Windows Defender works with Internet Explorer 7 to help you make conscious choices about software installed on your PC by providing always-on protection that monitors key system locations, watching for changes that signal the presence of spyware.
Superior scanning and removal technologies use up-to-date spyware definitions created by Microsoft, with help from Windows Defender users who submit reports of potential new spyware.
Security Center is the one place to go to check security settings.
From installation to maintenance and updates, Windows Defender is simple to use and comes with preconfigured settings and guidance to help you get and stay secure. An improved user interface gives you more control over your software. Common tasks such as scanning, blocking, and removing unwanted software are easier than ever, and a Software Explorer helps you understand which software and services are running on your computer and stops or disables "rogue" software. Windows Defender automatically handles many common tasks and interrupts or alerts you only in the case of serious issues that require immediate action.
Windows Defender takes advantage of many of the platform enhancements in Windows Vista, including improved caching technologyˇXwhich allows scans to run fasterˇXand User Account Control, which enables the software to run without administrator privileges.
Integration with Windows Internet Explorer 7 allows downloaded files to be scanned before they are saved and executed, reducing the chance that spyware might be installed by accident. "Scan on execute" functionality provides an added layer of protection, and integration with Windows Security Center helps you keep track of spyware protection alongside other security and safety features.
Windows Defender is available for both Windows XP SP2 and Windows Vista. Windows Defender and its associated definition updates are also available on an ongoing basis as free stand-alone downloads for customers using Windows Server 2003, Windows XP, and Windows 2000 who validate their software through the Windows Genuine Advantage program.
To help protect your data and your computer, Windows Defender depends on three key technologies: scanning and removal of spyware, real-time protection, and ongoing updates.
By default, Windows Defender scans your computer for spyware every night at 2 A.M. unless you specify a different schedule. During the scan, Windows Defender automatically takes action on High, Medium, and Low Severity items, depending on your preferences.
Windows Defender automatically scans your computer for spyware daily.
You can also quickly scan the most common locationsˇXsuch as program files and Internet Explorer browser Help objectsˇXon your computer at any time by clicking the Scan button. Generally, a quick scan can detect the most common spyware on your computer. You can also elect to perform a full system scan, which takes longer but examines your entire computer for signs of spyware using a more comprehensive definition set. You can also use the menu to specify a custom scan of specific areas of your computer, such as removable storage.
Quickly scan common locations, such as program files or Internet Explorer.
When a scan is complete, Windows Defender notifies you of any spyware it discovers on your computer. It then prompts you with options for dealing with each threat and recommends appropriate action in most cases. Generally, there are four actions you can take if a threat is detected.
Windows Defender notifies you of any spyware it discovers.
Ignore: No action is taken, but the potential threat will continue to be detected in future scans.
Quarantine: Backs up the software in a safe location and then removes it. This prevents the software from running, but it can be restored if needed.
Remove: Deletes the software from the computer entirely.
Always Allow: Adds the software to the Allowed items list. It will not be detected in future scans.
Windows Defender can scan and remove software even if you are not running as an administratorˇXby default, non-administrators can take action on detected items. They can choose to remove, quarantine, or ignore items.
Scanning can remove existing spyware, but to help protect against new or unknown threats, Windows Defender includes monitoring agents for real-time protection. Several security agents monitor critical areas of the computer that spyware might attempt to modify: autostart, system configuration, Internet Explorer add-ons, Internet Explorer configuration, Internet Explorer downloads, services and drivers, application execution, application registration, and Windows add-ons. These critical areas of the computer represent the common entry points for spyware.
Typically, spyware must modify one of these areas to run automatically or spy on what you're doing without your consent. If any changes occur to these areas, Windows Defender notifies you so you can allow or block this activity. Some legitimate software might behave in suspicious-looking ways, so Windows Defender helps you make decisions about whether to allow it on your system by showing you the percentage of other Windows Defender users who have allowed it. Typically, legitimate software will have a very high "allow" rate.
Because spyware is a constantly evolving threat, Windows Defender automatically makes sure it has the latest definitions before a scheduled scan, so you are better protected from new threats. Definition updates are created by Microsoft analysts with help from an active network of Windows Defender customers who submit spyware reports. These reports help keep MicrosoftˇXand youˇXahead of new and emerging threats posed by spyware.
Customers can opt in to these networks at two different levels. "Basic participants" can submit reports that do not include personally identifiable informationˇXalthough this might result in incomplete spyware reports. "Advanced participants" can choose to send a full report that might include some personally identifiable information. They are also alerted about unknown software that exhibits behaviors similar to spyware.
Windows Defender gives you a clearer view of and more control over the software on your computer. When it detects suspicious actions by unknown software, it alerts you to the potential threat. It also includes a number of tools and features that help you keep track of what software you have, understand threats and alerts, and keep track of scanning and protection activity.
Windows Defender alerts you when it detects suspicious behavior on your computer or discovers known spyware during a regularly scheduled scan. It adjusts these alerts based on the severity of the potential threat.
Windows Defender alerts you when it detects suspicious behavior.
When innocuous changes occur, a small notification appears in the system tray. For moderate to severe threats, a yellow or red alert window is displayed because these threats generally require immediate action. You can either take immediate action or click Review to get more information about the potential threat. When multiple potential threats are discovered, only one alert is shown, to minimize interruptions and allow you to take action quickly and get back to using your computer.
To help you understand which software and services are running on your computer, automatically running on startup, or communicating over the Internet, Windows Defender includes a Software Explorer that lists these processes and helps you stop or disable "rogue" software.
You can also keep track of Windows Defender activityˇXincluding alerts, detection and removal, and installation of new definitionsˇXusing the Windows event log. You can review or audit previous actions you have taken by searching in Event Viewer for events created by Windows Defender.
