Blog Post

Ritelink Blog > News > Windows > Windows Defender antivirus: 5 settings to change first

Windows Defender antivirus: 5 settings to change first

All Windows PCs use Microsoft’s antivirus by default.

Windows security on Lenovo laptop

Image: IDG / Chris Hoffman

Windows Defender is a capable antivirus solution built into Windows itself. Unless you’ve installed a different antivirus program on your Windows 11 or Windows 10 PC, your PC is using it right now. The good news is that Microsoft’s Defender antivirus is designed to “just work” without a lot of tweaking and it has sensible defaults. But there are still a variety of settings you may want to change in your PC’s built-in antivirus program.

Here’s one setting you no longer need to change: Windows Defender now blocks “potentially unwanted apps” (PUAs) out of the box. Spyware, adware, and other junk you probably don’t want installed is blocked automatically — you no longer have to flip a switch to activate that additional protection.

Protect your files with controlled folder access

Windows Defender antivirus has an especially useful feature named “controlled folder access” that’s turned off by default. It provides extra protection against ransomware and other malicious software, preventing dangerous software from messing with files in sensitive folders like your Documents folder.

You can activate controlled folder access for extra protection for your files — although you should still have backups of your important files. Backups are always essential.

Be aware that, if you do activate controlled folder access, it may block applications you trust from accessing your files. You’ll then need to go into the Windows Security window and add those applications to the allowed-apps list.

That’s why it’s disabled by default — you’ll likely have to do some fiddling with it. It could be especially inconvenient for gamers, as PC games often want access to your Documents folder so they can save your game files there. But, if you want some extra security for your files, it could be worth it.

To activate controlled folder access, open the “Windows Security” application from your Start menu, select “Virus & threat protection,” and then choose “Manage ransomware protection.” You can then turn on “Controlled folder access” from here. The links here will let you see a history of blocked applications, choose which folders are protected, and control which apps are allowed through the controlled folder access protection.

Controlled folder access

IDG / Chris Hoffman

Turn off unnecessary notifications

While Microsoft Defender normally gets out of your way and does its job quietly, there’s one unnecessary thing it bothers you about. Defender tries to perform a full system scan in the background once a day — when you’re not using your computer. After a successful scan, it will send you notification a telling you “No new threats were found.”

Clearly, Microsoft wants you to know Defender is doing something. But do you really need to be interrupted by a popup telling you everything is fine? I don’t think so.

To get rid of these unnecessary notifications, open the “Windows Security” application from your Start menu and click the gear-shaped “Settings” option at the bottom-left corner of the window.

Click the “Manage notifications” link here to see notification options. Uncheck only “Recent activity and scan results.” If you leave the other options enabled, Windows will tell you when it finds a threat — but it won’t tell you if it scans and finds no threats.

You can turn off other types of Defender notifications here, too — but the other ones are more useful.

Two notifications

IDG / Chris Hoffman

Ditch the system tray icon — especially the second one

The Windows Defender antivirus comes with a blue, shield-shaped system tray icon to let you know it’s running. That’s fine, but it’s extra clutter you don’t really need if you don’t want it.

Worse yet, if you subscribe to Microsoft 365, you may end up with two blue shield-shaped icons in your system tray. You’ll get one for Windows Security, which is built into Windows itself, and one for Microsoft Defender, which is part of Microsoft 365.

Technically speaking, Microsoft Defender is a little different and has some extra features like identity theft monitoring as part of your subscription. Why they have almost exactly the same name and icon is a mystery that only Microsoft knows.

Anyway, Microsoft doesn’t offer an obvious way to turn these icons off. But you can do it by disabling startup applications.

You can do this right from the Task Manager: First, open the Task Manager by right-clicking an empty spot on your taskbar and selecting “Task Manager” — or by pressing Ctrl+Shift+Esc. Then, select “Startup apps” (on Windows 11) or the “Startup” tab (Windows 10.)

