Site search
Logo

Configure Windows Defender Security Center in Windows 10

By , winhelp.us logo. Last updated: 2019-03-26

How to configure Windows Defender Security Center in Windows 10

Windows Defender Security Center is the new configuration app for Windows Defender Antivirus default real-time (always on) antivirus/antimalware program in Windows 10 Creators Update (April, 2017) and later. Microsoft even decided to integrate several other functions, such as device health checks, Windows Firewall and Windows Defender SmartScreen management, plus parental controls into the new Security Center app.

The Desktop program is still there, named Windows Defender Antivirus, but its old user interface remains hidden for most of the time.

Users of Windows 8/8.1 should see the Configure Windows Defender in Windows 8 and 8.1 tutorial instead.

The Settings app, Update & security, Windows Defender tab displays only version info and a button to access the new Security Center app. In older versions of Windows 10, it controlled most settings of Windows Defender.

Windows Defender Antivirus uses Windows Update to download and install new virus and spyware definitions several times a day, and it also uses cloud-based protection for better and faster detection.
If Windows Defender Antivirus updates fail constantly, follow instructions in the Reinstall Windows Update article.

Boot problems with Windows Defender in Windows 10

Since late January, 2019, some Windows 10 devices do not boot after Windows Defender antimalware platform has been updated to version 4.18.1901.7 (KB4052623). This happens on devices that have Secure Boot enabled in BIOS/UEFI.

To work around this issue:

  • Boot into UEFI and disable Secure Boot. Your device or motherboard manufacturer has detailed instructions on this, some examples can be found in the Computer Boot Order tutorial.
  • Restart your PC and sign in to Windows 10.
  • Right-click or tap and hold Windows logo tip/button on bottom left (or use keyboard shortcut WINDOWS KEY+X) to open Quick Links menu and choose either Windows PowerShell (Admin) or Command Prompt (Admin).
  • Type or copy-paste the following command: "%programdata%\Microsoft\Windows Defender\Platform\4.18.1901-7\MpCmdRun.exe" -revertplatform and press ENTER key once to run it.
  • Restart your device, enter UEFI and re-enable Secure Boot.

Using Windows Defender Security Center in Windows 10 Creators Update and newer

Open Start menu or Cortana keyboard search (Windows Key+S), type "defender" and click or tap Windows Defender Security Center.
Windows 10 Creators Update, Start menu. Type 'defender' and click or touch 'Windows Defender Security Center'.

This is how the new Windows Defender Security Center looks like. If any of the listed items on the bottom of the window has a red circle with white cross or a yellow triangle with a black exclamation sign, you need to fix something.
Please note that as Security Center also checks driver installation state, some older devices may display the yellow triangle on the Device performance & health section forever as there are no suitable drivers available (for example, Bluetooth on Dell Latitude E5410). In such case, just ignore this.
Windows 10 Creators Update, Windows Defender Security Center. Click or tap the 'Virus & threat protection' button to check Windows Defender Antivirus settings.

Virus & threat protection settings in Windows Defender Security Center

To configure the most important part, click or tap the Virus & threat protection button. The same buttons are also available on the left side of the Windows Defender Security Center app window.
Continue by clicking the Virus & threat protection settings link.

First, enable the Real-time protection switch to turn on Windows Defender Antivirus. If this switch is off, other settings might be unavailable (greyed out).
The Cloud-based protection switch is safe for most of us. Only those who require extreme privacy can disable this option.
Automatic sample submission is similar to the previous settings, so leave this one on. It also enhances cloud-based protection reliability.
Please leave all exclusion options alone unless you are an IT professional and you really know possible consequences of what you are doing or testing.
Windows 10 Creators Update, Windows Defender Security Center, Virus & threat protection settings. To start virus and malware protection, enable the 'Real-time protection' switch. If you do not require utmost privacy, leave the 'Cloud-based protection' switch on. Windows 10 Creators Update, Windows Defender Security Center, Virus & threat protection settings. Leave the 'Automatic sample submission' switch on to enhance Cloud-based protection. Adding exclusions is not recommended.

