Menu
homeErrors

How to protect your system from viruses. Protection against network attacks. File virus protection

Stable operation of a number of services is required, which may freeze from time to time, which negatively affects performance antivirus protection. During a restart, all Windows Defender components and services are restarted. If rebooting does not solve your problem, then pay attention to the following solutions.

If you have installed on your computer third party antivirus, then it can be the cause of a conflict that causes performance errors. Incompatibility issues lead to slow system performance, application crashes, frequent freezes and other problems.

When installing third-party antiviruses Windows Defender usually turns off. If you want to use the built-in system protection, then uninstall the third-party antivirus and restart your computer. After the system starts, Windows Defender should turn on again.

Instructions (How to remove an antivirus) and utilities (AV Uninstall Tools Pack) are available on our website for complete removal antiviruses from Windows systems.

3. Cleaning up threats

Another common reason for Windows Defender Security Center to fail may be active infection computer with malware. To find a threat, you need to perform a thorough analysis of the system. To check, you can use anti-virus scanners Malwarebytes Free and Microsoft Safety Scanner.

Run a scan and, if malware is detected, clean and reboot the system. If Windows Defender continues to generate errors, please refer to the following instructions.

4. Integrity check

Accidentally or suddenly, some files may become corrupted on your computer, which in turn causes Windows Defender to malfunction. To make sure there are no corrupt files on your system, run the built-in System File Checker (SFC) utility:

  1. Command line

If the SFC utility detects file integrity violations, the problems will be corrected automatically.

5. Checking the status in the registry

Any mishandling of registry keys can disable Windows Defender Security Center. It is important to check the primary keys.

  1. regedit and press Enter.
  2. The Registry Editor will launch. Follow the path HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows Defender.
  3. New > DWORD Value (32 bits)

Many applications rely on system time And Windows date. Incorrect value time may affect the performance of the built-in system antivirus. Make sure the date and time are set correctly.

Right-click the clock on the taskbar and select "Adjust date and time." On the Settings page, enable "Set time automatically" and select your time zone.

7. Download the latest updates

Windows Defender errors can often be caused by an incorrect system update. However, Microsoft could fix the problem in a patch or a new cumulative update. Make sure you have Windows automatic updates turned on and check regularly for new available updates.

To check, go to Settings >

8. Check the zone setting and update the proxy in Internet Explorer

An inaccurate Internet Explorer zone entry causes Windows Defender to malfunction. The only and simple way to overcome this problem is to reset your browser settings.

To do this, you need to manually perform the following steps

  1. Press the Windows key and enter Command line. Right-click on the item that appears and select the “Run as administrator” option.
  2. Copy NETSH command WINHTTP SET PROXY 1.1.1.1:8080 or NETSH WINHTTP SET PROXY MYPROXY.NET:8080 and paste it into the command line.
  3. Press Enter.

How to fix Windows Defender Security Center error 0x800704ec

In fact, this is not really a bug, because the operating system is specifically designed for this behavior. The reason for the error is that antivirus software is installed and active on the computer. To avoid software conflicts, antivirus software automatically disables Windows Defender. There are several ways to fix the error 0x800704ec.

Method 1: Uninstall third-party antivirus

You can solve the problem by simply removing the antivirus program from your computer - as a result, Windows Defender will become active again in the system.

  1. Enter appwiz.cpl and press Enter.
  2. Select the antivirus program you want to remove and select “Uninstall.”
  3. Confirm additional requests to remove the product if they appear.
  4. Restart your computer. Once the system starts, Windows Defender Security Center should become active again.

Note: If you encounter problems uninstalling a third-party antivirus, check out the How to remove an antivirus section for the solution you need.

Method 2: Change the registry settings:

In some cases, method 1 may not work and to solve the problem you will need to change the system registry keys:

  1. Press the Windows key combination + R. Enter regedit and press Enter.
  2. The Registry Editor will launch. Navigate to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows Defender.
  3. In the right pane, select the key and enter the value “0”. Then click OK.
  4. If you do not see the DisableAntiSpyware key, then right-click on the free space and select New > DWORD Value (32 bits). Name it DisableAntiSpyware and set the value to “0”.

Method 3: Use an editor group policies

Sometimes Windows Defender Security Center can be disabled through Group Policy Editor settings. You can easily check and restore settings:

  1. Press Windows key + R.
  2. Enter gpedit.msc and press Enter.
  3. Go to Computer Configuration > Administrative Templates > Windows components> Windows Defender Antivirus program.
  4. and double click on it.
  5. Select the “Not Specified” option. Click “Apply” and then “OK”.

Method 4: Start the service

  1. Press Windows key + R.
  2. Enter services.msc and press Enter.
  3. Select and double click on it.
  4. Make sure the “Automatic” option is selected and the service is running. Otherwise, manually start the service.

How to fix Windows Defender Security Center error 0x8050800d

Many users encounter this error when trying to scan the system. A pop-up window with an error code appears and the user is asked to close the program. The most likely cause of this error may be a conflict between Windows Defender and a third-party antivirus. There are 2 main ways to fix the problem:

Method 1:

  1. Securely remove the remnants of your previous antivirus solution (How to remove an antivirus). You can uninstall the program manually or use GeekUninstaller to automatic search and removal.
  2. Disable Security Center using Group Policy Editor. Press Windows key + R and enter gpedit.msc and press Enter.
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus
  4. In the right pane, select a policy Turn off Windows Defender Antivirus and double click on it.
  5. Select “Enabled”, click “Apply” and then “OK”.
  6. By using Windows Explorer go to the path C:\ProgramData\Microsoft\Windows Defender\Scans (view hidden items must be enabled) and delete the “Scans” folder.
  7. After uninstalling Scans, re-enable Windows Defender using the same procedure, but in step 5, select the “Not configured” option.
  1. Press the Windows key and enter Command line. Right-click on the item that appears and select the “Run as administrator” option.
  2. When prompted by User Account Control, answer “Yes.”
  3. In the window that opens, enter sfc /scannow
  4. Press Enter to run the command.
  5. Wait for the scan results.

