: The National Public Data breach exposed personal information, including names, addresses, and social security numbers. Learn how to protect yourself and how Microsoft Defender is helping to prevent fraud. See: National Public Data breach: What you need to know.
Here are answers to common questions about Microsoft security software, including updates, where to download, and common software errors.
A quick scan looks for viruses and other malware in all the places they are most likely to hide. It’s a good choice when you’re just checking on the health of your PC.
If you think your PC is infected with malware, we recommend a full scan. Your PC might be a little slower while the full scan is running because it looks everywhere for possible problems.
-
Make sure you've updated all of the apps on your PC. See Updating and removing software: FAQ for links to some common apps.
-
You can also try to install the latest definitions, which may be more recent than those offered in your security software.
-
Close any non-essential apps during the scan. Open apps take resources, even ones you're not actively using, and may cause your machine to perform more slowly or unreliably.
If you are still having problems, you can ask for help at the Microsoft virus and malware community.
Partially removed means we were able to clean some of the malware files that were found on your PC but perhaps not all of them.
We'll do our best to clean your PC as much as we can, but with some difficult malware you might need to take some additional steps:
First, run a full scan using the Malicious Software Removal Tool:
-
Open a Run prompt by pressing the Windows Logo Key + R or typing Run in the search box on the taskbar.
-
Type %windir%\system32\mrt.exe and select OK.
: To make it easier, select the command text in step 2 and press CTRL+C to copy, then paste it into the Run box using CTRL+V.
-
If you are prompted to allow the program to make changes to your PC, select Yes.
-
Follow the prompts to scan and clean your PC.
Next, restart your PC and then manually install the latest updates.
If you need more help, follow the steps on our advanced troubleshooting page. In some cases, you may need to use Microsoft Defender Offline.
We recommend that you do not run other antivirus or antispyware products at the same time as Windows Defender.
Using more than one real-time security product can affect your PC's performance. You might also get an error code when you try to update or install, such as 0x80070643.
Microsoft security software protects you against malware, spyware, adware, and other unwanted software; you don't need to install any other real-time antivirus or antispyware software.
If you install our software, you should:
-
Uninstall your previous security software
-
Download and run the Microsoft Safety Scanner to clean any malware from your PC.
You can always download and run our on-demand security scanners, such as the Microsoft Safety Scanner or Microsoft Defender Offline. These scanners can be installed at the same time as any real-time security software because they only run when you've asked them to, or if you've set up scheduled scans.
To enable or disable Microsoft Defender Antivirus:
-
Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.
-
Under Virus & threat protection settings, select Manage settings.
-
Under Real-time protection, change the setting to On or Off.
-
For optimal protection, turn on the settings for Cloud-delivered protection and Automatic sample submission.
Microsoft Defender Antivirus comes built-in to Windows 10 and Windows 11. You can turn off Microsoft Defender Antivirus if you decide to use a different security product.
: Your device will be vulnerable to malware if you disable Microsoft Defender Antivirus and don’t have another security product.
If you don't have another security product, or it is expired, Microsoft Defender Antivirus will automatically turn on. You can also enable it manually if you don't already have a security product installed and working.
Microsoft Defender for Endpoint is a product for businesses and enterprises that help protect corporate devices. It shares many of the same features and capabilities included with Windows Security. To learn more about Microsoft Defender for Endpoint see the Microsoft Defender for Endpoint page.
Updates should install automatically as part of Windows Update. For more information go to the Microsoft antimalware updates page.
Generally, you don’t need to do anything as the security software will clean the infection for you.
If unwanted software has been found on your device, you may be asked to choose what to do next. When this happens you will see a message in the bottom corner of your screen, where you can choose to select Clean computer or Show details.
If you choose Clean computer, the file is removed.
The Show details button lets you choose to either remove, quarantine, or allow the file.
Every threat is given an alert level to help you decide what to do.
This depends on how much you know about the file that has been detected.
-
Remove deletes the file from your PC.
-
Quarantine moves the file to a safe location and blocks it so it can't run.
-
Allow adds the file to an allowed list and lets it run on your PC.
If you allow a file you won’t get any more alerts about it. Only allow a file if you trust the software and the software publisher.
In Windows 10 and above:
-
Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.
-
Under Current threats, select Threat history.
-
Under Quarantined threats, select See full history.
Once you have reviewed the quarantined items you can:
-
Select Remove all to delete all quarantined software.
-
Select individual files, and then select Remove or Restore. Restore will move the file out of quarantine, back to its original location where you may choose to run it again.
-
Select Quarantined items and then View details. You might be asked for an admin password or to confirm your choice.
Most files detected by Microsoft security software are quarantined. This means the file is moved and stopped from running or doing anything to your PC.
A quarantined file does not pose any risk to your PC. You can leave a file in quarantine for as long as you like.
Alert levels help you choose what to do when unwanted software is found on your PC.
Microsoft uses four alert levels:
-
Severe—widespread or highly dangerous malware that can affect your privacy and damage your PC.
-
High—programs that can collect your personal information or make changes to your PC.
-
Medium—programs that might affect your privacy or change the way your PC behaves.
-
Low—unwanted software that might collect information about you or your PC or change how your PC works.
Alert levels help you understand how dangerous a threat could be and decide what to do next.
To force a scan of a removable drive:
-
Open File Explorer.
-
Rick-click the removable drive.
-
Select Scan or Scan with <your security software's name>.
To always scan removable drives when you do a full scan:
-
Open your Microsoft security software.
-
Go to the Settings tab.
-
In the Advanced section, select the Scan removable drives check box.
-
Click Save changes. Whenever you do a full scan, all removable drives will also be scanned.
You can choose to exclude files from scanning if you know they are completely safe.
You should only do this for files you know are absolutely clean—if you are getting repeated warnings about a threat, first you should update your security software, and then check for any other important information about it in the malware encyclopedia.
Be careful—any files that you exclude will not be scanned, which could leave you open to infection. Only exclude files if you are absolutely sure they are not infected.
To exclude a file from scanning:
-
Go to Start and type Security.
-
Select Windows Security from the results
-
Go to the Virus & threat protection > Virus & threat protection settings > Add or remove exclusions.
-
Select Add an exclusion and follow the steps to set up an exclusion for a file, folder, file type or process.
For more information see What are exclusions in Windows Security?
Your security software uses definitions to identify threats. They're a set of known patterns or behaviors that your security software compares software it scans to in order to determine if a file might be a threat.
Definitions are also known as security intelligence, signatures, DAT files, pattern files, identity files, or antivirus databases.
Microsoft Defender automatically gets new security intelligence through Windows Update. You can manually force it to check for new security intelligence. On the Virus & threat protection page, under Virus & threat protection updates, select Check for updates to check for the latest security intelligence.
Go to the change log page.
You might not be able to update because:
-
Malware has disabled your antivirus software.
-
Malware has made changes to your PC so you can’t access the internet or security-related websites.
-
There are other problems with Windows update.
-
You're using a version of Windows that's no longer supported and not getting updates. For more information, see What does it mean if Windows isn't supported?
To resolve this, try manually installing the latest updates. If you still can’t update, go to our advanced troubleshooting page for more help.
Go to these sites for more help:
If you suspect a file includes malware or unwanted software you can submit it to us for analysis.