The notifications feature (previously known as Enhanced notifications) lets users know about the latest scan results and presents weekly summaries. As the feature increases the number of Windows Defender Antivirus messages (toasts) in Action Center, some of you might want to turn it off.
Please note that Windows Defender Antivirus will always notify about malware detections and critical issues.
Click or touch the Change notification settings link and enable or disable the Receive recent activity and scan results switch as you wish.
It is strongly recommended to leave all Windows Firewall notifications on for maximum protection.
Windows 10 Creators Update, Windows Defender Security Center, Virus & threat protection settings. Click or tap the 'Change notification settings' link to control Windows Defender Antivirus and Firewall messages. Windows 10 Creators Update, Windows Defender Security Center, Virus & threat protection settings, Notifications. Enable the 'Receive recent activity and scan results' switch to see more antivirus messages in Action Center. Leave all Windows Firewall notifications on.

If your device has a third-party antivirus solution installed in Windows 10 Creators Update, you can enable the Periodic Scanning feature (aka Limited Periodic Scanning). After turning this on, Windows Defender icon will appear in Taskbar Notification Area (System Tray), and quick scan will run according to the Automatic Maintenance schedule when you're not actively using your device. Action Center might remind you in a while that you have not run a scan yet, and Windows Defender icon will have a yellow warning sign.
This type of scan might be helpful when the third-party antivirus/antimalware program has expired or has not been able to update its definitions.

To enable the additional scanning, click the Virus & threat protection button on the home screen of Windows Defender Security Center if the settings are not open already.
Then, in the Other antivirus providers section, expand Windows Defender Antivirus options and turn on the Periodic scanning switch.
You can still manage all Windows Defender Antivirus settings except for the real-time protection while Periodic Scanning is enabled.
Please note: the app will not turn black after other antivirus has been installed, the screenshots were taken on different devices - one with the light and the other with the dark app mode (Settings, Personalization, Colors).
Windows 10 Creators Update, Windows Defender Security Center, You're using other antivirus providers. To enable Windows Defender Antivirus periodic scanning, click the 'Virus & threat protection' button. Windows 10 Creators Update, Windows Defender Security Center, Virus & threat protection, Other antivirus providers. Expand the 'Windows Defender Antivirus options' section and turn on the 'Periodic scanning' switch.

If you've previously uninstalled a third-party antivirus product (Avast, BitDefender, Norton/Symantec, McAfee or some other product), you might see this warning in Action Center: Turn on virus protection, Tap or click to turn on Windows Defender Antivirus. In such case, click or touch the warning message and everything will be fixed automatically. This is one of the rare cases you'll see the Windows Defender Antivirus desktop program popping up in Windows 10 Creators Update.
Windows 10 Creators Update, Action Center, Turn on virus protection. Click or touch the message and Windows Defender Antivirus will be automatically enabled.

Scan history and Quarantined threats in Windows Defender Security Center

By default, most infected items are moved to quarantine - a secured folder where these malicious files can not harm your computer. Windows Defender Antivirus automatically deletes the detected items from quarantine after three months.

If Windows Defender Security Center is not running already, open Start menu or Cortana keyboard search (WINDOWS KEY+S), type "defender" and click or tap Windows Defender Security Center.
Then click the Virus & threat protection button and the Scan history link.
Windows 10 Creators Update, Start menu. Type 'defender' and click or touch 'Windows Defender Security Center'.

If there are unresolved/current threats on your device, use the Start actions button to quarantine the detected items right away. After the process completes, the See full history link becomes available.
Otherwise, click the See full history link.
Do note that, confusingly, Windows Defender Security Center always displays the "No threats" line in all sections of Scan history, whether there have been recent detections and removals or not. The only exception is the situation where detected items have not been removed yet.
Windows 10 Creators Update, Windows Defender Security Center, Scan history, Current threats detected. Click or touch the 'Start actions' button. Windows 10 Creators Update, Windows Defender Security Center, Scan history, Quarantined threats. Click or touch the 'See full history' link to see the contents of Quarantine.

If you are just curious and want to know which files got quarantined, you can click an item in the list and use the See details link to read all about the threat.
The Clear history button applies to all sections of Scan history: it clears both quarantined and allowed threats forever.
Windows 10 Creators Update, Windows Defender Security Center, Scan history, Full history. Click or tap an item in the list and use the 'See details' link to learn more about the removed threat. Windows 10 Creators Update, Windows Defender Security Center, Scan history, Full history, Threat details.