How to fix Windows Defender Security Center error 0x800705b4

This error may be caused by the antivirus service of a third-party solution. A conflict is possible between two programs with similar functionality. In this case, you need to uninstall the third-party antivirus to get Windows Defender Security Center to work again.

Method 1: Enable the system firewall

  1. Press the Windows key and enter Control Panel. Select the option that appears. Go to section B Windows firewall and select the option “Turn Windows Firewall on or off” in the left navigation menu. Select the “Turn on Windows Firewall” option and click “OK”.
  2. Press Windows key + R and enter services.msc. Right-click on “Services” and select the “Run as administrator” option.
  3. Select Windows Defender Security Center service and check the service status. If the field is empty, double-click on the service name and select the “Run” option. If the service does not start, set the Startup Type to “Automatic” and restart the computer.

Method 2: Windows reset

  1. Launch the application Options
  2. Go to Update & Security > Recovery and select the “Restart now” option
  3. Then select the option “Troubleshoot” and “Reset your computer”
  4. Select “Keep personal files”, specify the administrator account and click “OK”.
  5. If you are prompted to use the installation disk, you need to connect the installation disk. Windows disk 10 or OS recovery disk.

Note: Resetting Windows may take quite some time. Your Windows computer may restart several times.

Method 2: Run an integrity check

If for any reason the above method does not fix the error, then you will need to run a System File Checker to detect and fix corrupted or missing system files.

  1. Press the Windows key and enter Command line. Right-click on the item that appears and select the “Run as administrator” option.
  2. When prompted by User Account Control, answer “Yes.”
  3. In the window that opens, enter sfc /scannow
  4. Press Enter to run the command.
  5. Wait for the scan results.

How to fix Windows Defender Security Center error 0x8050800c

At the end of 2016 with an error 0x8050800c faced many users of system antivirus in Windows 10 when they wanted to scan the system in search of malware.

The problem could be caused by an incorrect patch or update deployed to the computer. Many users were able to get rid of this error by simply installing all available Windows 10 updates/

Method 1: Installing updates

  1. Go to the Settings app > Update & security and tap Check for updates.
  2. Wait until Center Windows updates will search and install all necessary updates V automatic mode.
  3. Restart your computer and make sure there is no error.

Method 2: Use Norton Removal Tool

Often this problem occurs among users who have ever installed Norton products and they were deleted incorrectly. To thoroughly remove Norton antivirus traces, use the Norton Removal Tool application.

  1. Download and run Norton Removal Tool.
  2. Follow the onscreen prompts to get rid of installed applications Norton and their traces on PC.
  3. Restart your computer to apply the changes. After rebooting, make sure there is no error.

How to fix Windows Defender Security Center error 577

Sometimes users, when trying to uninstall a third-party antivirus, may encounter error 577 when starting the Windows Defender service:

"Error 577: Windows cannot verify the digital signature of this file. The last time there was a hardware change or software an incorrectly signed or damaged file or malware of unknown origin."

There are two main ways to solve this problem:

Method 1: Using Security Center

  1. Press Windows key + R
  2. Enter wscui.cpl and press Enter
  3. Click “Enable” next to the “Virus protection” option. After that the system antivirus and that’s it necessary services will be launched.

Method 2: Using the System Registry

  1. Press Windows key + R. Enter regedit and press Enter.
  2. The Registry Editor will launch. Navigate to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows Defender.
  3. Check the DWORD value of the key. If the value is different from 0, then double-click on the entry and in the window that opens, enter 0 in the value field. Save the changes.
  4. Run the file MSASCui.exe in the following location C:\Program Files\Windows Defender

Found a typo? Press Ctrl + Enter

The term “malware” refers to any program created and used to perform unauthorized and often malicious actions. As a rule, it includes various types of viruses, worms, Trojans, keyloggers, password theft programs, macro viruses, boot sector viruses, script viruses, fraudulent software, spyware and adware. Unfortunately, this list is far from complete, which is replenished every year with more and more new types of malicious programs, which in this material we will often call the general word - viruses.

The motives for writing computer viruses can be very different: from a banal desire to test one’s programming skills to the desire to cause harm or gain illegal income. For example, some viruses do almost no harm, but only slow down the machine due to their reproduction, littering the computer's hard drive or producing graphic, sound and other effects. Others can be very dangerous, leading to the loss of programs and data, erasing information in system memory areas, and even failure of parts of the hard drive.

CLASSIFICATION OF VIRUSES

IN currently, there is no clear classification of viruses, although there are certain criteria for their division.

Virus habitat

First of all, malware is divided according to its habitat (according to the objects it affects). The most common type of malware is file viruses , which infect executable files and are activated every time the infected object is launched. It is not without reason that some email services (for example, the Gmail service) do not allow sending emails with executable files (files with the .EXE extension) attached to them. This is done in order to protect the recipient from receiving an email with a virus. Getting onto a computer through a network or any storage medium, such a virus does not wait to be launched, but starts automatically and carries out the malicious actions for which it is programmed.

This does not mean at all that all executable files are viruses (for example, installation files also have the extension .exe), or that viruses only have exe extension. They may have inf extension, msi, and in general they can be without an extension or attached to existing documents (infect them).

The next type of virus has its own characteristic feature, they are registered in the boot areas of disks or sectors containing the system boot loader. As a rule, such viruses are activated at the time of download operating system and are called boot sector viruses .

Objects of infection macroviruses serve as document files, which include both text documents and spreadsheets, developed in macro languages. Most viruses of this type are written for the most popular text editor MS Word.