To disable the Windows Security system tray icon, right-click the “SecurityHealthSystray.exe” application and select “Disable.” To disable the Microsoft Defender icon included with Microsoft 365, right-click the “Microsoft Defender” application and select “Disable.”

(You can also head to Settings > Apps > Startup to find a Startup-app-management tool built into the Settings app. You can use whichever tool you prefer — the one in the Settings app or the one in the Task Manager.)

The next time you sign out of your computer and sign back in — or restart it — the shield-shaped Defender icons will vanish from your system tray.

Even after you do this, Windows Defender is still running in the background. It will block malware and send notifications when it does. You can access its features from the Windows Defender app — just launch “Windows Defender” from the Start menu. It just won’t appear in your PC’s system tray.

3 system tray icon

IDG / Chris Hoffman

Set up exclusions to speed things up

Most PC users won’t need to set up exclusions in Windows Defender or any other antivirus program. But, if you do have the kind of workload that benefits from setting up exclusions, this will be the most important setting to change in this entire list.

Defender and other antimalware tools perform real-time scanning of the files you use on your PC. This is normally pretty fast, and modern antivirus tools don’t slow things down much on a modern PC with a typical workload. When we benchmark PCs here at PCWorld, we always run our benchmarks with Windows Defender enabled. After all, that’s the default.

But, for certain workloads, there is a significant benefit to using exclusions. If you are regularly creating or working with lots of small files you trust — or some very big files you trust — that real-time scanning can slow down system performance.

This is particularly useful if you’re using virtual machines or are compiling software, for example. By excluding the folders with the files you’re working on from real-time scans, you can reap some speed improvements.

But be careful with this, as you’re opening a hole in your defenses. You should only do this with folders you thoroughly trust. It’s not a good idea to exclude game folders — we live in a world where malware has been distributed through Steam game updates, after all.

If Exclusions make sense for your workload, you should configure them in Windows Defender. To do so, launch “Windows Security” from the Start menu, click “Virus & threat protection,” and click “Manage settings” under Virus & threat protection settings. Scroll down to the Exclusions section and click “Add or remove exclusions.” Then, add folders you want to exclude from scanning — but, again, be absolutely sure you’re ready to place complete trust in whatever you’re excluding.

4 exclusions

IDG / Chris Hoffman

Consider whether core isolation is right for your PC

The Windows Security app has lots of other interesting security settings you may want to experiment with. I recommend launching the “Windows Security” app from your Start menu and poking around a little.

One controversial setting that Microsoft includes in the Windows Security interface — which isn’t quite a Windows Defender feature, but is something the Windows Security app will bug you to activate on your PC — is core isolation. Core isolation uses hardware virtualization features offered by your CPU to isolate system processes from the rest of your PC. With its memory integrity feature, it can better protect system processes from malware during an attack on your PC.

This isn’t an antivirus feature exactly — it’s an overall Windows operating system security feature. It can offer some extra protection, although it may slow down PC performance some — so it may not be ideal for PC gamers.

If you upgraded to Windows 11 or set up your PC prior to the end of 2022, core isolation is disabled by default. If you have set up a new PC since the big update at the end of 2022, core isolation is tuned on by default.

While this setting can boost security, it also cuts performance a bit — especially in games, and especially on older computers. I recommend reading the details about core isolation before activating it. Or, if you have a modern gaming PC, you might want to think about turning it off for some extra FPS.

5 core isolation memory

IDG / Chris Hoffman

Prefer another antivirus? You don’t need to turn off Defender

Windows Defender is a capable antivirus tool that works well without much configuration. That’s one of the best things about it.

Even if you prefer another antivirus program, you don’t need to turn off Microsoft’s Defender antivirus. After you install another antivirus program, Defender will notice you’re using another antivirus and stop its real-time scanning. If you uninstall that other antivirus program, Defender will leap back into action.

Microsoft’s Defender antivirus ensures Windows PCs always have a baseline level of antivirus protection. You don’t really need to install antivirus on a modern Windows 11 or Windows 10 PC — that’s a security myth.

Leave a comment

Your email address will not be published. Required fields are marked *