Windows information security basics

Windows Defender Antivirus

Easy
10 min

What is Windows Defender?

Windows Defender (also known as Windows Security) is a virus protection and security software provided by Microsoft, designed to protect the Windows operating system from malware such as viruses, spyware, and other harmful programs.

It is built into all the latest versions of Windows, such as Windows 10 and Windows 11, providing real-time protection without the need for the user to install third-party antivirus software.

What does Windows Defender do?

Windows Defender protects your device in many ways.

Real-time protection

Windows Defender scans files and programs in real-time as they are opened or executed, preventing malware from entering the system.

When the user opens, downloads, or executes files, Windows Defender automatically checks them for malware. It utilizes an extensive malware definition database that is constantly updated to ensure that it recognizes the latest threats. Defender can also use heuristic analysis and machine learning to identify new, unknown threats based on their behavior.

Network Security

Real-time protection also includes network protection, which prevents dangerous websites from downloading malware or tricking users into providing their personal information (phishing). It warns users when they try to access known dangerous sites.

Cloud-based protection

Voluntary cloud-based security utilizes cloud-based analytics to identify and prevent the latest threats.

Restricted access to folders (Controlled folder access)

"Controlled Folder Access" is a security feature that is part of Windows Defender's malware protection. This feature provides additional protection for sensitive files and folders by specifying which applications can make changes to the controlled folders. Its main goal is to protect data from ransomware and other malicious applications that attempt to modify files without permission.

When "Controlled Folder Access" is enabled, Windows Defender monitors selected folders and prevents suspicious or unknown applications from modifying files in these folders. The user or system administrator can specify which folders are protected and can also allow trusted applications access to these folders.

Windows Defender Management

Opening Windows Security

Write "Windows Security" in the Windows search bar and open the application. You can also find it by selecting Settings > Update & Security > Windows Security.

Checking the status of Windows Defender

Open "Virus & Threat protection" from the left pane and check that "Real-time protection" is turned on.

Turning on Real-Time Protection

Switch the "Real-time protection" to "On".

Enabling Restricted Directories

You can now voluntarily add directories you want to protect by selecting "Protected folders".

Performing a manual check with Windows Defender

Go to the section "Protection against viruses and threats" and select "Scan options". Here you can choose quick scan, full scan, or custom scan (scanning of specific folders).

Tasks

Windows practice

The lab takes a couple of minutes to start up, please wait patiently and add more time if needed. You don't need to close the lab between switching modules in this course. You can log in to the server via RDP with the username "EVILCORP\john.doe"and the password "Letmein123!"

Enable real-time protection

Enable real-time protection of Windows Defender. Once done, run Check.ps1 and enter flag 3.

Ticket 3

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.