And finally, network or script viruses To reproduce, they use computer network protocols and scripting language commands. Recently, this type of threat has become very widespread. For example, attackers often use JavaScript vulnerabilities to infect a computer, which is actively used by almost all website developers.

Virus operation algorithms

Another criterion for dividing malware is the features of its operating algorithm and the technologies used. In general, all viruses can be divided into two types - resident and non-resident. Resident ones are located in the computer’s RAM and are active until it is turned off or rebooted. Non-resident, they do not infect memory and are active only at a certain point in time.

Satellite viruses (companion viruses) do not modify executable files, but create copies of them with the same name, but a different, higher-priority extension. For example, the file xxx.COM will always be launched earlier than xxx.EXE, due to the specifics file system Windows. Thus, the malicious code is executed before the original program, and only after that it itself.

Viruses-worms independently distributed in catalogs hard drives and computer networks, by creating their own copies there. Exploitation of vulnerabilities and various errors administration in programs allows worms to spread completely autonomously, selecting and attacking user machines automatically.

Invisible viruses (stealth viruses) try to partially or completely hide their existence in the OS. To do this, they intercept the operating system's access to infected files and disk sectors and substitute uninfected areas of the disk, which greatly interferes with their detection.

Ghost viruses (polymorphic or self-encrypting viruses) have an encrypted body, so that two copies of the same virus do not have the same parts of the code. This circumstance greatly complicates the procedure for detecting this type of threat and therefore this technology is used by almost all types of viruses.

Rootkits allow attackers to hide traces of their activities in a compromised operating system. These types of programs are engaged in hiding malicious files and processes, as well as their own presence in the system.

Additional functionality

Many malicious programs contain additional functionality that not only makes them difficult to detect on the system, but also allows attackers to control your computer and obtain the data they need. These viruses include backdoors (system hacker), keyloggers (keyboard interceptor), spyware, botnets and others.

Operating systems affected

Various viruses can be designed to operate on certain operating systems, platforms and environments (Windows, Linux, Unix, OS/2, DOS). Of course, the vast majority of malware is written for the world's most popular Windows system. However, some threats only work in Windows environment 95/98, some only on Windows NT, and some only in 32-bit environments, without affecting 64-bit platforms.

SOURCES OF THREATS

One of the primary goals of attackers is to find a way to deliver an infected file to your computer and force it to be activated there. If your computer is not connected to a computer network and does not exchange information with other computers via removable media, you can be sure that it is not afraid of computer viruses. The main sources of viruses are:

  • Floppy disk, laser disk, flash card or any other removable storage medium containing virus-infected files;
  • A hard drive that received a virus as a result of working with infected programs;
  • Any computer network, including a local network;
  • Email and messaging systems;
  • Global Internet;

TYPES OF COMPUTER THREATS

It’s probably no secret to you that today the main source of viruses is the worldwide global network. With what types computer threats can any ordinary user of the global Internet encounter?

  • Cybervandalism . Distribution of malware with the aim of damaging user data and disabling the computer.
  • Fraud . Distribution of malware to obtain illegal income. Most programs used for this purpose allow attackers to collect confidential information and use it to steal money from users.
  • Hacker attacks . Breaking individual computers or entire computer networks for the purpose of stealing confidential data or installing malware.
  • Phishing . Creation of fake websites that are an exact copy existing ones (for example, a bank website) with the aim of stealing confidential data when users visit them.
  • Spam . Anonymous bulk emails that clog electronic mailboxes users. As a rule, they are used to advertise goods and services, as well as phishing attacks.
  • Adware . Spreading malware that runs ads on your computer or redirects search queries to paid (often pornographic) websites. It is often built into free or shareware programs and installed on the user’s computer without his knowledge.
  • Botnets . Zombie networks consisting of computers infected with a Trojan (including your PC), controlled by one owner and used for his purposes (for example, sending spam).

SIGNS OF COMPUTER INFECTION

Detecting a virus that has entered your computer at an early stage is very important. After all, until it has time to multiply and deploy a self-defense system from detection, the chances of getting rid of it without consequences are very high. You can determine the presence of a virus on your computer yourself by knowing the early signs of infection:

  • Reducing the amount of free RAM;
  • Significantly slower loading and operation of the computer;
  • Incomprehensible (for no reason) changes in files, as well as changes in sizes and the date of their last modification;
  • Errors when loading the operating system and during its operation;
  • Inability to save files to certain folders;
  • Incomprehensible system messages, musical and visual effects.

If you find that some files have disappeared or cannot be opened, it is impossible to load the operating system, or there is a problem hard formatting disk, this means that the virus has entered the active phase and simply scanning the computer with a special anti-virus program will no longer get rid of it. You may have to reinstall the operating system. Or run remedies from emergency boot disk, since the antivirus installed on the computer has probably lost its functionality due to the fact that it was also modified or blocked by malware.

True, even if you manage to get rid of infected objects, it is often impossible to restore the normal functionality of the system, since important system files may be irretrievably lost. At the same time, remember that your important data, be it photographs, documents or a music collection, may be at risk of destruction.

To avoid all these troubles, you must constantly monitor the anti-virus protection of your computer, as well as know and comply with basic rules information security.

ANTI-VIRUS PROTECTION

To detect and neutralize viruses, special programs are used, which are called “ antivirus programs"or "antiviruses". They block unauthorized access to your information from the outside, prevent infection computer viruses and, if necessary, eliminate the consequences of infection.

Antivirus protection technologies

Now, let's take a look at the antivirus protection technologies used. The presence of a particular technology as part of an antivirus package depends on how the product is positioned on the market and affects its final cost.

File antivirus. A component that controls the computer's file system. It checks all opened, launched and saved files on your computer. If found known viruses, as a rule, you are asked to disinfect the file. If for some reason this is not possible, then it is deleted or moved to quarantine.

Mail antivirus. Provides protection for incoming and outgoing mail and scans it for dangerous objects.

