Windows Defender on Windows 8 - Introduction and Frequently Asked Questions

Technical Level : Basic

Summary

The purpose of this article is to address various issues, concerns, and address frequently asked questions, regarding Windows Defender on Windows 8, and to help you Protect your PC.

Note that the article was written for Windows 8, but also applies to Windows 8.1 and Windows 10.


Details

Windows 8 was released on October 26, 2012.  One of the notable features about this OS release from Microsoft is that it contains integrated anti-malware protection known as Windows Defender.

There is confusion concerning the name “Windows Defender”, as that product name has had multiple implementations.  Windows Defender, as discussed in this document, APPLIES ONLY TO WINDOWS 8.

This document is specifically for Windows 8 64-bit, and Windows Defender as integrated into Windows 8.  This document assumes the use of Internet Explorer and Windows Firewall.  For 32-bit users, or those using a different browser or firewall, you will have to adapt any specifics.  This document does not discuss Windows Server 2012, or any server product.

And, there is no discussion of Microsoft Security Essentials because MSE is not designed for, or supported on, W8.

This document is divided into four sections:

  • SECTION 1:  How do I get Windows Defender on Windows 8?
  • SECTION 2:  Issues affecting WD on W8
  • SECTION 3:  Frequently Asked Questions and General Concerns
  • SECTION 4:  A well-protected system

 With all that said, it is hoped that you find the information below helpful.

 SECTION 1:  How do I get Windows Defender on Windows 8?

There is no need, nor is it possible, to install WD on Windows 8.  WD is integrated with Windows 8, protecting you from malware.  Conversely, you cannot uninstall WD.

 If you install a third-party anti-malware product, WD will be disabled.  If you [properly] uninstall a third-party product, WD will be enabled.

 Before we can do anything with Windows Defender, we need to know how to open it!  To open Windows Defender, do the following:

  •  Use the charmsand search for Defender.  Then, click on Windows Defender.

 However, how you get to Windows 8 is the issue:

  •  Upgrading to Windows 8:  Previously installed anti-malware is a problem and can/will disable WD.  Prior to upgrading, if you intend to use WD as your anti-malware protection, you must completely remove all previously installed anti-malware products (including MSE if installed).  The List of anti-malware product removal tools should be used to this end.  Uninstall all previous anti-malware products, and use the appropriate manufacturer’s cleanup tool.  Then, upgrade to W8.  With a successful upgrade to W8, you will be using WD as your anti-malware protection.
  • New PC or fresh install of W8, with NO pre-installed third-party anti-malware product:  There is no need to install any third-party anti-malware product.  WD is there, protecting you.  However, you can install a third-party anti-malware product.  A successful install of such a product will disable, or should disable, WD.  This is the correct behavior/procedure.  The issue of having multiple real-time anti-malware products installed has been discussed many times.  Regardless of what you have been told, or what a few will recommend, you cannot have more than one real-time anti-malware product installed.  This is discussed in more detail later in this document.
  • New W8 PC with pre-installed third-party anti-malware:  If your new PC came with a free or trial version of a third-party anti-malware product (i.e. Norton, McAfee, TrendMicro, etc.), and you want to use WD, you must uninstall and use that manufacturer’s cleanup tool, even if you never used or activated the third-party product.  The List of anti-malware product removal tools should be used to remove completely the third-party product.  If your product manufacturer is not listed, go directly to their website to find their removal/cleanup tool.  After removal, restart your PC.  Also, you may have to enable [and restart] Windows Defender.
  • Reverting to WD:  Reverting to WD after you have installed a third-party anti-malware product is possible.  However, to do so, you must uninstall the third-party anti-malware product, and then use the manufacturer cleanup/removal tool as discussed above.  After removal, restart your PC.  Also, you may have to enable [and restart] Windows Defender.  Once this is accomplished, WD is enabled and protecting you.