Device performance & health in Windows Defender Security Center

This section displays health data about Windows Update, Storage capacity, Device driver and Battery life (on laptops and tablets only). The health scan might take several minutes to complete after your device starts, so full information on the categories might not be available immediately (the Health report is not available message).

If something has an issue in any of these categories, you can either open a Microsoft web page with instructions for resolving such issues, or you'll see a link to a quick fix. This is in the form of recommendations.
As said before, some Windows 10 compatible device drivers might not be available at all on older devices - in such cases, just ignore the warning, but please note that Windows Defender Antivirus icon keeps its yellow warning triangle.
Windows 10 Creators Update, Windows Defender Security Center, Device performance & health. Verify that everything is good on Health report. Windows 10 drivers on older device might not be available, ignore the Device driver issues in such case.

Scrolling downwards reveals the Fresh start section. The whole feature is actually an automated version of Reset this PC that keeps your personal files. It does not have new features, but you can now use Windows Defender Security Center for reinstalling Windows and keeping your files (you will lose all installed desktop programs and custom drivers, though). This is a viable option if you just received a brand new device that has loads of manufacturer-provided useless software pre-installed (yes, we're looking at you HP, Acer, Samsung and others).
If you have important desktop programs and drivers installed, try an even better option that keeps all installed programs, drivers and your personal files, see the Non-destructive reinstall of Windows 8, 8.1 and 10 tutorial instead.

To launch Fresh start, click or tap the Additional info link, then hit the Get started button and follow further instructions. The process will take at least 20 minutes or so.
Windows 10 Creators Update, Windows Defender Security Center, Device performance & health. To reinstall Windows 10 and keep your personal files, click or touch the 'Additional info' link in the 'Fresh start' section. Windows 10 Creators Update, Windows Defender Security Center, Device performance & health, Fresh start. To reinstall Windows 10 and keep your personal files, use the 'Get started' button. The process will take at least 20 minutes.

Firewall & network protection in Windows Defender Security Center

Here is a basic overview of Windows Firewall status and what type of network (Private or Public) your device is currently connected to.
Clicking on a network type allows turning firewall on and off, and blocking all incoming connections, including these from allowed apps.
Windows 10 Creators Update, Windows Defender Security Center, Firewall & network protection. Clicking on Private or Public network allows turning Windows Firewall off and on, plus blocking all incoming connections.

The links below network types open Control Panel version of Windows Firewall.

App & browser control in Windows Defender Security Center

This section configures the behavior of Windows Defender SmartScreen modules.

The Check apps and files section controls how unrecognized apps and files from the web are treated. The default here is Warn, sufficient for most users; high-security users should use the Block option for better protection from 0-day threats.
Windows 10 Creators Update, Windows Defender Security Center, App & browser control. The 'Check apps and files' section applies to unknown apps and files downloaded from the web, and the 'SmartScreen for Windows Store apps' section checks web content apps try to download. 'Warn' is the recommended setting for both.

SmartScreen for Microsoft Edge, aka Windows Defender SmartScreen Filter is the same kind of SmartScreen we remember from the heydays of Internet Explorer. It protects your computer from malicious sites and downloads, and the default setting is Warn again. On devices with higher security requirements, Block would be the better option.

SmartScreen for Windows Store apps checks the web content Windows Store apps try to access. This one has only Warn and Off options, with Warn being the clear choice for security-aware people.
Windows 10 Creators Update, Windows Defender Security Center, App & browser control. The 'SmartScreen fro Microsoft Edge' section prevents from accessing malicious web sites and downloading malware. 'Warn' is the recommended setting here.

Family options in Windows Defender Security Center

Parental controls in Windows probably require their own tutorial, but let's review the basics.

The section actually contains only two clickable links, both take you to your Microsoft account:

  1. View family settings lists your family members you have added in Windows 10 and earlier. You can check children's recent activity, purchases, screen time, web browsing history, apps, games and media usage and even locate a person if his/her device supports this function.
    To add a child's account (or block an existing one temporarily) in Windows 10, open Settings app, navigate to Accounts, Family & other people and click or tap the Add a family member button. You should add all kids and other family members using the same Microsoft account, and please make sure kids' accounts have standard, not administrator rights.
  2. View devices lists all your family's Windows devices - computers, laptops, tablets and phones. You can locate the devices, see where they were recently and remove old ones.