Web antivirus. Performs anti-virus scanning of traffic transmitted via the Internet HTTP protocol, which ensures the protection of your browser. Monitors all running scripts for malicious code, including Java script and VB script.

IM antivirus. Responsible for the security of working with Internet pagers (ICQ, MSN, Jabber, QIP, Mail.RUAgent, etc.) checks and protects information received via their protocols.

Program control. This component logs the actions of programs running on your operating system and regulates their activities based on established rules. These rules regulate program access to various system resources.
Firewall (firewall). Ensures the security of your work on local networks and the Internet, tracking activity in incoming traffic that is typical for network attacks exploiting operating system and software vulnerabilities. To all network connections rules are applied that allow or prohibit certain actions based on the analysis of certain parameters.

Proactive protection. This component is designed to identify dangerous software based on analysis of its behavior in the system. Harmful behavior may include: activity characteristic of Trojans, access to the system registry, self-copying programs into various areas file system, intercepting data input from the keyboard, injecting it into other processes, etc. In this way, an attempt is made to protect the computer not only from already known viruses, but also from new ones that have not yet been investigated.

Anti-Spam. Filters all incoming and outgoing mail for unwanted messages (spam) and sorts it depending on the user's settings.

Anti-Spy. The most important component designed to combat fraud on the Internet. Protects against phishing attacks, backdoor programs, downloaders, vulnerabilities, password crackers, data grabbers, keyboard loggers and proxies, automated dialers for paid websites, joke programs, advertising programs and annoying banners.

Parental control. This is a component that allows you to set access restrictions for using your computer and the Internet. With this tool you can control the launch various programs, using the Internet, visiting websites depending on their content and much more, thereby protecting children and adolescents from negative influences when working on a computer.

Safe environment or sandbox (Sandbox). Limited virtual space blocking access to system resources. Provides secure work with applications, documents, Internet resources, as well as with Internet banking web resources, where security when entering confidential data is of particular importance. It also allows you to run unsafe applications internally without the risk of infecting the system.

Basic rules of antivirus protection

Strictly speaking, there is no universal way to combat viruses. Even if you have the most modern antivirus program on your computer, this absolutely does not guarantee the fact that your system will not be infected. After all, viruses appear first, and only then there is a cure for them. And despite the fact that many modern antivirus solutions have systems for detecting yet unknown threats, their algorithms are imperfect and do not provide you with 100% protection. But, if you adhere to the basic rules of anti-virus protection, you can significantly reduce the risk of infection of your computer and loss of important information.

  • Your operating system should have a good antivirus program that is updated regularly.
  • The most valuable data should be backed up.
  • Partition your hard drive into several partitions. This will isolate important information and do not keep it on the system partition where your OS was installed. After all, it is he who is the main target of attackers.
  • Do not visit websites with dubious content, especially those that are engaged in the illegal distribution of content, keys and key generators for paid programs. As a rule, in addition to free “freebies”, there is a huge amount of malware of all varieties.
  • When using email, do not open or run mail attachments from letters from unknown recipients.
  • All those who like to communicate using Internet messengers (QIP, ICQ) should also beware of downloading files and clicking on links sent by unfamiliar contacts.
  • Users of social networks should be doubly careful. Recently, they have become the main targets of cyber fraudsters who come up with multiple schemes that allow them to steal users’ money. A request to provide your sensitive information in dubious messages should immediately alert you.

CONCLUSION

We think that after reading this material, you now understand how important it is to take seriously the issue of security and protection of your computer from intrusions by intruders and the effects of malicious programs on it.
On this moment There are a huge number of companies that develop anti-virus software and, as you understand, it is not difficult to get confused with its choice. But this is a very important moment, since it is the antivirus that is the wall protecting your system from the flow of infection pouring from the network. And if this wall has many gaps, then there will be zero sense in it.

To make the task of choosing easier suitable protection PCs for ordinary users, on our portal we test the most popular antivirus solutions, get acquainted with their capabilities and user interface. You can check out the latest of them, and very soon you will find a new review of the latest products in this area.

This is a new application for managing the system's built-in Windows Defender Antivirus and other security features in Windows 10 Fall Creators Update and Windows 10 Creators Update. Microsoft has integrated various security features into the application, such as device health check, Windows Firewall, Controlled Folder Access, Exploit Protection, SmartScreen content filter management and parental controls.

general information

The old desktop application called Windows Defender still remains on the system, but its outdated interface remains hidden most of the time.

Users of Windows 8/8.1 and older versions of Windows 10 (pre-2017) should review the old Windows Defender setup guide.

The Windows Defender tab in the Update & Security section of the Settings app only displays information about the application version and a button to launch the new Windows Defender Security Center. In older versions of Windows this page controlled most Windows Defender settings.

Windows Defender uses Windows Update to download and install new antivirus definitions. New signature definitions are available several times a day, and the system antivirus uses cloud protection to speed up and enhance detection.

If you encounter problems updating Windows Defender signatures, use the instructions for troubleshooting problems with Windows Update

Using Windows Defender Security Center in Windows 10 Creators Update and higher

Open menu Start Defender and select the link.

After this it will open new interface antivirus. If one of the presented components has a red circle with a white cross or a yellow triangle with a black exclamation point, it means that the detected problem needs to be corrected.

Please note that Windows Defender Security Center also checks the status of installed drivers. Some older devices may cause a yellow mark to appear in the “Device Health” section due to missing compatible drivers. In this case, you need to ignore the warning.

Set up Virus & Threat Protection in Windows Defender Security Center

To configure the most important section of the application, click the button Protection against viruses and threats. Similar buttons are available on the left side of the Windows Defender Security Center window.

The first thing you need to do is enable the Real-time Protection option. If the switch for this feature is disabled, other parameters may not be available for change (grayed out).

Cloud security is safe for most users. If you are very concerned about privacy, you can disable this feature.