SECTION 2:  Issues affecting WD on W8

What can affect WD on W8?  Most issues with WD can be corrected by following the steps below:

  • Verify that you have removed all other anti-virus applications or security suites that were ever installed on your PC, including any free/trial products that were installed when the PC was purchased (i.e. Norton, McAfee, TrendMicro, etc.).  Then, use the List of anti-malware product removal tools to complete the removal of these products.
  • If you have installed Java, Adobe Reader, or any other “free” product, you may have been presented with the option to install a “free virus checker”, which is selected by default.  If you were caught by this, and unknowingly/accidently installed this “free virus checker”, uninstall it and use the cleanup tool(s) in the list above.  Note that these “free” downloads can also occur in products purchased by you.  Your ISP may also provide an anti-malware product (and perhaps a firewall).  Install these products ONLY if you do not intend to use WD and/or the Windows Firewall.
  • Verify that your PC clock is correctly set.  If not, correct it.
  • Verify that you are up-to-date with the latest Service Pack and updates.
  • Verify that the Windows Firewall is on, and set to defaults.  Remove any other firewall that may be installed and use the Windows Firewall.  Third-party firewalls (as well as those included in some anti-malware products) can cause problems if incorrectly configured.
  • Verify that you are not using a proxy server.  If you are using a proxy, configure it as per the instructions later in this FAQ.
  • Verify that you have “Install updates automatically (recommended)” selected in Windows Update.
  • In Internet Explorer, reset all security zones to default level.
  • Then, restart your PC.

If a third-party anti-malware product was installed, it disabled WD. If you want to return to using WD, and you have properly removed that third-party product, you may have to re-enable WD.

  • Use the charmsand search for Defender.  Then, click on Windows Defender.
  • Select Settings tab.
  • Check Turn on real-time protection (recommended)
  • Click Save changes
  • Click Update tab then Update button to have current updates downloaded and installed
  • You may also want to do a Quick scan by selecting the Home tab and then selecting Quick scan

If you are still having problems with WD, post a message in the community forum.  To do so:

  • Note what version of WD you are using.  Open WD, click on the “down pointer” to the right of “Help”.  Then, click on “About Windows Defender”.  Provide this information when asking a question in the Virus and Malware community forum.

SECTION 3:  Frequently Asked Questions and General Concerns

The questions/topics included in this section are:

  1. Can I have more than one anti-virus application or security suite installed?
  2. Having multiple real-time anti-malware products provides “layered-protection”, correct?
  3. What is ELAM?
  4. What if I rebuild/reinstall/recover my Windows PC from my manufacturer supplied media?
  5. Does WD provide a registry cleaner?
  6. How well does WD protect you?
  7. How do I know if WD is really working?
  8. Can I schedule when WD definition updates occur?
  9. What if I leave my PC turned off for several days?
  10. I do not understand WD’s definition updates.
  11. How do I get definition updates and program upgrades?
  12. What is the difference between a Quick scan and a Full scan
  13. Will WD scan and update while my PC is asleep?
  14. Can WD shutdown my PC once a scan is finished?
  15. How do I schedule a scan with WD?
  16. Where are WD Settings?
  17. How do I temporarily disable Real-Time scanning?
  18. Where are the WD desktop and tray icons?
  19. How do I determine what version or build of WD I have?
  20. How do I get support for, and provide feedback on, WD?
  21. Can WD be used from the Command Prompt?
  22. Where are the WD log files?
  23. Can I use a proxy?
  24. I cannot use my VPN.
  25. Does WD scan email?
  26. Does WD filter junk email?
  27. Does WD include a Firewall?
  28. Are there other scanning options/solutions/tools from Microsoft?
  29. What about cookies?
  30. How do I remove/release a file or program that is being quarantined?
  31. Windows Backup and quarantined items
  32. How do I backup my computer and data?
  33. How do I control Startup programs?
  34. Can I improve my startup performance?
  35. How do I use the MS Community forums?
  36. Are calls from Microsoft to remove viruses legitimate?
  37. What if I get a Pop-up for one of those fake anti-virus products?
  38. Can I use a cleaner like CCleaner or Advanced System Care?
  39. Do I need JAVA?
  40. What about Adobe Flash Player?

1. Can I have more than one anti-virus application or security suite installed?

No.  Having more than one real-time anti-virus application or security suite installed will compete with other anti-malware product(s), and can cause severe performance problems and system stability issues, and may limit the effectiveness of the products installed.  Even if you attempt to have more than one product installed, with one active and another disabled, the disabled product will likely still have active components and/or drivers installed that will conflict with WD.  The important issue here is that any other product with real-time scanning will conflict with WD (or any other real-time product).

However, you can have an on-demand scanner, such as Malwarebytes, installed.  Malwarebytes offers two different scanners – one on-demand (free), and one real-time (paid).  The on-demand scanner does not conflict with WD’s real-time scanning.  Some users consider having one real-time product (e.g. WD) and an on-demand product (e.g. Malwarebytes (free)) a good combination on their system.

2. Having multiple real-time anti-malware products provides “layered-protection”, correct?

A few users believe that having more than one real-time anti-malware product installed provides “layered-protection”.  This is incorrect.  It is overlapping protection.  Layered protection is good, overlapping protection is bad.

Since many/most anti-malware products available today provide protection for spyware, viruses, worms, Trojans, etc., their coverage overlaps.  As soon as their protection begins to overlap, the risk for a conflict begins to increase.  There is no “design” that allows them to coexist.  Rather, they compete.  It is a common misconception that “if having one real-time anti-malware product is good, then two must be better” when, in reality, it is just “piling on” overlapping applications.

“Layered protection” is having complimentary items/protection, as in this example:

  • Hardware router firewall
  • UEFI booted 64-bit Windows 8
  • Data Execution Prevention (DEP) set to ON for all programs and services
  • Windows Firewall
  • Real-time anti-malware protection (such as Windows Defender on Windows 8)
  • Spam/junk filter (usually provided by your ISP, email provider, or email client)

3. What is ELAM?

ELAM is Early Launch Anti-Malware protection and is a key feature/benefit of WD on W8.  The reason that ELAM exists is to stop rootkits and other device driver types of malware, since the driver modules can all be validated and checked for malware before they are loaded, protecting the system from the moment the system begins to boot. This not only stops virtually all existing rootkits, but properly applied will also avoid the potential for future boot time malware, since it only loads what it absolutely must and then should make you aware of anything it can't identify that absolutely must be loaded to allow the system to boot.

To achieve this level of protection, you must be using hardware that provides UEFI (defined in the UEFI 2.3.1 specification), and you must be using 64-bit Windows 8.

UEFI is short for “Unified Extensible Firmware Interface”.  A discussion of UEFI is beyond the scope of this document.  A simplistic explanation is that it is the replacement for what we have known for the past 30+ years as the BIOS.  UEFI provides many advances and features beyond BIOS.  A key feature, and what makes ELAM possible, is the ability to authenticate module signatures at system boot time.

This is not “boot time scanning”, which was a manual boot time scan of the files on a PC similar to other old and archaic methods used by some third-party antivirus products of the past, and now a nearly useless feature, since boot time malware had rendered this method ineffective years ago.

The new Secure Boot ability in Windows 8 is made possible by the UEFI firmware standard.  Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure, assuming that UEFI firmware is available and enabled (in place of BIOS) on the PC itself.

There are huge differences in the two items mentioned above, so understanding these differences is important to determine if “boot time scanning” is useful or simply an anachronism from another time in the distant past.

For more information on how UEFI and ELAM work together, review Protecting the pre-OS environment with UEFI.

4. What if I rebuild/reinstall/recover my Windows PC from my manufacturer supplied media?

If you rebuild or reinstall using the supplied media or restore partition on your PC provided by the manufacturer, it is likely that a free or trial anti-malware product was part of that installation.  You will need to uninstall the anti-malware product to return to Windows Defender, even if it was never activated.  The List of anti-malware product removal tools should be used to remove completely the third-party product.

5. Does WD provide a registry cleaner?

No.  Moreover, you should not fall prey to all those websites that want to scan and clean your registry.  There are many debates regarding “cleaning” the registry.  The “registry”, to many users, is a magical, mysterious thing that contains thousands upon thousands of settings, coded cryptically in decimal, hexadecimal, and various other formats.  Anything that affects your PC must be in registry, right?  Well, no, but many who want access to your PC to sell you worthless software and tools, or to gain access to your PC for some purpose, will tell you that this is the case.  You can find thousands of these registry tools on the internet.  DO NOT USE THEM.  Read the Microsoft support policy for the use registry cleaning utilities.

