How To

Set up Microsoft Defender for maximum protection

Martin Brinkmann


Microsoft Defender is the default Windows security solution that protects Windows PCs and devices against different threat types. Windows users may install third-party security solutions such as Avast One Essential or Bitdefender Total Security on their devices to replace Microsoft Defender. Microsoft Defender is the active security solution for most users.

The security software blocks some threats in its default configuration. It blocks, for instance, malicious software, file downloads with malware, and some exploits. Windows users may configure Microsoft Defender to protect their devices against additional threats, such as ransomware, malicious code injections, and potentially unwanted applications. These protections improve the security of the Windows device.

Set up Microsoft Defender for maximum protection

Ransomware Protection in Microsoft Defender

Ransomware attacks encrypt data on a user’s device for ransom. Microsoft implemented Controlled Folder Access in Microsoft Defender to counter this threat. The feature protects files, folders and memory areas on Windows devices against unauthorized changes.

Here is how you enable Ransomware Protection on Windows 10 and 11:

  1. Select Start and then Settings, when the Start Menu opens.
    • On Windows 10, navigate to Update & Security, then Windows Security, and activate the Open Windows Security button on the page.
    • On Windows 11, navigate to Privacy & Security and activate Windows Security. Select Open Windows Security on the page that opens.
  2. Open Virus & Threat Protection in the Windows Security program window.
  3. Scroll down to Ransomware Protection and activate the Manage Ransomware Protection button.
  4. Toggle the Controlled folder access preference on the page that opens.
  5. Confirm the UAC security prompt.
microsoft defender ransomware protection turned on

Ransomware Protection is enabled at this point. Microsoft Defender protects a set of default folders automatically, for example, the folders documents, Pictures, Favorites and Videos. You may add custom folders. Click on the protected folders link on the Ransomware Protection page in Windows Security.

Confirm the UAC prompt that is displayed and activate the “add a protected folder” button; this adds the selected folder to the protected folder’s list. You may select multiple folders.

Some applications may no longer be able to access protected folders as a result. The “allow an app through controlled folder access” option gives you options to add apps to the allow list. These programs gain access rights immediately in that case.

Reputation-based Protection — Potentially Unwanted Applications

Windows Security uses some reputation-based protections by default, while others are disabled.

Microsoft Defender SmartScreen protects against unknown files and applications on the device. SmartScreen protects against malicious sites and downloads in Microsoft Edge, and furthermore against malicious web content that Microsoft Store applications use.

SmartScreen does not block potentially unwanted applications or files by default, as the feature is turned off by default.

Potentially unwanted apps, or PUPs, are programs that may cause unexpected behavior, for example, through undesirable reque

Do the following to enable the protection:

  1. Follow step 1 under the Ransomware Protection instructions to open Windows Security on the device.
  2. Open App & browser control.
  3. Activate the Reputation-based protection settings link on the page that opens.
  4. Toggle the switch under “Potentially unwanted app blocking” so that its status is on.

Windows Security blocks potentially unwanted apps and file downloads from that moment on. The feature supports options to allow certain file downloads and program executions.

Memory Integrity protection

Memory integration is a core isoltation feature that protects high-security processes against the insertion of malicious code. The virtualisation-based security feature may not be available on all devices, and it may be enabled on some Windows 11 devices already.

The feature isolates important processes in a virtualized environment to protect them against manipulation.

Here is how you check if Memory Integrity is enabled:

  1. Follow step 1 under the Ransomware Protection instructions to open Windows Security on the device.
  2. Go to Device Security and activate the Core Isolation details link on the page that opens.
  3. Switch the Memory Integrity preference to On to enable the feature.
  4. Confirm the UAC prompt that is displayed when you do that.
  5. Restart the PC.

In summary, all three security features improve the security of the Windows system in different areas. The activation of the features may improve the security of the Windows system on the positive side. On the negative side, activation may lead to unwanted side effects.

Microsoft Defender may block certain files or apps, even though they may be harmless.

You may also like