Windows 10 Creators Update, Windows Defender Security Center, Family options. 'View family settings' link open a web page with your family members and allows checking your kids activity on Windows devices. 'View devices' allows locating and controlling Windows devices.

Forcing Windows Defender Antivirus to scan removable drives in Windows 10 Creators Update and newer

For an unexplained reason, Windows Defender Antivirus in Windows 10 does not scan removable drives, such as USB sticks and USB external drives. This can lead to malware infections or launching potentially unwanted programs.

To resolve this, open Start, type powershell, right-click or tap and hold Windows Powershell and choose Run as administrator.
Alternatively, use the Windows Key+X shortcut to open the Quick Links menu (or right-click the Start button) and choose Windows PowerShell (Admin).

In the PowerShell window, type or copy-paste the following command: Set-MpPreference -DisableRemovableDriveScanning $False
Press Enter and Windows Defender in Windows 10 will now scan removable drives.

Windows Defender Antivirus notification icon states and troubleshooting in Windows 10 Creators Update and newer

Windows Defender Antivirus icon is in the Notification area of Taskbar (aka System Tray).
As in every version of Windows, you can force the icon to be visible at all times: right-click or touch and hold on an empty space of Taskbar, choose Taskbar settings, scroll to the Notification area section, click Select which icons appear on the taskbar and set the Windows Defender notification icon slider to On.

In case the icon has a green circle with white check mark, you do not need to take any action - everything is fine, no actions needed.
Windows 10 Creators Update, Taskbar Notification area, Windows Defender notification icon with green circle and white check mark. No actions needed, everything is working fine.

If Windows Defender Antivirus icon has a yellow triangle with a black exclamation mark, something is a bit out of order: either Windows Defender Security Center settings are not quite right, potentially unwanted software (aka PUP) has been detected, a device driver is missing, system drive is almost full, or Windows Defender SmartScreen or SmartScreen for Microsoft Edge is not configured properly. Right-click or tap and hold the icon and choose Open to address the detected issue(s) - you'll see a clickable button that resolves the problems.
Windows 10 Creators Update, Taskbar Notification area, Windows Defender notification icon with yellow triangle and a black exclamation mark. Actions recommended, right-click the icon and choose 'Open' to launch Windows Defender Security Center and fix the detected issue.

If the icon has a red circle with white cross (or X), something is really wrong - for example, a malware detection occurred and cleanup requires your attention, Windows Defender or Windows Firewall has been turned off, etc. Usually, this type of problem also pops up a message in Action Center and a separate, clickable Toast above Taskbar Notification area.
Right-click or tap and hold the icon and choose Open to address the detected issue(s) - you'll see a clickable button that resolves the problems.
Windows 10 Creators Update, Taskbar Notification area, Windows Defender notification icon with red circle and white cross. Actions needed, right-click the icon and choose 'Open' to resolve the problems.

If you see the "Couldn't start the Windows Defender Antivirus service" error message, its service has probably been disabled. Click Close.
Windows 8, Windows Defender, Couldn't start the Windows Defender service. Click Close and open Services console.

You need to boot into Safe Mode first. After signing in, open Start, type regedit, right-click the result and choose Run as administrator.

Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services and click or tap on WinDefend. Locate Start in the right pane - if its data is set to 0x00000004 (4), the service has been disabled. Double-click the Start entry.
Windows 10, Safe Mode, Registry Editor, HKLM\System\CurrentControlSet\Services\WinDefend. Double-click on the Start value.

Type 2 (verify that Base is set to Hexadecimal on the right) and click OK. This sets Windows Defender Antivirus Service to start automatically.
Windows 10, Safe Mode, Registry Editor, HKLM\System\CurrentControlSet\Services\WinDefend, Start value. Type '2' and click OK.

Next, repeat the same action with Start value for WdNisSvc service (Windows Defender Antivirus Network Inspection Service) and SecurityHealthService (Windows Defender Security Center Service). Please do not mess with any other values - Registry Editor is a very powerful tool and you might make Windows unbootable.

Close Registry Editor and restart Windows normally to check if Windows Defender Antivirus starts properly now.

If Windows Defender Antivirus or Security Center Service is unable to start no matter what, use free tools such as RKill and Malwarebytes to remove rootkits.