There are many users who have used a registry cleaning tool, only to find their PC inoperable later.  For a discussion on this topic, read this.  Additionally, there is no such thing as a registry booster.  Moreover, any space reclaimed by cleaning the registry is miniscule and insignificant.  Lastly, in the process of removing a virus or threat, if such a virus or threat has made changes to the registry, WD will correct those registry entries.

6. How well does WD protect you?

WD provides excellent protection.  However, no anti-malware product (free or paid), or combination of products, will provide 100% protection, 100% of the time.  Malware (viruses, worms, Trojans, spyware, rootkits, malicious scripts, etc.) is constantly changing, and anti-malware products always have to keep up.

Note that very few of the commonly referenced testing groups are certified by any recognized bodies.  Most of these choose to call their results 'comparative' rather than a certification as a result.  If a testing body has no certification itself, it is rather a stretch for them to purport that they have any right to call their own results a certification.

7. How do I know if WD is really working?

You can test WD using the EICAR test file.  You can download the test file from here.  You may want to review this pageon intended use and contents of the test file. Additional options for sample submissions and online scanners can be found here: List of Online File analyzers & services

8. Can I schedule when WD definition updates occur?

The ability to do this does not exist at this time.  If you are concerned about an update occurring while using an application, or playing a game, do a manual update before starting such activity.

9. What if I leave my PC turned off for several days?

The virus definitions get out of date, and WD will update when you do turn on your PC.  You can update manually by opening WD, selecting the Update tab, and clicking on UPDATE.  If new definitions are available, they will be downloaded.  You can also update WD by using Windows Update.  If you encounter an error, WD may have already begun the update process.  Wait a minute or so, and try again.

10. I do not understand WD’s definition updates.

The update process for WD is similar to MSE.  For a detailed explanation of the WD update process, read this: Microsoft Security Essentials Update FAQ .  The exception is that WD updating respects the settings selected for Automatic Updates in Windows 8. If you have set AU to notify you, then WD will not automatically update and it will alert in about 7 days. WD will normally update itself about every 24 hours.  You can update WD manually, if you want.  Otherwise, it is not needed and causes unnecessary overhead.  If an event occurs that requires immediate attention, the WD update system will force an update to occur.  In addition, WD employs a “Dynamic Signature Service” (DSS).  Whenever WD encounters something it does not know or recognize, it will send information to “Microsoft Active Protection Service” (MAPS).  Depending on what MAPS determines from inspecting the information, it will cause an automatic download of definition updates to handle the malware.

11. How do I get definition updates and program upgrades?

WD definition updates are provided by Windows Update, and the “Update” tab in WD.  Also, WD will update itself every 24-hours.  If you need to update WD definitions while offline or using a slow connection, go to Microsoft Malware Protection Centerand select the W8 definition files, and follow the instructions for installation.

For upgrades or updates to the WD application, these are delivered by Windows Update.

12. What is the difference between a Quick scan and a Full scan?

Real-time protection is the real protection against malware.  Next, a quick scan will find orphaned files and auto-starts and stop them from running.  Finally, a full scan can find malware missed by the quick scan.  A full scan will “deep” scan every file on your system, including archive files (i.e. zip, rar, cab, etc.).  A full scan can take hours to run.  The decision to run a full scan is a personal preference.  You might choose to run a full scan once per month, or before a complete backup.  The decision is yours.

To scan a specific hard drive or USB device, select Custom scan and Scan Now, then choose the drive you wish to scan.  A full scan will then be performed on the selected drive.

13. Will WD scan and update while my PC is asleep?

No.  The PC must be on (not off, standby, hibernating, or asleep) for the scheduled scan to occur and for updates to download/install.

14. Can WD shutdown my PC once a scan is finished?

This cannot be accomplished from the WD user interface.  However, you can accomplish this using the task scheduler or batch scripts.  Review this threadfor more information.

15. How do I schedule a scan with WD?

Windows Defender "scheduled scan" is included in Windows 8 Automatic Maintenance.  Open the Action Center, click on "Maintenance", then on "Change maintenance settings", and then choose a time. 

There is also a "Wake the computer" option.  However, there is no reason to leave the computer on overnight.  Leave the setting at the default of 3am, and turn off the computer normally.  The scan will occur a short time after you turn on your PC.