Parameter Automatic sending samples similar to previous settings, you should leave it turned on. This option affects reliability cloud protection.

If you are not experienced user computer, you should leave the default exclusion settings. Change these settings only if you clearly understand the consequences of your actions.

The Notifications feature (formerly known as Advanced Notifications) allows users to explore recent scan data and shows weekly activity summaries. When enabled, this option increases the number of notifications in the Action Center, so many users will want to disable it.

Keep in mind that Windows Defender will always warn you about malware infections and critical errors.

If on your Windows computer 10 Creators Update If you have a third-party antivirus installed, you can enable the periodic scanning feature (known as “Limited periodic scanning”). After enabling this feature, the Windows Defender icon will appear in the taskbar notification area (system tray), and the system will be scanned during periods when you are not actively using the computer. The Action Center may remind you if you have already performed a scan - in this case, the system tray icon will have a yellow mark.

This type of scanning can be very useful if a third-party antivirus does not receive regular signature definitions.

To enable additional scanning Click the Virus & threat protection button on the main screen Windows Defender Security Center. Then expand the Windows Defender Antivirus Settings section and turn on the Periodic scanning switch.

You will still be able to manage Windows Defender settings other than Real-time Protection when periodic scanning is enabled.

If you have previously installed a third-party antivirus (Avast, BitDefender, Norton/Symantec, McAfee, etc.), then in the Action Center you may see a notification: “Virus protection is disabled. To turn on Windows Defender, click or tap here.” Just click on alerts, and all required operations are performed automatically. This is one of those rare cases where you may see a Windows Defender desktop app warning in Windows 10 Creators Update.

Scan history and threats added to quarantine

By default, many infected objects are moved to quarantine - a protected folder where threats cannot harm the system. Windows Defender automatically removes detected files from quarantine after three months.

Open menu Start by pressing the Windows + S keyboard shortcut, enter Defender and select the link.

Click the button Protection against viruses and threats and then click the button Scan log.

If detected threats remain on the device, click the Start actions button to add dangerous objects to quarantine. Then click the link View the full magazine.

Otherwise (if no threats are detected on the system), immediately click the View full log link.

Please note that Windows Defender Security Center always displays the “No Threat” message in all sections of the Scan History screen, even if malware has been detected on the computer or has been cleaned. The only exception is when detected threats have not yet been removed.

If you want to see which files have been added to quarantine, you can click on an item in the list or use the Show details link. The Clear Log button applies to all sections of the Scan Log - it clears the list of quarantined threats and the list of allowed threats forever.

How to change cloud security settings

You can enhance your system's Windows Defender Antivirus cloud protection by joining the Microsoft MAPS community program.

In the instructions below, we will look at the steps to change the level of Windows Defender threat protection using local group policies and the system registry.

The section shows information about Windows Update, storage capacity, device drivers, and battery status (laptops and tablets only). Once your device starts up, the health scan may take some time to complete, so the latest information may not be immediately available.

If errors are found in one of the diagnostic areas, the user can either open Microsoft page with instructions on how to resolve the problem, or click the link for a quick fix. All of this is presented in the form of recommendations.

As mentioned above, not all older components have drivers compatible with Windows 10 - in such cases, you should ignore the warning. Keep in mind that in this case the system tray icon will also have a yellow warning label.

Just below on the Device Performance page there is a Start again section. This option is an automated version of the system reset function with saving personal files. Is not new feature, but you can use Windows Defender Security Center to reinstall Windows while preserving your personal data (you will lose installed programs and additionally installed drivers).

This function It would be advisable if you received a new device with a large number of applications pre-installed by the manufacturer.

If important desktop applications and drivers that need to be saved, try using the system repair disk to reinstall the Windows system.

This section provides a brief summary of the status Windows Firewall and about the type network connections(Private or Public networks).

By clicking on an individual network type, you can turn the Firewall on or off and block all incoming connections, including requests from allowed applications.

This section allows you to control the behavior of the Windows Defender module called SmartScreen.

Section Manage apps and files allows you to configure the processing of unidentified applications and files from the Internet. By default, the Warn option is selected, which will be optimal for most users. For enhanced protection against 0-day threats, you need to set the value to Block.

SmartScreen section for Microsoft Edge allows you to manage the same content filter that we remember from Internet Explorer. This module Protects your computer from malicious sites and downloads. The default value is Warn, but for enhanced protection it is recommended to select the Block option.

The SmartScreen section for Windows Store apps is designed to control the ability to review content used in applications Windows Store. There are only two options available here: Warn and Disable. If you are concerned about security, select Warn.

This section of Windows Defender Security Center contains only two links that lead to the Microsoft account management web console.

1. Option View family options shows family members who have been added to Windows 10. You can see your children's recent activity, their orders, time spent on the computer, browsing history, usage statistics for apps, games and multimedia content, and even determine the person's location if their device supports this function.

To add a child's account (or temporarily block the current account) in Windows 10, open the Settings application, go to the “Accounts” section, select the “Family and other people” section and click the “Add a family member” button. You must add all children and other family members using one account Microsoft entry. Make sure your children's accounts have standard permissions and not administrative permissions.

2. Option View devices shows a list of all family devices - computers, laptops, tablets and smartphones. You can locate devices, view their recent locations, and delete old devices.

How to enable forced scanning of removable drives in Windows 10 Creators Update and higher

By for unknown reasons Windows Defender in Windows 10 does not scan removable media, for example, USB flash memory devices or external drives. This may lead to malicious infections or the launch of potentially unwanted programs.

To fix this problem, open the menu Start, enter powershell and right-click on the link for the classic “Windows PowerShell” application and select the “Run as administrator” option.

Alternatively, you can use Windows + X to open the Quick Links menu (or right-click on the Start menu) and select the “Windows PowerShell (Admin)” option.