Advanced tweaking - scheduling Windows Defender Antivirus scans in Windows 10 Creators Update and newer

Unlike Microsoft Security Essentials, Windows Defender Antivirus has no configuration options for scheduled scanning in its GUI (Graphical User Interface), but you still might want to automatically run a full monthly scan.
A quick scan is performed during the daily scheduled maintenance (3:00 AM by default) along with Windows Update and other tasks. If the schedule is missed or cancelled by a restart/shutdown, the scan runs shortly after starting or restarting your device the next time.

In case no scanning has been performed for a prolonged time, Action Center will notify about this, stating "Windows Defender needs to scan your computer".

To schedule Windows Defender Antivirus scanning, open Start menu, type "schedule" and click Task Scheduler.
Windows 10, Start menu. To automate Windows Defender tasks, type 'schedule' and click 'Task Scheduler'.

Right-click Task Scheduler (Local) on the left side and select Create Basic Task.
Windows 8, Task Scheduler. Right-click 'Task Scheduler (Local)' in the left pane and select 'Create Basic Task'.

Create Basic Task Wizard opens. Type a descriptive name for the scanning task and click Next.
Windows 8, Task Scheduler, Create a Basic Task. Type a name and description. Then click Next.

For full scans, set the frequency to Monthly.
Windows 8, Task Scheduler, Create a Basic Task, Task Trigger. Select 'Weekly' for quick scans and 'Monthly' for full scans. Click Next.

Select all months and a specific day and time for full scans.
Because you cannot limit CPU usage, choose a time when your device is most probably running, but not in very active use - during scanning, your computer slows down.
Windows 8, Task Scheduler, Create a Basic Task, Task Trigger, Weekly. Select a weekday and set a good time for automated malware scanning.

In action selection, the default Start a program is fine.
Windows 8, Task Scheduler, Create a Basic Task, Action. Leave 'Start a program' selected and click Next.

Click Browse.
Windows 8, Task Scheduler, Create a Basic Task, Action, Start a Program. Click Browse.

Navigate to C:\Program Files\Windows Defender folder and double-click MpCmdRun.exe. This is the executable file that allows performing common tasks in Windows Defender.
Depending on folder options, you might not see the ".exe" and ".dll" extensions.
Windows 8, Task Scheduler, Open, Windows Defender folder. Click 'MpCmdRun.exe' and click Open.

To perform a full scan, type: -Scan -ScanType 2.
Windows 8, Task Scheduler, Create a Basic Task, Action, Start a Program. Type arguments and click Next.

We're almost finished here. Enable the Open the Properties dialog for this task when I click Finish option before clicking or tapping the Finish button.
Windows 8, Task Scheduler, Create a Basic Task, Finish. Turn on the 'Open the Properties dialog for this task' option and click Finish.

Task Properties window opens in General tab. Click Change User or Group button in Security options section.
Windows 8.1, Task Scheduler, Task Properties, General. Click the 'Change User or Group' button.

In the Enter the object name to select field, type system and click Check Names. The name should then turn into capital letters and become underlined. Click OK.
This chooses a built-in account with highest level of user rights for the Windows Defender scan. SYSTEM account is also always logged on.
Windows 8.1, Task Scheduler, Task Properties, Select User or Group. Type 'system' without quotes and click 'Check Names'. Then click OK.

Back in the General tab of the Task, tick the Run with highest privileges check box. This allows Windows Defender to run with elevated rights and ensures all malware really is removed.
Windows 8, Task Scheduler, Task Properties, General. Enable the 'Run with highest privileges' option.

Open Settings tab and turn on the Run task as soon as possible after a scheduled start is missed option. If your computer is turned off or you are not signed in at scheduled time, the scanning will start after you log in to Windows the next time.
Click OK to close the Task Properties window.
Windows 8, Task Scheduler, Task Properties, Settings. Enable the 'Run task as soon as possible after a scheduled start is missed' option. Click OK.

At scheduled times, a black Command Prompt window appears. It will close automatically after the scanning is complete.
Windows 8, Windows Defender scan starting on schedule.


 

Ctrl+F searches in the contents







Next: Windows Defender Security Center on-demand scan in Windows 10
Previous: Windows Defender Security Center in Windows 10