For other options, look at Windows Defender in the Task Scheduler.

See this thread for information from GreginMich on the topic of scheduling a scan.

16. Where are WD Settings?

Open WD and click the Settings tab.  There you will find various categories and their settings. 

17. How do I temporarily disable Real-Time scanning?

You should not need to do this, even if a product manufacturer tells you it should be done prior to installing their software.  However, if you feel you must temporarily disable real-time scanning, open WD, click the Settings tab, select Real-Time Protection, and clear the check box for “Turn on real-time protection”.  Remember, you must turn real-time protection back on.

18. Where are the WD desktop and tray icons?

Windows Defender can be found on the Start screen, All Apps.  If you really want a Desktop icon, do the following:

Use the charms, and search for Defender.  Alternatively, go to the Start Screen, right-click, and select All Apps.  Under the Windows System group, you will find Windows Defender.

Once you have found Windows Defender, right-click on it and select Open File Location.  There you will find a shortcut to Windows Defender.  Copy the shortcut, and paste it on your Desktop.

There is no tray icon with WD on W8.  The Action Center icon reports WD issues.

19. How do I determine what version or build of WD I have?

Open WD and click on the “down pointer” to the right of “Help”.  Then, click on “About Windows Defender”.

20. How do I get support for, and provide feedback on, WD?

Support for Windows Defender is provided by Microsoft for retail purchased copies of Windows 8 or by the computer manufacturer if Windows 8 was provided with the computer. For Microsoft provided Support options, start here: http://support.microsoft.com/get-support

Feedback on WD is unavailable at this time.  It is suggested that you use MSE feedbackin the interim, where your suggestions and feedback will likely be handled in the same manner as the feedback on MSE.

21. Can WD be used from the Command Prompt?

Yes.  The MpCmdRun function of WD provides this ability. 

To run this tool, go to the StartScreen, right-click, and select All Apps. 

Under theWindows System group, right-click on Command Prompt, and select Run as Administrator.  Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the following commands:

>        cd \Program Files\Windows Defender

>        MpCmdRun /?

This will provide you with a list of commands and options that can be used from the Command Prompt with Windows Defender.  You may want to review this threadfor more information.

22. Where are the WD log files?

The MpCmdRun function of WD provides the ability to gather the following information/logs and packages them together in a compressed file in the support directory.  This information includes:

  • Any trace files from Microsoft Antimalware Service
  • The Windows Update history log
  • All Microsoft Antimalware Service events from the System event log
  • All relevant Microsoft Antimalware Service registry locations
  • The log file of this tool
  • The log file of the signature update helper tool

 To run this tool, go to the StartScreen, right-click and select All Apps.

Under theWindows System group, right-click on Command Prompt, and select Run as Administrator.  Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the following commands:

>        cd \Program Files\Windows Defender

>        MpCmdRun -getfiles -scan

At this point, logs will be collected and placed in a cab file.  This process can take several minutes.  When the process is complete, you will find the collected information here:

  • C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab

Now, close the Command Prompt window.  Then, using Windows Explorer, navigate to the above folder and extract the logs from the cab file to a location of your choice.  Then, using Notepad, browse, examine, and peruse the logs and information.

Also, review the system event log for more information regarding WD events and the following event codes.  These events are found in Event Viewer (Local), Applications and Services, Microsoft, Windows, Windows Defender, Operational:

  • 1000 – Scan started
  • 1001 – Scan completed
  • 1002 – Scan stopped (canceled)
  • 1005 – Scan terminated due to error
  • 1011 – Item deleted from quarantine
  • 1013 – History removed
  • 1116 – Malware detection
  • 1117 – Malware remediation
  • 1118 – Malware remediation error (non-critical) [not confirmed]
  • 1119 – Malware remediation error (critical)
  • 2000 – Successful update
  • 2001 – Failed update
  • 2002 – Engine update
  • 2010 – Dynamic Signature Service retrieved additional signatures
  • 2011 – Dynamic Signature Service discarded obsolete signatures
  • 3002 – Real-time protection failure: behavior monitoring
  • 5000 – Real-time protection enabled
  • 5001 – Real-time protection disabled
  • 5004 – Real-time protection configuration changed
  • 5007 – Configuration changed

 23. Can I use a proxy?

If Windows 8 updates work, Windows Defender updates will work.  However, KB2599808may be of some interest to you.

