7 advanced Windows protection strategies
By default, Windows Defender does such a good job of protecting your PC that you probably won't need another antivirus. However, if you're concerned about security, this guide will show you some advanced Windows Defender features that will secure your PC.
Note : Some of these features are disabled by default to improve security usability. When enabled, they can prevent access to certain applications or even affect performance.
1. Enable Controlled Folder Access
The Controlled Folder Access feature prevents unauthorized applications from modifying data in specified folders. This protects data from becoming a target for ransomware and other malware.
However, the screening process was very positive. It only allows system apps, and some Microsoft-approved apps aren't even on the official list. Once enabled, be ready to allow trusted apps to manually modify data.
Type 'windows security' in Windows Search and open the Windows Security app. You'll find all the Windows Defender settings you need to configure here.
Click Virus & threat protection on the left panel, then click Manage ransomware protection at the bottom.
Allow Controlled Folder Access . There are a few options for managing it.
Click Protected folders to view important data folders, such as Pictures, Videos, etc. Click the Add a protected folder button to add folders you want to protect from modification.
If this prevents any trusted application from working, you can add it to the allowed list by clicking the Allow an app through Controlled folder access button .
2. Enable Microsoft Defender application protection
When enabled, this feature launches Microsoft Edge in an isolated virtual environment, separate from the main system. Malicious websites will not be able to attack personal data because it is separate from the browser environment.
Of course, running a hardware-backed virtual environment consumes more resources and can negatively impact sites with virtual machine compatibility issues. You may notice slow performance (especially on older PCs) and some website features not working as expected.
In the Windows Security app, click App & browser control , then select Install Microsoft Defender Application Guard .
In the Windows Features window , enable Microsoft Defender Application Guard and click OK to install the feature. The PC will have to be restarted.
Go to the App & browser control section again and click Change Application Guard Settings .
For protection, a variety of features are disabled, such as copy/paste, printing, camera and microphone access, etc. Enable these features here if you must use them.
3. Run Windows Defender offline scan
While real-time protection and daily scanning do a great job of protecting your system, you may need to manually run offline scans to detect more stubborn malware. Offline scanning runs outside the Windows environment, so it can detect malware trying to escape regular scans or prevent scans from blocking it.
If you think your PC is infected or just want to make sure nothing suspicious is going on behind your back, run a Windows Defender offline scan.
4. Enable Force randomization for images (Mandatory ASLR)
ASLR (Address Space Layout Randomization) is an operating system feature that randomizes the memory location of programs to prevent malware from taking advantage of memory location vulnerabilities in programs. By default, this only applies to executables with the /DYNAMICBASE flag.
When the Force randomization for images (Mandatory ASLR) option is enabled , ASLR security will be mandatory for all executable files, even without the /DYNAMICBASE flag. Using ASLR on vulnerable executables improves overall security but may cause compatibility issues with some legacy legitimate programs.
To enable this feature, go to the App & browser control section and click Exploit protection settings .
Select On by default in the Force randomization for images (Mandatory ASLR) option and restart your PC.
5. Run a custom scan
Windows Defender's Custom scan feature will provide better security. The quick scan only covers vulnerable locations and cannot perform a full system scan every time as it takes too much time and resources. If you suspect a program, it's better to run a targeted custom scan.
Click Scan options in the Virus & threat protection section .
Select Custom scan , then click the Scan now button . Select the location you want to scan and the scan will run.
The Custom scan option can also be used to scan removable storage devices, such as USBs, to ensure they are clean before use.
6. Enable Core Isolation Memory Integrity
This feature protects critical system processes from malware infection by running them in an isolated virtual environment. It isolates important Windows kernel, system services and security processes, such as wininit.exe, isass.exe, smss.exe and some versions of svchost.exe.
However, enabling it may slightly impact performance, as the system needs to run additional security and virtualization checks. More importantly, it can cause driver incompatibility, which can affect the application and cause crashes.
In the Windows Security app, go to the Device security section , then click Core isolation details .
Enable Memory integrity to enable this feature. (No reboot required.)
If you encounter driver incompatibility issues, update all drivers to the latest version and try again.
7. Submit the file sample manually
While this won't immediately improve PC security, it can improve Windows Defender's overall scanning capabilities for everyone. Microsoft allows sending a potentially malicious file to a human analyst to review and upgrade Windows Defender's security capabilities if it is a new threat.
Submit a malicious file that Windows Defender cannot detect or a clean file that is determined to be malicious for an analyst to examine by following these steps:
Go to the Virus & threat protection section and click Manage settings under Virus & threat protection settings .
Click Submit a sample manually under Automatic sample submission .
This will open the Microsoft Security Intelligence page in the browser. Sign in with your Microsoft account and fill out the form to send the file.
Once submitted, you will receive a response from the analyst within a few days. Go to the View submission history section on the website to view the submission status.
These Windows Defender security features will definitely enhance the overall security of your PC. They will cause compatibility issues but you can whitelist affected apps. Don't forget to enable all other Windows security settings to minimize vulnerabilities.
You should read it
- Here's how to uninstall Windows 10 to return to using Windows 7 or 8.1
- The chart for the 10 most amazing versions of Windows
- Windows revolution and breakthrough changes through each version
- Summary of several logout methods on Windows 8 and Windows 10
- Looking back at 27 years of 'evolution' of Windows
- Instructions on how to upgrade from Windows XP to Windows 8
- 4 ways to 'revive' Windows XP on Windows 10
- What is Windows Hello? How does Windows Hello work? How to install Windows Hello
- Instructions for setting up Windows Hello face recognition on Windows 10
- 9 Windows 8.1 errors have not been resolved
- How to download Windows 10 Theme for Windows 7
- Compare Windows 10 and Windows 11
Maybe you are interested
Why should you buy a MacBook instead of a Snapdragon X Elite Windows laptop?
How to set up a secure guest account on a Windows computer
How to Enable and Disable Tabs in File Explorer on Windows 11
5 macOS Sequoia Features Not Available on Windows 11
Why does Windows operating system have such a bad reputation?
Quickly fix Unmountable Boot Volume error on Windows 10/11