Windows Defender Is More Powerful Than You Think

Windows Security (formerly Windows Defender) comes pre-installed on every Windows 10 and 11 PC. Most users leave it at default settings and never look deeper. That's a missed opportunity — several powerful security features are either disabled by default or buried in menus that most people never open.

Here's a walkthrough of the settings worth enabling.

1. Turn On Ransomware Protection (Controlled Folder Access)

This feature blocks untrusted apps from modifying files in protected folders. It's off by default and one of the most underused protections on Windows.

  1. Open Windows Security (search for it in the Start menu).
  2. Go to Virus & threat protection → Ransomware protection.
  3. Toggle Controlled folder access to On.
  4. Click Protected folders to add any additional folders you want guarded.

Note: Some legitimate apps may get blocked. You can whitelist them under Allow an app through Controlled folder access.

2. Enable Cloud-Delivered Protection & Automatic Sample Submission

These features allow Windows Defender to cross-reference suspicious files against Microsoft's cloud threat database in real time — catching threats faster than local definitions alone.

  • Go to Virus & threat protection → Manage settings.
  • Ensure both Cloud-delivered protection and Automatic sample submission are toggled On.

3. Turn On Tamper Protection

Tamper Protection prevents malicious software (and unauthorized users) from disabling Windows Security features. It's usually on by default but worth verifying.

  • Under Virus & threat protection → Manage settings, scroll down to find Tamper Protection.
  • Make sure it's set to On.

4. Configure App & Browser Control

This section manages SmartScreen, which warns you about potentially malicious apps and websites.

  • Open Windows Security → App & browser control.
  • Set Check apps and files to Warn or Block.
  • Enable SmartScreen for Microsoft Edge and SmartScreen for Microsoft Store apps.
  • Turn on Potentially unwanted app blocking — this catches adware and bundled junk installers.

5. Review Device Security Options

Head to Windows Security → Device Security to check:

  • Core isolation / Memory integrity: This prevents attackers from injecting malicious code into high-security processes. Enable it if your drivers support it (some older drivers may cause issues).
  • Secure Boot: Ensures only trusted software loads at startup. Check that it's reported as enabled — you may need to verify this in your BIOS/UEFI settings.

6. Schedule Regular Full Scans

Real-time protection catches most threats on contact, but periodic full scans help catch anything that slipped through. Schedule one weekly during off-hours:

  1. Open Task Scheduler (search from Start menu).
  2. Navigate to Task Scheduler Library → Microsoft → Windows → Windows Defender.
  3. Right-click Windows Defender Scheduled Scan and choose Properties.
  4. Under the Triggers tab, add a weekly schedule at a convenient time.

7. Check Firewall Profiles Are Active

Go to Windows Security → Firewall & network protection and confirm the firewall is active for Domain, Private, and Public networks. Never turn it off — even temporarily.

A Stronger Default Than Most Realize

With these settings enabled, Windows Defender provides a genuinely strong security baseline — comparable in many respects to free third-party antivirus solutions. It won't replace best practices like strong passwords and careful downloading habits, but it's a solid, free foundation that every Windows user should fully leverage.