How to get started with Microsoft Defender Antivirus on Windows 11

How-to
By Mauro Huculak
last updated

If you're new to the Microsoft Defender Antivirus, use this guide to learn everything you need to manage the security feature to protect your computer.

Microsoft Defender Antivirus
Microsoft Defender Antivirus (Image credit: Future)
Jump to:

Microsoft Defender Antivirus is the default anti-malware application on every Windows 11 installation, designed to protect your computer and file from a wide range of security threats, such as viruses, spyware, ransomware, and hackers. 

The antivirus runs automatically in the background, constantly scanning, detecting, and removing unwanted threats. However, users can also customize the application according to their preferences, such as performing manual scans, including offline scans to remove tricky viruses. Additionally, you can turn off real-time protection and enable extra layers of security, such as anti-ransomware protection and periodic scanning.

In this how-to guide, I will walk you through the steps to start managing settings and using the features available on Microsoft Defender Antivirus on Windows 11.

How to install update definitions on Defender Antivirus

To update the definition of the Microsoft Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Virus & threat protection updates" section, click the protections updates option.

(Image credit: Mauro Huculak)
  1. Click the "Check for updates" button.

(Image credit: Future)

Once you complete the steps, antivirus signature updates will download and install automatically to scan, detect, and remove the latest threats.

The antivirus usually downloads updates automatically, but sometimes, checking manually before proceeding with a manual scan might still be necessary.

How to scan for malware on Defender Antivirus

Windows 11 automatically scans your computer for malware using the Microsoft Defender Antivirus. However, if you suspect the device may be infected, you can use the available options to perform a scan manually.

Quick Scan

A quick scan takes the least amount of time because it only scans the locations where malware is more likely to hide.

To perform a quick scan with the Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Current threats" section, click the Scan options setting.

(Image credit: Future)
  1. Select the Quick scan option.
  2. Click the Scan now button.

(Image credit: Future)

After you complete the steps,  under the "Current threats" section on the main page, you can review if the antivirus found any threats.

If you think the malware is still on the device, you should perform a full virus scan.

Full Scan

A full scan takes the longest because, as the name implies, it scans all the locations on the hard drive.

To perform a full scan with the Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Current threats" section, click the Scan options setting.

(Image credit: Mauro Huculak)
  1. Select the Full scan option.
  2. Click the Scan now button.

(Image credit: Mauro Huculak)

Once you complete the steps, the anti-malware will try to detect any virus that may have infected the system. 

Custom Scan

A custom scan allows you to scan a particular section of the main drive or external storage. Usually, you would use this feature to check an external USB drive, flash drive, or a specific file you downloaded from the internet.

To perform a custom scan with the Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Current threats" section, click the Scan options setting.

(Image credit: Mauro Huculak)
  1. Select the Custom scan option.

(Image credit: Mauro Huculak)
  1. Choose the folder or drive location.
  2. Click the Select Folder button.

After you complete the steps, the location specified location will be scanned for malware. Alternatively, you can browse to the location, right-click the drive, folder, or file, click "Show more options," and choose the "Scan with Microsoft Defender" option.

How to exclude scan locations on Defender Antivirus

If you want to prevent the antivirus from scanning a particular folder or file, you can add and remove scanning locations.

To prevent the Microsoft Defender Antivirus from scanning specific locations, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Virus & threat protection settings" section, click the Manage settings option.

(Image credit: Mauro Huculak)
  1. Under the "Exclusion" section, click the "Add or remove exclusions" option.

(Image credit: Mauro Huculak)
  1. Select the exclusion type:
  • File.
  • Folder.
  • File type.
  • Process.

(Image credit: Mauro Huculak)
  1. Select the folder location.
  2. Click the Select Folder button.

Once you complete the steps, the Defender Antivirus will not scan your specified location. You may need to repeat the steps to add more exclusions.

How to perform offline malware scan on Defender Antivirus

On Windows 11, you may sometimes come across complex malware that the antivirus may not be able to remove while the system is running. In this case, you can perform an offline scan. When activating this feature, the computer will restart and go into the Windows Recovery Environment (WinRE) to perform a scan while the system is offline. 

To perform an offline scan with the Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Current threats" section, click the Scan options setting.

(Image credit: Mauro Huculak)
  1. Select the "Microsoft Defender Antivirus (offline scan)" option.
  2. Click the Scan now button.

(Image credit: Future)

Once you complete the steps, the offline version of the antivirus will scan the device, and it will remove or quarantine any detection automatically.

After the scan is complete, the Microsoft Defender Antivirus will save the report, which you can review through the Windows Security app, and then the computer will restart automatically.

How to view scan malware history on Defender Antivirus

Whether you recently performed a virus scan or want to view recent protection actions, the Microsoft Defender Antivirus also includes a page where you can review the protection history and recommendations.

To view the protection history of the Microsoft Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Current threats" section, click the Protection history option.

(Image credit: Mauro Huculak)
  1. Click the "Filters" drop-down menu and select the history you want to review, including:
  • Recommendations.
  • Quarantined items.
  • Cleaned items.
  • Blocked actions.
  • Severity.
  1. Select the item to view more information, including malware type, severity level, detection date, category, and information about the item's location.

After you complete the steps, the page will show you a report of the protection history.

How to allow threats on Defender Antivirus

Sometimes, the antivirus may detect an application or file as a threat when you know it comes from a trusted source. If this happens, the application includes an option to allow the threat.

To allow a threat on the Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Current threats" section, click the Allow threats option.

(Image credit: Mauro Huculak)
  1. Select the app or file you want to prevent the application from blocking.
  2. Check the "Allow on the device" option.

Once you complete the steps, the device will allow the threat. You may also view the item under the "Current threats" section on the Microsoft Defender Antivirus page.

How to temporarily disable Defender Antivirus

If the Microsoft Defender Antivirus prevents an app installation or another action, you can temporarily turn off the antivirus to complete the task. 

To disable the Microsoft Defender Antivirus temporarily on Windows 11, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Virus & threat protection settings" section, click the manage settings option.

(Image credit: Mauro Huculak)
  1. Turn off the "Real-time protection" toggle switch.

(Image credit: Mauro Huculak)

After you complete the steps, the antivirus will temporarily disable its protection to install apps or make specific system changes without conflicts.

Once the computer restarts, the antivirus will be enabled again automatically. Or you can use the instructions outlined above, but in step 5, turn on the "Real-time protection" toggle switch.

If you want to disable the Microsoft Defender Antivirus permanently, you can refer to these instructions.

How to enable ransomware protection on Defender Antivirus

Microsoft Defender Antivirus is a sophisticated anti-malware solution with ransomware protection known as "Controlled folder access." When this feature is enabled, it monitors and protects your data against ransomware attacks and unwanted changes from malicious applications.

However, since this feature can cause false positives, it's something that you must enable manually.

To enable Windows 11's anti-ransomware feature, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Virus & threat protection settings" section, click the Manage settings option.

(Image credit: Mauro Huculak)
  1. Under the "Controlled folder access" section, click the "Manage Controlled folder access" option.

(Image credit: Mauro Huculak)
  1. Turn on the "Controlled folder access" toggle switch. 

(Image credit: Mauro Huculak)
  1. Click the Block history option to access the "Protection history" page to view blocked folder access.
  2. (Optional) Click the Protected folders option to add (or remove) additional protected folders.
  3. (Optional) Click the "Allow an app through Controlled folder access" option to allow apps you trust to make changes to the protected folders.

After you complete the steps, the feature will monitor apps trying to change files in the protected folders. If the app is flagged as malicious or unknown, Controlled folder access will block the attempt, and you'll receive an activity alert.

If your computer gets compromised, you may be able to recover the files from your OneDrive account (if previously configured).

How to disable tamper protection on Defender Antivirus

Tamper Protection is a feature of the Microsoft Defender Antivirus that protects the Windows Security app from unwanted changes not made directly from the application.

Usually, you want to leave this feature enabled since it adds an extra layer of protection. However, if it's causing problems when you have to manage settings from another app, Command Prompt, or PowerShell, you can turn it off.

To turn off tamper protection on the Microsoft Defender Antivirus, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Under the "Virus & threat protection settings" section, click the Manage settings option.

(Image credit: Mauro Huculak)
  1. Turn off the Tamper Protection toggle switch.

(Image credit: Mauro Huculak)

Once you complete the steps, the Tamper Protection feature will be disabled, allowing you to make setting changes from another application.

If you no longer need to change settings, it's best to enable the feature again. You can do this using the same instructions, but in step 5, turn on the "Tamper Protection" toggle switch.

How to enable periodic scanning on Defender Antivirus

Microsoft Defender Antivirus also has a "periodic scanning" feature that is only available if you have a third-party antivirus installed on your computer.

If you have a third-party antivirus, you can enable this feature to periodically scan and remove threats that other security applications may have missed. 

In other words, if you have another antivirus, Microsoft Defender Antivirus can turn on periodically to perform another scan to ensure that your other antivirus hasn't missed anything.

To enable periodic scanning on Windows 11, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.
  4. Click the "Microsoft Defender Antivirus options" setting.
  5. Turn on the Periodic scanning toggle switch.

(Image credit: Mauro Huculak)

After you complete the steps, Microsoft Defender Antivirus will remain off, allowing third-party security software to monitor your system. However, periodically, it'll turn on again to perform a secondary scan.

More resources

For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources:

Mauro Huculak
Mauro Huculak

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.