Microsoft Defender Antivirus in the Windows Security app

Article
08/28/2023

Applies to:

Beginning with Windows 10, version 1703 and later, Microsoft Defender Antivirus settings are viewable in the Windows Security app. See Windows Security for more information about security features and settings that are built into Windows.

Important

Disabling the Windows Security app does not disable Microsoft Defender Antivirus or Windows Defender Firewall. These capabilities are disabled or set to passive mode when non-Microsoft antivirus/antimalware software is installed on the device and kept up to date. If you do disable the Windows Security app, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app might display stale or inaccurate information about any antivirus or firewall products that are installed on the device.It might also prevent Microsoft Defender Antivirus from re-enabling when you uninstall any non-Microsoft antivirus/antimalware software. Disabling the Windows Security app can significantly lower the level protection of your device and could lead to malware infection.

Review virus and threat protection settings in the Windows Security app

Open the Windows Security app by searching the start menu for Windows Security.
Select Virus & threat protection.
Use one or more of the subsequent sections to perform tasks using the Windows Security app.

Note

If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The Configure end-user interaction with Microsoft Defender Antivirus topic describes how local policy override settings can be configured.

Run a scan with the Windows Security app

Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security.
Select the Virus & threat protection tile (or the shield icon on the left menu bar).
Select Quick scan. Or, to run a full scan, select Scan options, and then select an option, such as Full scan.

Review the security intelligence update version and download the latest updates in the Windows Security app

Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security.
Select the Virus & threat protection tile (or the shield icon on the left menu bar).
Select Virus & threat protection updates. The currently installed version is displayed along with some information about when it was downloaded. You can check your current against the latest version available for manual download, or review the change log for that version. See Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware.
Select Check for updates to download new protection updates (if there are any).

Ensure Microsoft Defender Antivirus is enabled in the Windows Security app

Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security.
Select the Virus & threat protection tile (or the shield icon on the left menu bar).
Select Virus & threat protection settings.
Toggle the Real-time protection switch to On.

Note

If you switch Real-time protection off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats. If you install another antivirus product, Microsoft Defender Antivirus automatically disables itself and is indicated as such in the Windows Security app. A setting will appear that will allow you to enable limited periodic scanning.

Add exclusions for Microsoft Defender Antivirus in the Windows Security app

Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security.
Select the Virus & threat protection tile (or the shield icon on the left menu bar).
Under Virus & threat protection settings, select Manage settings.
Under Exclusions, select Add or remove exclusions.
Select the plus icon (+) to choose the type and set the options for each exclusion.

The following table summarizes exclusion types and what happens:

Exclusion type	Defined by	What happens
File	Location Example: `c:\sample\sample.test`	The specific file is skipped by Microsoft Defender Antivirus.
Folder	Location Example: `c:\test\sample`	All items in the specified folder are skipped by Microsoft Defender Antivirus.
File type	File extension Example: `.test`	All files with the `.test` extension anywhere on your device are skipped by Microsoft Defender Antivirus.
Process	Executable file path Example: `c:\test\process.exe`	The specific process and any files that are opened by that process are skipped by Microsoft Defender Antivirus.

To learn more, see the following resources:

Review threat detection history in the Windows Defender app

Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security.
Select the Virus & threat protection tile (or the shield icon on the left menu bar).
Select Protection history. Any recent items are listed.

Set ransomware protection and recovery options

Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security.
Select the Virus & threat protection tile (or the shield icon on the left menu bar).
Under Ransomware protection, select Manage ransomware protection.
To change Controlled folder access settings, see Protect important folders with Controlled folder access.
To set up ransomware recovery options, select Set up under Ransomware data recovery and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack.