7 Best Windows Defender Settings For Advanced Protection

Better protection is the need of the hour

Reading time icon 7 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

best windows defender settings to enable

Windows Defender Security Center, also collectively known as Windows Security, is the built-in antivirus in Windows. We often compare it with other well-known antivirus solutions, but with the best Windows Defender settings in place, it’s at par with them all!

Is Windows Defender 100% accurate? After conducting extensive tests on its automatic scans, ransomware protection, and firewall, we can say the Windows Defender can detect most threats, but it isn’t 100% accurate. And there’s no need for that as long as you practice healthy cyber hygiene.

Let’s now get to the steps to boost the PC’s security with the best Windows Defender settings!

What are the best Windows Defender settings?

We are listing the best Windows Defender settings after rigorous tests on ten different devices running Windows 10 and Windows 11 (5 each). Our experts tried downloading malicious apps and files to verify the effectiveness of each built-in setting.

Below, you will find what the feature does, the steps to enable it, and tips for optimal results.

1. Real-time Protection

  1. Open Windows Security, and then click on Virus & threat protection.virus & threat protection
  2. Click on Manage settings under Virus & threat protection settings.
  3. Enable the toggle for Real-time protection.real-time protection is one of the best windows defender settings

The most vital of all, Real-time protection, ensures that no malware runs on the device. It blocks all malicious activity, prevents suspicious apps from installing, and keeps your Windows PC safe.

Remember, it’s not recommended that you disable Real-time protection. Even if you do, it will automatically turn on in a while. Besides, an active status of the feature is critical for enabling other Windows Defender settings.

2. Controlled folder access

2.1 Enabling the feature

  1. In Windows Security, click on Virus & threat protection.
  2. Click on Manage ransomware protection.manage ransome protection
  3. Enable the toggle for Controlled folder access.controlled folder access is one of the best windows defender settings

2.2 Viewing and adding protected folders

  1. In the Controller folder access settings, click on Protected folders.protected folders
  2. Click Yes in the UAC prompt.
  3. You will find the following Windows system folders protected by default:
    • Documents
    • Pictures
    • Videos
    • Music
  4. To include another one, click the Add a protected folder option.add a protected folder
  5. Navigate to the one you want to protect, choose it, and then click on Select folder.select folder

2.3 Allowing an app through Controlled folder access

  1. Click on Allow an app through Controlled folder access.
  2. Click Yes in the UAC prompt.
  3. Now, click Add an allowed app, and then select Recently blocked apps from the menu.add app
  4. Click the + icon before the affected app. If it’s not listed here, click on Browse all apps, select the app launcher (.exe file), and then manually add it.allow

Another one of the best Windows Defender settings is Controlled folder access. It prevents unfriendly apps from making changes to critical folders and memory areas. For the feature to work, you must have Real-time protection enabled.

Also, you can add as many to the list of protected folders, but removing protection from a Windows system folder (added by default) is not possible.

Besides, we came across a few cases where Controlled folder access conflicted with safe and verified apps, such as when Warzone settings were not saving. In these cases, you can always add an exclusion for the app!

3. Parental controls

In today’s world, where cyber crimes are on the rise, enforcing security mechanisms for children is of prime importance. And Windows Defender allows you to do that for free!

Just add your child’s account to the family, and you can choose a time limit, prevent inappropriate searches, configure an age filter for apps and games, and set the spending limit.

While it is available in Windows Security under Family options, you will have to access the Microsoft Family Safety portal to configure these settings. If you are new to it, learn how to set up family safety.

4. Core isolation

  1. In Windows Security, click on Device security.device security
  2. Click on Core isolation details.
  3. Turn on the toggle for Memory integrity, Kernel-mode Hardware-enforced Stack Protection, and Microsoft Vulnerable Driver blocklist.core isolation best windows defender settings

Core Isolation, one of the best Windows Defender settings, has three sub-settings:

  • Memory Integrity: Protects the core system processes from malicious code insertion or malware attacks,
  • Kernel-mode Hardware-enforced Stack Protection: The feature utilizes virtualization technology to isolate the CPU from the active processes, providing enhanced protection. To turn it on, first enable Memory Integrity.
  • Microsoft Vulnerable Driver Blocklist: Prevents third-party malicious drivers from running on the PC. These drivers are a part of the vulnerable driver blocklist, available on the official website.

Remember, Core Isolation is one of the trickier settings, and enabling it often results in an error. We, too, came across the Resolve any driver incompatibilities and scan again error message. To fix it, review the incompatible drivers and then uninstall the driver responsible for the issue.

Enabling Core Isolation via Registry

If that doesn’t work, press Windows + R to open Run > type regedit > hit Enter > go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity > right-click on the Enabled DWORD > enter 1 under Value data > click OK > restart the PC.

Core Isolation enabled

You should now be able to enable the toggle for Memory Integrity. Do so, and then restart the PC again for the changes to apply.

5. Reputation-based protection

  1. Open Windows Security, and then go to App & browser control.app & browser control
  2. Click on Reputation-based protection settings.
  3. Now, enable the toggle for the following settings:
    • Check files and apps
      SmartScreen of Microsoft Edge
      Phishing protection
      Potentially unwanted app blocking
      SmartScreen for Microsoft Store apps
      settings

Reputation-based protection is a built-in feature in Windows Defender that protects the PC against malicious apps (Potentially Unwanted Applications) and files from the web. It also protects critical sign-in information, including email addresses and passwords.

6. Exploit protection

  1. In Windows Security, click on App and browser control.
  2. Click on Exploit protection settings.exploit protection best windows defender settings
  3. You can now configure the various options under System Settings or go to Program settings and add a program to customize.system settings

Exploit protection safeguards against malware attacks that employ exploits to infect the device. The feature has different settings that can be applied system-wide and for individual apps. If you manually configure mitigation for a specific app, it will override the system settings.

Remember, the best exploit protection settings are already in place. So, it’s not recommended you change them. Also, you can export the exploit protection settings to an XML file to set the same configuration on another device.

7. Firewall and network protection

  1. Open Windows Security, and then go to Firewall & network protection.firewall & network protection
  2. You can now enable or disable the firewall for the Domain network, Private network, and Public network.best windows defender settings
  3. Also, you can allow an app through firewall, run the Network and Internet troubleshooter, configure firewall notification and advanced settings, and restore everything to default.

Windows Defender Firewall, a built-in component of Windows Security, is critical for the security of the device/network. It filters malicious traffic and blocks online cyber-attacks. Again, it’s recommended that you don’t change the default settings unless the firewall is blocking a port or program.

Besides, you can configure the inbound or outbound rules if an app is not running or there are issues with network connectivity, say the firewall is blocking the printer. In our experience, it’s a rare event.

These were the best Windows Defender settings to protect your PC against localized and Internet-based threats.

Lastly, we would like to emphasize that you must not permanently disable Windows Security to run an app or process, no matter what the Internet says. Update the app or contact the developer for a resolution, but never put your PC at risk!

Before you leave, discover the best Windows security settings for enhanced device protection.

For any queries or to share your take on Windows Defender/Security, drop a comment below.

More about the topics: Microsoft Windows Defender

User forum

0 messages