4. Using Windows Defender Tools
In Windows Defender, you can access the Tools and Settings
page, shown in Figure 11, by clicking the
Tools button on the toolbar. As the previous sections discussed how to
configure general and administrative options, and how to perform a scan,
let’s now look at the other selections available on this page.
Figure 11. Accessing additional settings and tools
Clicking Microsoft SpyNet lists Microsoft SpyNet features and
options that allow you to join this service offered by Microsoft.
Microsoft SpyNet is an online community that helps users determine how
to respond to potential threats to their computers. You have three
options to choose from: join with a basic membership, join with an
advanced membership, or not join at all.
The default setting is a basic membership. A basic membership
sends very little information to Microsoft about the software Windows
Defender detects and the alert actions the computer uses. Advanced
membership sends more information to Microsoft about spyware and other
potentially unwanted programs encountered on the computer. Microsoft
does not send any personal identification information in these updates.
Of course, the “I don’t want to join” option does not send any
information to Microsoft, but you also do not get the benefits of using
SpyNet. Make sure you click the Save button to allow Windows to update
your profile for future use of Windows Defender.
“Quarantined items” lists the different programs and files
Windows Defender has identified as threats against the computer. This
feature also lists the default action taken against the listed objects,
and the date the computer found the potentially unwanted program. You
have three options for working with quarantined items:
- Remove All
Permanently removes all quarantined items from your
Selecting a quarantined item and then clicking Remove
removes the quarantined item from your computer.
Selecting a quarantined item and then clicking Restore
allows the item to run on your computer.
The top of the “Quarantined items” window lists the membership
level if you have joined Microsoft SpyNet, and it allows you to change
your membership level.
“Allowed items” lists the programs and files that you’ve
allowed to run after Windows Defender alerted you about a potential
threat. Each program or file is listed by name, alert level, and
recommended action. If you want to remove a program or file from the
“Allowed items” list, click it and then select “Remove from list.”
Windows Defender will then be able to monitor the program or file for
potentially malicious activity. The
top of the window also lists the membership level if you have
joined Microsoft SpyNet, and it allows you to change your membership
Selecting the link to the Windows Defender website takes you
directly to the official Windows Defender area of Microsoft’s website.
The related pages have invaluable information concerning help and support
using Windows Defender, as well as Microsoft’s stance against spyware.
You can find some wonderful information, in addition to an online
community dedicated to helping users with problems using Windows
Also available is a link to the Malware Protection Center website. The Malware Protection
Center performs malware research and response for the Windows operating
system. You can learn more about the latest definitions for Windows and
various other Microsoft products. There’s also lots of information about
malware as well as lists of protection software and resources.
5. Troubleshooting Windows Defender
As with all programs associated with computers, you can
sometimes have problems getting Windows Defender to work. The single
most common problem with Windows Defender is it not starting at all. If
this happens, you must make sure that you have enabled Windows Defender
to run on the computer. To check this setting, open the Action Center in
the Control Panel by clicking “Review your computer’s status” under
System and Security. Click Security to reveal current security settings.
Under Spyware and unwanted software protection, make sure that Windows
Defender protection is on.
If you do not see this listing, you will see “Windows Defender is turned off” and a button labeled
“Turn on now.” Click the button to turn on the Windows Defender feature
and allow the program to scan the computer for spyware or malware
infections. You will then see an “On” entry, showing that the feature is
enabled on the computer.
If you have problems turning on the Windows Defender feature, or
if you receive an error stating that the Windows Defender service was
unable to start, you can troubleshoot using Computer Management. To open Computer Management, click
the Start button, right-click on the Computer icon, and then select
Manage from the context menu provided.
Once you’ve opened Computer Management, click the Services and
Applications node and then double-click Services. In the Services view,
scroll down on the right side of the window until you see Windows
Defender. Double-click the entry to view the properties of this service,
as shown in Figure 12.
If the service status is not listed as Started, click the Start button
to start the service. If the Start button is dimmed, click the Stop
button and then click the Start button. While you are working with the
Windows Defender service, ensure that the “Startup type” is set to Automatic (Delayed Start).
Figure 12. Checking the status and startup type of the service
If you still cannot get the service to work correctly, you can
check the event logs for additional information. In Computer Management,
expand the Event Viewer node by double-clicking it, do the same with the
Windows Logs node, and then select the System log. Look for stop errors
for Windows Defender. If the stop error lists an unauthorized account
that is preventing the service from starting, access the Logon tab of
the Properties dialog box for the Windows Defender service and verify
that the “Log on as” option is set to “Local system account.” If it
isn’t, select this option and then click Start on the General tab to
start the service.
If you still cannot start the service, you can visit http://support.microsoft.com and enter the information
from the Event Viewer as your search parameters to help you determine
the source of the problem. Try using the Event ID number or error text
as the search text. Usually you can find information on Microsoft’s
support pages to help identify existing problems and resolutions for
errors on your computer. Other available options include checking for
updates to Windows Defender on Microsoft’s website, or even reinstalling
Windows Defender using the download link listed at the site. Although
these may not be the most appealing options, they do work from time to
If you continue to have problems getting Windows Defender to work
correctly, you may need to run an antivirus program on the computer to
determine if a computer file was corrupted, or you may need to contact a
computer service company. Calling in a professional support
representative is the most expensive option. Professional support would
also be the last-ditch effort to fix the problem.