In the Windows PowerShell interface, paste the following command: Set-MpPreference -DisableRemovableDriveScanning $False

Press Enter, after which Windows Defender in Windows 10 will scan removable drives.

Customize the Windows Defender Security Center icon in Windows 10 Creators Update and higher

The Windows Defender Security Center icon appears in the taskbar notification area (system tray). In any version of Windows, you can set the icon to be visible at all times. Right click on free space on the taskbar and select the “Taskbar Settings” option. Scroll to the “Notification Area” section and click on the “Select the icons that appear in the taskbar” link. Near the “Windows Defender notification icon” item, move the switch to the “On” position.

If the icon has a green circle with a white checkmark, but no action should be taken.

If the Windows Defender Security Center icon has a yellow triangle with a black exclamation point, something has gone wrong: either the Windows Defender settings are incorrect or have been detected potentially unwanted program. Missing drivers, completely full storage, and incorrect SmartScreen settings in Windows Defender or Microsoft Edge. Right-click on the icon and click “Open” to fix the detected problem.

If the Windows Defender Security Center icon has a red circle with white crosses, it means that serious problems have been detected in the system, for example, malware has been found and user attention is required to clean up the threat. Also, displaying a red mark may cause Windows Defender or Firewall to be disabled. Typically, these events will result in a separate alert being displayed in the Action Center and a clickable toast notification in the system tray. Right-click on the icon and click “Open” to fix the detected problem.

If messages about malicious infection don't stop using a third-party cleaning solution like Malwarebytes.

If you see the error message "The Security Center service cannot start," the service has most likely been disabled. click the “Close” button.

Need to boot into safe mode. After the system boots, type regedit, right-click on the result and select “Run as administrator.”

Go to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services and click on directory WinDefend. Find the “Start” registry entry in the right pane. If the value is set to 0x00000004 (4), then the service has been disabled. Double-click on the “Start” entry.

Enter the value “2” (check that hexadecimal system Calculus) and click OK. As a result, the Windows Defender service will start automatically.

Then repeat the same steps for the service WdNisSvc(Windows Defender Antivirus Network Inspection Service) and SecurityHealthService(Windows Defender Security Center Services). Make sure you don't edit only the values ​​you need. Registry Editor is very powerful tool, which may cause Windows boot problems.

Close Registry Editor and restart Registry Editor to verify that Windows Defender Security Center is now working correctly.

If Windows Defender or Windows Defender Security Center still won't start, try full scan systems without rebooting using a specialized cleaning tool such as Malwarebytes.

Setting up a scheduled scan for Windows Defender in Windows 10 Creators Update and higher

Run a Windows Defender Offline scan in Windows 10 Creators Update and later

Scan at booting Windows appeared in Windows 10 Anniversary Update. This feature allows you to remove persistent malware, rootkits, and hidden threats that use methods to bypass antivirus protection when Windows starts.

To run offline scanning in Windows 10 Creators Update, close all open documents And running programs. Then open the Start menu by pressing the Windows + S keyboard shortcut, type Defender and select the “Windows Defender Security Center” link.

Open the “Protection against viruses and other threats” tab and click the “Advanced scan” link.

Select an option and click the “Run Scan Now” button.

Windows Defender will warn you that the offline scan will take some time and the device will restart. Make sure that all documents are saved and click the “Check” button.

After this, Windows will warn you that the reboot will take place within a minute. Click “Close” and wait until the device restarts.

After restarting, Windows will download new files that are required for verification. Please wait, this process may take a minute or so.

Windows Defender will then launch an offline scan and automatically quarantine detected objects. It will take 15-20 minutes to complete the scan. After the verification and cleaning process is completed, the device will reboot again. Log in and make sure there is no malware.

Found a typo? Press Ctrl + Enter

Computer viruses, spyware and other types of threats can gain access to your computer in several ways, such as: launching an infected file sent by email, accidentally clicking on an unsafe link on the Internet, or downloading something that turns out to be completely different. you thought it was a virus disguised as an application, movie, etc. There are a few simple steps steps you need to take to keep your computer and your personal data safe.

Update Windows

Microsoft typically releases new Windows updates every second Tuesday every month. Regular security-related Windows updates block newly discovered ways to infect your computer or leak personal data. So, the first step to keeping your computer safe is to make sure that your Windows is updated regularly, so open it to check. To check, open: "Start - Control Panel - Windows Update."

Update all software installed on your computer

Not only Windows must be updated, but also all programs that are used when browsing the Internet, such as Flash or Java. Updates for these programs are required for everyone to use latest features and technology while browsing your favorite websites. But unfortunately, these same programs can be used by attackers to infect your computer (using bugs found in them), so make sure that all applications are updated and their versions are up to date.

Some viruses may try to trick you by masquerading as an update to one of your programs. If you suspect that this is exactly the case, double-check the downloaded file antivirus agents, or try to find Additional information about this file on the Internet.

Install an antivirus and keep its database up to date

Antivirus software is designed to eliminate malware and also as a means of preventing it from entering your computer. You can choose a free antivirus and download from a mass of high-quality free antiviruses such as: AVG, Avira, Avast, etc. they all provide reliable antivirus protection. There are also antiviruses with firewall functions, such as Comodo, which provides additional protection against network attacks and intruders trying to access your personal information.

Be careful on the Internet

Another rule for protecting your computer from viruses and other attacks is to be careful when surfing the Internet. Even with latest version your browser, fully updated Windows, you may accidentally download dangerous files or even accidentally launch them, bypassing all your computer's security systems.

There is a sure way to find out that you are on an unsafe site or have followed an unsafe link: they help additional functions antiviruses that add additional information to the browser for links on a page; if the antivirus database considers this site unsafe, then you will be warned about the danger of clicking on the link.

Clue: if you use your computer for online payments or other confidential transactions, there is a simple additional method increase your safety, such as using two different browsers. Use one browser exclusively for your confidential transactions, and the other for surfing the Internet, visiting social networking sites, and so on.