You may also use this procedure:

Go to the Start Screen, right-click, and select All Apps.

Under theWindows System group, right-click on Command Prompt, and select Run as Administrator.  Click YES at the UAC prompt.

Then, from the Command Prompt window, enter the command as per the examples below:

>        NETSH WINHTTP SET PROXY 1.1.1.1:8080

or

>        NETSH WINHTTP SET PROXY MYPROXY.NET:8080

24. I cannot use my VPN.

This is not a problem with WD.  You must have your VPN provider update their software to recognize WD.

25. Does WD scan email?

No.  There is no need for this to be done.  What is important are attachments and links in email.  When you attempt to open or save an attachment, or open a link, WD’s real-time protection inspects those items.  Read this threadregarding the handling of email.  However, the best rule you will ever find is “if you do not know the sender, do not open the attachments”.  Better yet, do not open the mail.

26. Does WD filter junk email?

No, junk/spam email is not malware.  Junk/Spam filters are a function of your email provider, and the email client that you use.

27. Does WD include a Firewall?

No.  This is not necessary.  W8 includes Windows Firewall in addition to Windows Defender.  If you do install a third-party product, and later remove/uninstall it, make certain that the Windows Firewall is on.  You can find the Windows Firewall in the Control Panel.

28. Are there other scanning options/solutions/tools from Microsoft?

  • The Malicious Software Removal Tool(MSRT) is provided via the monthly update from Microsoft, regardless of what anti-malware solution you have installed.  It runs during the update process.  MSRT can also be run on-demand if you download it.
  • Also available is the Microsoft Safety Scanner.  This is not a real-time scanner.  It is a free, downloadable, on-demand scanner.
  • Use Windows Defender Offlineto create a bootable USB stick or CD to help remove threats from your system.
  • For corporate/commercial users, Microsoft Forefrontis available.

 29. What about cookies?

Cookies are not malware.  Cookies are a browser issue, and are not a problem (except for privacy concerns).  This is where third-party Cookies are used.  Organizations and companies use third-party cookies to collect information about your viewing habits and preferences.

If these cookies concern you, you can turn them off.  To turn them off in Internet Explorer, go to

  • Control Panel, All Control Panel items, Internet Options
  • Select the Privacy tab, Advanced
  • Check the box for Override automatic cookie handling and select the button to Block Third-Party Cookies.

For more information on Cookies, review http://winhelp2002.mvps.org/cookies.htm.

Also, note that other anti-malware products will report cookies in their scans, while WD does not.  This gives the appearance that WD is not finding as many “viruses” as these other products, which is incorrect.

An additional note:  If you are concerned about privacy and tracking, please visit the Do Not Track Test Page.

30. How do I remove/release a file or program that is being quarantined?

Open WD.  Go to the History tab and select the Quarantined items radio button.  Next, highlight the item you want restored and select Restore.  Note that doing this will allow the file to exist and exposes you to risk of infection (if the file was infected).

31. Windows Backup and quarantined items

If you have items that are quarantined, and you use Windows 7 File Recovery (Windows Backup and Restore on Windows 7), you may see the backup fail (with error 0x81000031), complaining "Shadow Files Cannot be Read".  You must either REMOVE or ALLOW any quarantined items, and re-run your backup.  If you look up 0x81000031, you will likely be directed to KB973455, which will instruct you to delete reparse (junction) points, which is the incorrect answer to this problem.  Simply remediate the quarantined files, and re-run the backup.

32. How do I backup my computer and data?

You should explore these W8 options for backing up your system/data:

  • Control Panel, All Control Panel Items, File History
  • Control Panel, All Control Panel Items, Windows 7 File Recovery
  • Using the charms, search for Windows Easy Transfer

You may also want to explore the use of a third-party backup solution, or storing your data on SkyDrive(or some other cloud solution).

33. How do I control Startup programs?

You can use press Ctrl+Shift+Esc to bring up Task Manager and use STARTUP tab to disable those programs you do not need.

