Tuesday, September 17, 2019

Scanning for Malware in Windows Defender

Exploring Windows Defender

Windows Defender is on by default in Windows 10. To confirm, check the Security and Maintenance window, as covered in the earlier section “Protecting your PC.” If Windows Defender is off, follow the directions in the Security and Maintenance window to activate it.

Normally, Windows Defender runs in the background; you need to do nothing unless it finds an infection. To confirm that Windows Defender is active, look for the Shield icon in the notification area on the taskbar, as shown in the margin.

You can also view the Windows Defender window. To quickly access it, click on the Windows Defender notification icon on the taskbar and choose Open. You can also tap the Windows key and type Windows Defender. Choose the Windows Defender Desktop app from the search results.

The Windows Defender window is illustrated in Figure 1. You can perform a quick scan in this window, covered in the next section. Use the Update tab to confirm that the program is up-to-date. Check the History tab to see what Windows Defender has done in the past to keep your PC safe.

A second location for controlling Windows Defender is found in the Settings app. To open that app quickly, click the Settings icon in the Windows Defender window, as illustrated in Figure 2-2. Otherwise, open the Settings app (press Win+I) and choose Update & Security and then Windows Defender.

The most important setting to make for Windows Defender is Real-Time Protection, which is an on–off toggle located in the Settings app. Ensure that the option is on, and you’re good.

Scanning for Malware in Windows Defender

Windows Defender runs automatically, so you don’t need to actively do anything. If you suspect that something is up or you just want to confirm that the program does its job, you can perform a manual scan. Follow these steps:

1. Open Windows Defender.

Refer to the preceding section.

2. On the Home tab, ensure that the Quick option is selected.

3. Click the Scan Now button.

Windows Defender reviews sensitive locations and various files on your PC, scanning for signs of infection.
The scan takes time, even when the Quick option is selected. If a suspect item is located, you’ll be alerted. See the next section for what to do.

Dealing with an infection

When Windows Defender locates a suspected infection, the file is immediately placed into quarantine. Yes, you’ll want to freak out at this point, but don’t: Any damage has been thwarted. The suspect file is placed into the quarantine state, where it can do no harm, but you still need to decide what to do with it. To review any suspected infections, follow these steps:

1. Open Windows Defender.

2. Click the History tab.

3. Ensure that Quarantined Items is selected.

4. Click the View Details button.

Quarantine items appear in a list. These are suspect files, and they could include some false positives.

You can deal with the quarantined items in three ways.

First, you can ignore the items. Your PC is safe, and the quarantined items stay that way.

Second, you can remove the suspected infections: Select an item and click the Remote button. Or click the Remove All button to purge the lot. The files are obliterated and won’t bother you again.

Third, you can restore a false positive. For example, a file that you know is safe was found by Windows Defender as suspect. If so — and providing you know the file is safe — select it and click the Restore button. Further, you might consider setting this file as an allowed item so that Windows Defender doesn’t falsely quarantine it again.

1 comment: