Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Managing Client Protection : Using Windows Defender (part 1)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/3/2013 5:57:34 PM

Windows Defender is a tool designed to reduce the risk of specific types of malware for small office and home users. Though Windows Defender is not designed for use in large enterprises, it does provide some integration with Active Directory Group Policy and can retrieve updates from an internal Windows Software Update Services (WSUS) server.

Windows Defender will interact with users if potentially unwanted software is detected Therefore, users must be trained before Windows Defender is deployed so that they understand how to respond to the various prompts and can distinguish between genuine Windows Defender prompts and other software that might impersonate those prompts (a common social engineering technique).

1. Understanding Windows Defender

Windows Defender provides two types of protection, both enabled by default:

  • Automatic scanning Windows Defender scans the computer for potentially malicious software on a regular basis. By default, Windows Defender is configured to download updated definitions and then do a quick scan daily at 2 A.M. You can configure scanning frequency on the Windows Defender Options page.

  • Real-time protection Windows Defender constantly monitors computer usage to notify you if potentially unwanted software might be attempting to make changes to your computer.

The sections that follow describe each type of protection in more detail.

Automatic Scanning

Windows Defender provides two different types of scanning:

  • Quick Scan Scans the portions of a computer most likely to be infected by malware, such as the computer’s memory and portions of the registry that link to startup applications. This is sufficient to detect most malware applications.

  • Full Scan Scans every file on the computer, including common types of file archives as well as applications already loaded in the computer’s memory. A full scan typically takes several hours, but it may take more than a day, depending on the speed of the computer and the number of files to be scanned. The user can continue to work on the computer during a quick scan or a full scan; however, these scans do slow the computer down, and will consume battery power on mobile computers very quickly.

By default, Windows Defender runs a quick scan daily. This is usually sufficient. If you think a user might have malware installed, you should run a full scan to increase the chances of removing every trace of the malware. In addition to quick scans and full scans, you can configure a custom scan to scan specific portions of a computer. Custom scans always begin with a quick scan.

If Windows Defender finds potentially unwanted software, it will display a warning, as shown in Figure 1.

Figure 1. Windows Defender notifies the user of potentially unwanted software.

Most of the time, the user should simply choose to remove all of the potentially unwanted software. However, Windows Vista will display four options for each item detected:

  • Ignore Allows the software to be installed or run on your computer. If the software is still running during the next scan, or if the software tries to change security-related settings on your computer, Windows Defender will alert you about this software again.

  • Quarantine When Windows Defender quarantines software, it moves it to another location on your computer, and then prevents the software from running until you choose to restore it or remove it from your computer.

  • Remove Deletes the software from your computer.

  • Always Allow Adds the software to the Windows Defender allowed list and allows it to run on your computer. Windows Defender will stop alerting you to actions taken by the program. Add software to the allowed list only if you trust the software and the software publisher.

Real-Time Protection

Real-time protection might alert you when software attempts to install itself or run on your computer, as shown in Figure 2. Depending on the alert level, users can choose to remove, quarantine, ignore, or always allow the application, just as if the problem were encountered during a scan.

Figure 2. Windows Defender real-time protection warns the user if potential malware attempts to make changes to your computer.


If potentially unwanted software is allowed to run on your computer, it sometimes attempts to make changes to system settings so that it will automatically run the next time you start your computer. Of course, legitimate software also makes similar changes, so it’s up to the user to determine whether the change should be allowed. If Windows Defender real-time protection detects software attempting to make a change to important Windows Settings, the user will be prompted to Permit (allow the change) or Deny (block the change).

Real-time protection provides the following security agents, all of which are enabled by default:

  • Auto Start Monitors lists of programs that are allowed to automatically run when you start your computer. Malware typically wants to run after you restart your computer, and frequently adds itself to one of the several lists of autostart programs.

  • System Configuration (Settings) Monitors security-related settings in Windows. Malware often attempts to disable security software to make it more difficult for users to detect or remove the malware and to allow other applications to install without the user’s permission.

  • Internet Explorer Add-ons Monitors programs that automatically run when you start Internet Explorer. Malware can masquerade as web browser add-ons and run without the user’s knowledge.

  • Internet Explorer Configurations (Settings) Monitors browser security settings, which are your first line of defense against unwanted content on the Internet. Malware can try to change these settings without the user’s knowledge to make it easier to make browser configuration changes.

  • Internet Explorer Downloads Monitors files and programs that are designed to work with Internet Explorer, such as ActiveX controls and software-installation programs. These files can be downloaded, installed, or run by the browser itself. Unwanted software is often included with these files and installed without the user’s knowledge.

  • Services and Drivers Monitors services and drivers as they interact with Windows Vista and applications. Malware often attempts to use services and drivers to gain access to protected areas of the operating system.

  • Application Execution Monitors when programs start and any operations they perform while running. Malware can use vulnerabilities in previously installed applications to run unwanted software without the user’s knowledge. For example, spyware can run itself in the background when a user starts another frequently used application. Windows Defender monitors applications and alerts the user if suspicious activity is detected.

  • Application Registration Monitors tools and files in the operating system where applications can register to run at any time, not just when you start Windows Vista or another program. Malware can register a program to start without notice and run at a scheduled time each day, for example. This allows the program to collect information about the user or gain access to important software in the operating system without the user’s knowledge.

  • Windows Add-ons Monitors add-on programs (also known as software utilities) for Windows Vista. Add-ons are designed to enhance your computing experience in areas such as security, browsing, productivity, and multimedia. However, add-ons can also install programs that will collect information about users and expose sensitive, personal information, often to advertisers.

Other -----------------
- Securing the Workstation : Beginning with Basic Security
- Managing Client Protection : User Account Control (part 4) - How to Configure User Account Control
- Managing Client Protection : User Account Control (part 3) - UAC Virtualization, UAC and Startup Programs, Compatibility Problems with UAC
- Managing Client Protection : User Account Control (part 2) - UAC User Interface, How Windows Vista Determines Whether an Application Needs Administrative Privileges
- Managing Client Protection : User Account Control (part 1) - UAC for Standard Users, UAC for Administrators
- Maintaining Desktop Health : Using Task Scheduler (part 5) - Scheduled Tasks Events, Troubleshooting Task Scheduler
- Maintaining Desktop Health : Using Task Scheduler (part 4) - Managing Tasks
- Maintaining Desktop Health : Using Task Scheduler (part 3) - Creating New Tasks
- Maintaining Desktop Health : Using Task Scheduler (part 2) - Task Scheduler Security, Task Scheduler User Interface
- Maintaining Desktop Health : Using Task Scheduler (part 1) - Task Scheduler Architecture
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server