have added in Windows 10 and earlier. You can check children's recent activity, purchases, screen time, web browsing history, apps, games and media usage and even locate a person if his/her device supports this function.
To add a child's account (or block an existing one temporarily) in Windows 10, open Settings app, navigate to Accounts, Family & other people and click or tap the Add a family member button. You should add all kids and other family members using the same Microsoft account, and please make sure kids' accounts have standard, not administrator rights.
- View devices lists all your family's Windows devices - computers, laptops, tablets and phones. You can locate the devices, see where they were recently and remove old ones.
For an unexplained reason, Windows Defender Antivirus in Windows 10 does not scan removable drives, such as USB sticks and USB external drives. This can lead to malware infections or launching potentially unwanted programs.
To resolve this, open Start, type powershell, right-click or tap and hold Windows Powershell and choose Run as administrator.
Alternatively, use the Windows Key+X shortcut to open the Quick Links menu (or right-click the Start button) and choose Windows PowerShell (Admin).
In the PowerShell window, type or copy-paste the following command: Set-MpPreference -DisableRemovableDriveScanning $False
Press Enter and Windows Defender in Windows 10 will now scan removable drives.
Windows Defender Antivirus notification icon states and troubleshooting in Windows 10 Creators Update and newer
Windows Defender Antivirus icon is in the Notification area of Taskbar (aka System Tray).
As in every version of Windows, you can force the icon to be visible at all times: right-click or touch and hold on an empty space of Taskbar, choose Taskbar settings, scroll to the Notification area section, click Select which icons appear on the taskbar and set the Windows Defender notification icon slider to On.
In case the icon has a green circle with white check mark, you do not need to take any action - everything is fine, no actions needed.
If Windows Defender Antivirus icon has a yellow triangle with a black exclamation mark, something is a bit out of order: either Windows Defender Security Center settings are not quite right, potentially unwanted software (aka PUP) has been detected, a device driver is missing, system drive is almost full, or Windows Defender SmartScreen or SmartScreen for Microsoft Edge is not configured properly. Right-click or tap and hold the icon and choose Open to address the detected issue(s) - you'll see a clickable button that resolves the problems.
If the icon has a red circle with white cross (or X), something is really wrong - for example, a malware detection occurred and cleanup requires your attention, Windows Defender or Windows Firewall has been turned off, etc. Usually, this type of problem also pops up a message in Action Center and a separate, clickable Toast above Taskbar Notification area.
Right-click or tap and hold the icon and choose Open to address the detected issue(s) - you'll see a clickable button that resolves the problems.
If you see the "Couldn't start the Windows Defender Antivirus service" error message, its service has probably been disabled. Click Close.
You need to boot into Safe Mode first. After signing in, open Start, type regedit, right-click the result and choose Run as administrator.
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services and click or tap on WinDefend. Locate Start in the right pane - if its data is set to 0x00000004 (4), the service has been disabled. Double-click the Start entry.
Type 2 (verify that Base is set to Hexadecimal on the right) and click OK. This sets Windows Defender Antivirus Service to start automatically.
Next, repeat the same action with Start value for WdNisSvc service (Windows Defender Antivirus Network Inspection Service) and SecurityHealthService (Windows Defender Security Center Service). Please do not mess with any other values - Registry Editor is a very powerful tool and you might make Windows unbootable.
Close Registry Editor and restart Windows normally to check if Windows Defender Antivirus starts properly now.
If Windows Defender Antivirus or Security Center Service is unable to start no matter what, use free tools such as RKill and Malwarebytes to remove rootkits.
Advanced tweaking - scheduling Windows Defender Antivirus scans in Windows 10 Creators Update and newer
Unlike Microsoft Security Essentials, Windows Defender Antivirus has no configuration options for scheduled scanning in its GUI (Graphical User Interface), but you still might want to automatically run a full monthly scan.
A quick scan is performed during the daily scheduled maintenance (3:00 AM by default) along with Windows Update and other tasks. If the schedule is missed or cancelled by a restart/shutdown, the scan runs shortly after starting or restarting your device the next time.
In case no scanning has been performed for a prolonged time, Action Center will notify about this, stating "Windows Defender needs to scan your computer".
To schedule Windows Defender Antivirus scanning, open Start menu, type "schedule" and click Task Scheduler.
Right-click Task Scheduler (Local) on the left side and select Create Basic Task.
Create Basic Task Wizard opens. Type a descriptive name for the scanning task and click Next.
For full scans, set the frequency to Monthly.
Select all months and a specific day and time for full scans.
Because you cannot limit CPU usage, choose a time when your device is most probably running, but not in very active use - during scanning, your computer slows down.
In action selection, the default Start a program is fine.
Navigate to C:\Program Files\Windows Defender folder and double-click MpCmdRun.exe. This is the executable file that allows performing common tasks in Windows Defender.
Depending on folder options, you might not see the ".exe" and ".dll" extensions.
To perform a full scan, type: -Scan -ScanType 2.
We're almost finished here. Enable the Open the Properties dialog for this task when I click Finish option before clicking or tapping the Finish button.
Task Properties window opens in General tab. Click Change User or Group button in Security options section.
In the Enter the object name to select field, type system and click Check Names. The name should then turn into capital letters and become underlined. Click OK.
This chooses a built-in account with highest level of user rights for the Windows Defender scan. SYSTEM account is also always logged on.
Back in the General tab of the Task, tick the Run with highest privileges check box. This allows Windows Defender to run with elevated rights and ensures all malware really is removed.
Open Settings tab and turn on the Run task as soon as possible after a scheduled start is missed option. If your computer is turned off or you are not signed in at scheduled time, the scanning will start after you log in to Windows the next time.
Click OK to close the Task Properties window.
At scheduled times, a black Command Prompt window appears. It will close automatically after the scanning is complete.