Protect your files with controlled folder access
All Windows PCs use Microsoft’s antivirus by default. Unless you’ve installed a different antivirus program on your Windows 11 or Windows 10 PC, your PC is using it right now. The good news is that Microsoft’s Defender antivirus is designed to “just work” without a lot of tweaking and it has sensible defaults. But there are still a variety of settings you may want to change in your PC’s built-in antivirus program.
Here’s one setting you no longer need to change: Windows Defender now blocks “potentially unwanted apps” (PUAs) out of the box. Spyware, adware, and other junk you probably don’t want installed is blocked automatically — you no longer have to flip a switch to activate that additional protection.
Turn off unnecessary notifications
While Microsoft Defender normally gets out of your way and does its job quietly, there’s one unnecessary thing it bothers you about. Defender tries to perform a full system scan in the background once a day — when you’re not using your computer. After a successful scan, it will send you notification a telling you “No new threats were found.”
Clearly, Microsoft wants you to know Defender is doing something. But do you really need to be interrupted by a popup telling you everything is fine? I don’t think so.
Ditch the system tray icon — especially the second one
The Windows Defender antivirus comes with a blue, shield-shaped system tray icon to let you know it’s running. That’s fine, but it’s extra clutter you don’t really need if you don’t want it.
Worse yet, if you subscribe to Microsoft 365, you may end up with two blue shield-shaped icons in your system tray. You’ll get one for Windows Security, which is built into Windows itself, and one for Microsoft Defender, which is part of Microsoft 365.
Set up exclusions to speed things up
Most PC users won’t need to set up exclusions in Windows Defender or any other antivirus program. But, if you do have the kind of workload that benefits from setting up exclusions, this will be the most important setting to change in this entire list.
Defender and other antimalware tools perform real-time scanning of the files you use on your PC. This is normally pretty fast, and modern antivirus tools don’t slow things down much on a modern PC with a typical workload. When we benchmark PCs here at PCWorld, we always run our benchmarks with Windows Defender enabled. After all, that’s the default.
Consider whether core isolation is right for your PC
The Windows Security app has lots of other interesting security settings you may want to experiment with. I recommend launching the “Windows Security” app from your Start menu and poking around a little.
One controversial setting that Microsoft includes in the Windows Security interface — which isn’t quite a Windows Defender feature, but is something the Windows Security app will bug you to activate on your PC — is core isolation. Core isolation uses hardware virtualization features offered by your CPU to isolate system processes from the rest of your PC. With its memory integrity feature, it can better protect system processes from malware during an attack on your PC.
Prefer another antivirus? You don’t need to turn off Defender
Windows Defender is a capable antivirus tool that works well without much configuration. That’s one of the best things about it.
Even if you prefer another antivirus program, you don’t need to turn off Microsoft’s Defender antivirus. After you install another antivirus program, Defender will notice you’re using another antivirus and stop its real-time scanning. If you uninstall that other antivirus program, Defender will leap back into action.