Download files only from trusted sources

Any file that is downloaded without your permission is potentially dangerous. The same is true for files downloaded from unverified sources or received by email.

Download files only from trusted sources, especially beware of links on forums, message boards, etc.

Be careful on social networking sites

Facebook, Twitter, Odnoklassniki, VKontakte and other social networks are increasingly being used by attackers. The main risk is the fact that dangerous messages come from friends. If you see a message from a friend but it looks suspicious, contact your friend and make sure it's their link, text, or video. No, click on links until you are sure it is safe to do so.

Symantec security researchers report 13 million new malware variants per month. Antivirus systems are designed to protect against this danger, but it is obvious that they themselves are vulnerable and subject to attacks.

CHIP tested antiviruses together with AV-Test. The result gives cause for concern: in some cases, transmission channels are not sufficiently protected, in other cases, manufacturers use unreliable program libraries. We'll show you which antivirus tools are worth recommending, how the software's defense mechanisms work, and explain how best to configure these tools.

Even if you use good anti-virus protection, you should also use programs from other manufacturers. This way you can effectively secure not only your desktop PC, but also mobile devices - and it doesn’t matter whether it’s Android or iOS.

This is how antiviruses protect

Only a few antivirus manufacturers protect their programs
A detailed analysis by AV-Test shows that not all manufacturers use certificates or security mechanisms. But compared to previous years, improvements can be seen

Modern antivirus applications not only protect computers from already known threats, but also offer tools against zero-day vulnerabilities. To do this, they use heuristic methods to constantly monitor the PC. But in order for programs to effectively control the system, they require advanced rights.

It gets to the point where they can often control and change the OS to a greater extent than the registered user. For hackers, successful attacks on antivirus tools are the most simple solution, since through these tools they can immediately gain system access to the PC, as well as deactivate the control function of anti-virus monitors. Security software vendors struggle with these three anti-hacking features.

Secure connection when downloading

The first level of protection is already used on the manufacturer’s website. After all, antivirus developers no longer distribute their programs on DVD - they are mainly provided to customers as a package with downloadable code. The advantage is that the user will always have the latest version. Some manufacturers distribute programs via a secure https connection. The data transmission channel is encrypted, manipulations are practically eliminated.

True, there are also companies that still rely on an insecure http connection. Theoretically, in this case, hackers could intercept the data stream and slip the user an insecure, externally controlled version of the antivirus. AV-Test has discovered this unreliable download channel from several manufacturers. After seeing the results, the firms solemnly vowed to eliminate all the shortcomings and expressed their intention to transfer data in encrypted form in the very near future.

Updates with signature only

To ensure that only certified and signed updates are downloaded to your PC to scan files, antivirus programs use certificates, although not very consistently. With their help, the manufacturer signs individual software packages. When it arrives on the user's computer, the antivirus tool verifies the authenticity of the digital signature and installs updates.

This way, illegal updates are excluded. But this is done provided that the antivirus program works perfectly from the very beginning and has optimal settings installed by the manufacturer - unfortunately, many applications do not meet these requirements. And you will have to act on your own - this is discussed in more detail on the following pages.

Hardware protection at the processor level


Some vendors' antivirus software downloads work over insecure, tamper-evident http connections.

Starting from Windows XP SP2 operating system Microsoft system supports DEP (Data Execution Prevention) protection, which works directly in the processor. The principle of operation is relatively simple: the OS uses a special attribute NX-Bit (execution prohibition bit) for a specific memory area where critical data is stored.

If some program, for example, when memory is full, tries to use a processor register, DEP blocks access and transmits information about this to the operating system. Today the technology is a standard, but despite this, not everyone uses it. DEP alone does not provide 100% protection. Therefore, manufacturers use the function together with other technologies.

Software that prevents memory overflow

To prevent hackers from guessing where exactly critical data is stored in computer memory, ASLR (Address Space Layout Randomization) technology was developed more than ten years ago. In this case, programs receive their memory areas according to a random principle. ASLR was first used in Windows Vista. Among mobile systems, iOS 4.3 was the first, followed by Android 4.0. But ASLR does not provide a 100% guarantee of security. Using various techniques, hackers bypass random distribution.

For example, through the so-called “spraying” malware spreads throughout the entire drive. In this way, hackers provoke memory overflow, thanks to which they can then carry out their manipulations. To prevent this from going that far, antivirus manufacturers try to ensure that only certified software can be used on a computer.

Optimize antivirus programs

Specifically for browser add-ons and update settings you will need additional settings, since not all features of an antivirus tool are always useful for the security of your own system. Sometimes it is even better to completely disable this or that option.

Set the optimal time for updating


Antivirus plugins for browsers warn about dangerous sites, but in some cases they themselves are unreliable

The effectiveness of antivirus software protection depends on timely updates. Security researchers assume that known gaps are actively exploited within a few hours. But many antivirus programs run automatic updates only once a day, or even less often. It is better to set the update frequency to 12 hours. This suits most users. If you often visit unknown sites or install programs on your system, then this interval should be reduced to two hours.

Browser Toolbar

Most antivirus manufacturers install a browser add-on that controls the search process and the sites that open. The catch is that some of the web browser add-ons themselves are unreliable. Specialists in Google security We found out that, for example, the AVG add-on activates special JavaScript APIs that are usually considered unsafe. Meanwhile, AVG already has patches for the application.


Installed antivirus programs should look for program and definition updates every 12 hours

In addition to security considerations, in the case of some add-ons, users are also faced with the issue of annoying advertising - as, for example, with Avast. It would seem to be a completely good intention: Avast, using the SafePrice function, wants to show the user the most favorable online prices for products that the user sees directly in his browser. But here’s what’s hidden behind this concern for the user: the company makes money on every click.