34. Can I improve my startup performance?

Examine the necessity of the number of startup programs you have.  To examine your startup programs, use the Task Manager.  To do this, press Ctrl+Shift+Esc to bring up Task Manager and use STARTUP tab to disable those programs you do not need.  Which startup programs should you keep, and which should you disable?  Look at the startup program database on bleepingcomputer.com.

35. How do I use the MS Community forums?

The Microsoft Answer Forums support Windows, Internet Explorer, Office, Viruses and Malware, and Microsoft products.  If your concern/issue is not addressed in these forums, just select the appropriate forum and ask your question.  Provide your OS information, browser used, and any anti-malware products you have or had installed.  You may want to review Suggestions for asking a question on help forums.  Volunteers and users support the forums.

Note that the MS Community forums are for Microsoft Products.  If you need help with a third-party product, contact the manufacturer of that product for support with their software.

36. Are calls from Microsoft to remove viruses legitimate?

No.  It is not Microsoft that called you.  Unless you specifically initiated a support case with Microsoft, this is a fraud/scam attempt.  For more information, read Avoid scams that use the Microsoft name fraudulently and Avoid tech support phone scams.

37. What if I get a Pop-up for one of those fake anti-virus products?

If you clicked on it, or even if you simply closed the pop-up, you are likely infected and need to go into virus removal mode.

If you have not touched anything on the screen since the pop-up, you may be able to avoid being infected.  The following assumes you are using Internet Explorer and WD.  If not, adapt this procedure for the browser and anti-malware product you are using.  Whenever you encounter one of these pop-ups while browsing, immediately do either of the following:

  • Shut down the PC without touching any browser windows.

or

  • Do not touch any browser window to close it or browse further.  Immediately press Ctrl+Shift+Esc to bring up Task Manager.  Select the Processes tab and END all instances of Internet Explorer by right clicking on the entry(s) and selecting END TASK.  Then, shut down the PC.

or

  • Press Alt+F4 until all browser windows are closed.  Then, shut down the PC.

Next, restart the PC.  Once the PC restarts, go to

  • Control Panel, All Control Panel Items, Internet Options
  • Select the General tab, Browsing History, Delete
  • Select Temporary Internet files and Cookies, and Delete
  • Then, perform a full scan with WD.

If you are still having difficulty removing these fake products, use the Microsoft Answers Viruses and Malware forum for additional help, or get support from Microsoft as previously described in these faqs.  You may also want to visit bleepingcomputer.com, where removal instructions are provided for many of these viruses.

38. Can I use a cleaner like CCleaner or Advanced System Care?

Yes, but make sure these cleaners are not deleting important WD files.  You must find the appropriate settings in those tools and set them correctly if they concern you, or contact the manufacturer of those products for support.  However, there is no need to use such tools, which can cause problems by deleting folders and files needed by W8, WD, and other applications.

If you really want to clean/remove temporary files, use Disk Cleanup that is included in W8.  To find Disk Cleanup, use the charmsand search for CLEANMGR.

39.  Do I need JAVA?

Most likely not.  There is Java and Javascript.  Javascript is built into Internet Explorer.  Very few applications need to install the Java application.  If you are not sure, do not install JAVA.  If you encounter an application that requires JAVA, it will inform you.  You can then choose to install JAVA at that time.  If you find that you have JAVA installed and do not need it, remove it.  By not installing JAVA, you can avoid problems and issues associated with JAVA, its updates, and associated security issues/concerns.  For more information on the risks of Java, read this document.

40. What about Adobe Flash Player?

Adobe Flash Player is now included in Internet Explorer, in both Modern and Desktop mode.  Windows Update provides updates for Adobe Flash Player.

SECTION 4:  A well-protected system

A well-protected system consists of several of areas of concern.  Attention to each area will help keep your system protected.  There is a Microsoft Fixit, which can address some of these concerns for you.  To achieve a well-protected system, please consider these items/issues:

  • Hardware that supports UEFI-based Secure Boot
  • Windows 8, fully updated (including service packs), with Automatic Update ON
  • Data Execution Prevention (DEP) for all programs and services.  For information on DEP, refer to KB912923 and to PAE/NX/SSE2 Support Requirement Guide for Windows 8.
  • All third-party applications (i.e. Java, Adobe Reader, etc.) updated.  You must keep these applications up-to-date, as they are frequently updated to address security issues.
  • Windows Defender providing comprehensive real-time anti-malware protection
  • Internet Explorer with:
    • Security tab: Default security settings (Reset all zones to default level)
    • Privacy tab: Pop-up Blocker ON
    • Advanced tab: Settings, Security, Enable SmartScreenFilter ON
  • Windows Firewall ON
  • Remote Registry Service NOT started
  • User Account Control (UAC) ON, and not running with elevated privileges
  • A good password policy in effect
  • A good backup procedure in effect
  • Only download software and drivers from the manufacturer/provider.  There is no need to go anywhere else.  Doing so will only put you at risk.
  • Visit Microsoft’s Malware Protection Centerfor the latest news on viruses and threats
  • And, YOU must practice safe surfing!

Special thanks to the following contributors to this article:

Rob Koch

Aiscer

Ahaap

Le Boule

Dr. Strangelove

GreginMich

PA Bear MS MVP

Kosh Vorlon

Jsssssssss

 

Forum Article Info


Last updated November 17, 2018 Views 93,952 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi Steve

 

Windows RT has WD too. Do you have any plans to expand this article to include Windows RT?

 

I have a Surface RT if you need any screenshots or info.

 

Thanks

Jetta48

_______________________________________________________________________
Disclaimer: You use my posts & forum articles entirely at your own risk. I don't work for Microsoft. I am an unpaid volunteer.

Hi Steve

 

Windows RT has WD too. Do you have any plans to expand this article to include Windows RT?

 

I have a Surface RT if you need any screenshots or info.

 

Thanks

Jetta48


I also have Surface RT. This article is basically a copy of what we posted on the Experts Community, created by Dr. Strangelove and updates the older MSE FAQ.

This article needs to be re-written completely as it is rather lengthy. One day!

 

-steve

^_^
Windows Insider MVP (Security), Moderator Microsoft Community
Understood.   :)
_______________________________________________________________________
Disclaimer: You use my posts & forum articles entirely at your own risk. I don't work for Microsoft. I am an unpaid volunteer.

You have furnished tons of detailed info, but like so many help posts, no one ever mentions what  to do when the actions taken don't react as the instructions.  For example, I am attempting to turn on WD.  I follow  the instructions, but all I get is a message telling me that WD is turned off.....of which I am totally aware ! So how is it turned on when the instructions won't work?

Please create your own new thread in the forum with as much information as possible and we will try to get you out of your problem.
Please come back with the results.
Please mark replies as helpful/answer if they are.
Thank you for this extensive reply & article. I will be following it carefully
Excellent article. Still have a question. Do I need to install a third party anti-virus program or not? In the past till I got this new machine I have had Microsoft security essentials.
Would be cool if someone could answer with a yes or no
Thanks in advance,
Doug

Doug, that question is answered in the article, though perhaps not explicitly.


You do not need to install other antivirus software, nor should you if you wish to use Defender. If you do, Defender will be shut down to allow the 3rd party product to provide the protection instead.


The choice to use Defender or a 3rd party product is yours. I choose to use Defender.


-steve

^_^
Windows Insider MVP (Security), Moderator Microsoft Community

Thanks Microsoft for being <Mod Note:  Tricks to use profanity that are enough to know the word are still profanity and will be removed as occurred here.  Repeated use will result in formal Abuse reporting per Microsoft Community Code of Conduct> up one more time.  Who is the idiot that that decided to automatically disable Windows Defender with any AV install?  In a world where are new attacks are coming in every second while the hardware to handle multiple AV products has vastly improved you go and do this.  Brilliant.

Microsoft made the right decision for Defender to step out of the way if another antivirus program registers itself to Windows as the provider. Hardware capabilities are not the issue. You should never have more than one security product installed on the PC providing active protection/scanning. This can cause performance issues, system instability, and can hinder the effectiveness of both products at providing protection.

Side note, if you expect any security product to protect the PC against every possible new threat...that's just not realistic. The real protection is in closing the holes and using technologies (IE SmartScreen, Automatic Updates) to assist in keeping the PC safe. 

-steve

 


^_^
Windows Insider MVP (Security), Moderator Microsoft Community

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.