To warn about dangerous sites, the tools in background check all browser network traffic. To allow programs to scan traffic from encrypted sites for viruses, the tools act as a proxy, which is similar to man-in-the-middle attacks. True, here too, in the case of the SSL proxy, security experts found weaknesses.

Among them, for example, is the famous researcher Tavis Ormandy. He considers the approach of antivirus manufacturers fatal, since the use of proxies opens the door to hackers additional features for attacks. And the browsers themselves warn about dangerous sites - there is no toolbar for antivirus programs additional protection they don't carry it.

Enable USB protection


Some antivirus systems, such as Avira, block access to unknown USB devices and protect against attacks from viruses such as BadUSB

Virus protection, for example from Avira, helps against attacks originating from USB devices. To do this, the tools block access to external media. Malicious programs such as BadUSB have no chance in this case. In the case of BadUSB, regular USB flash drives serve as hidden keyboard, with which the program code is quietly entered.

like this USB protection can be specifically activated in many antivirus tools. If your antivirus does not support this function, as an alternative you can use MyUSBOnly (myusbonly.com, cost: about $29.9 - 1750 rubles).

Professional protection for PC

With all the variety of antivirus programs, you can further enhance the protection of your devices using simple tools. We'll show you what tools you'll need and what settings you'll need to make.

Independent verification of infection


From hacker attacks such as ransomware viruses and the like, some files are better protected by encryption using VeraCryp

If you are visiting an unknown site that you know nothing about, use the online service virustotal.com. After entering the subject URL checking the service checks the web resource and displays a detailed report.

Additionally, the portal provides the ability to check files. If, for example, antivirus system alerts you that a file on your hard drive is infected, you upload the file to virustotal, and there it is scanned by several antivirus tools from well-known manufacturers. This allows you to reliably check for false alarms from your antivirus protection.

Outwit the ransomware


Baseline Security Analyzer Microsoft checks for important updates in the system and critical settings security

The best help against such a scourge as encryption Trojans is backup, but there is a simple trick to outsmart such a malicious program. New ransomware viruses do not encrypt the entire hard drive, as antivirus tools detect and block such access. Instead, viruses specifically search for documents and images on the disk and encrypt them.

This can be prevented by storing such files in an encrypted folder. The malicious program will not be able to get into it. To do this, you need to use the VeraCrypt tool and create an encrypted storage for your documents.

security check

Microsoft, with its Baseline Security Analyzer, offers a program that specifically looks for weak points on a PC. For this this utility verifies that all necessary patches are installed and that critical settings on the system are configured correctly, such as the firewall and strong password. Next to each alert, you will find a “Remedy Actions” link that will explain how to resolve the identified issues.

Protect mobile devices

Mobile systems should also use a combination of antivirus and additional software. In the case of Android it will be even easier, since antivirus scanner, like Windows, checks the entire system. But iOS users, on the contrary, will have to use special tools.

Installing system updates


Additional protection
Android users are advised to further protect their system using an antivirus tool (1) . iOS users can detect jailbreaks using apps like Lookout (2)

By installing the latest operating system updates, you prevent most attacks on your smartphone or tablet. To run updates on iOS, go to Settings | General | Software update." Updating is best done only through this operating system function.

If you boot from a program on an infected computer, external interference with the firmware files may occur. When updating within iOS, the download is encrypted and signed. To check if there is mobile system malware, use the Lookout security app. It checks for unwanted jailbreaks or malicious utilities on the device. The application can be found in the App Store.

The security level of Android devices is somewhat lower. In particular, budget models newer manufacturers do not receive firmware updates. The latest version of Android Nougat (version 7), according to Google, is installed on 11.5% of all Android devices. Almost half also run Lollipop or Kitkat, two vulnerable versions of the operating system. To check the availability of new versions of the operating system, open “Settings” on your gadget and go to the “About phone” section. Here, select "Software Updates".

Installed applications also require keeping up to date. To do this, the Android system has an automatic mechanism that needs to be activated in manual mode. Open the Play Market application and click on the three bars in the upper left corner. Then select "Settings" and in the "Auto-update applications" section, enable the "Wi-Fi only" option. The system informs you about upcoming updates in a drop-down menu that appears when you drag the top edge of the screen.

Install protection tools


Important updates
On Android you need to enable automatic updates (1) . After this, the system will show the necessary patches
in its own drop-down menu (2)

Thanks to iOS's tight architecture, you don't need to use any additional antivirus software - the Lookout app is all you need. The programs do not check the system. The situation is different for Android. Here you will in any case have to use additional security software, especially if you are using an older version of the operating system. Such tools are shown in the picture in the lower left corner.

Installing an antivirus program will ensure good protection. You can protect yourself from phishing attacks using additional utility Financial Security from McAfee. She checks in the background famous applications for banking and browser for correct checksums. In this way, manipulation of applications is almost completely eliminated. In addition, the tool checks the Internet connection for suspicious traffic diversion. If, for example, a malicious program is installed on the device that extracts data, the McAfee application will detect this and immediately block access.

Using a special browser


You can use thesemobile antiviruses
After a thorough check, CHIP, together with AV-Test, recommends the following antiviruses for Android. Antiviruses can be found in Google Play Market in the “Tools | Best | Bestsellers."

Antivirus programs and anti-phishing applications protect against most threats. But to get your hands on a preventative weapon, you will need special protection for using the mobile Internet. The best option is Cliqz Browser from Google Play Market. On the one hand, the browser will prohibit the collection of data through tracking, and on the other hand, it will prevent access to passwords and user account data.

If you use information and applications as described in this article, most viruses will not pose a threat to your devices, even if your antivirus protection has a couple of weak points. Nevertheless, in no case should you forget about maintaining the current state of programs, otherwise even the most sophisticated technologies will not help.

At the end of our article, we note that anti-virus programs such as Kaspersky, drWeb ​​and Eset Node are especially popular in Russia.