deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Windows Security updates

Browse Source
This commit is contained in:
Vinay Pamnani (from Dev Box) 2025-04-15 14:07:33 -06:00
parent d25603c790
commit 740603e595
10 changed files with 105 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
View File

@ -1,7 +1,7 @@
---
title: Account protection in Windows Security
description: Use the Account protection section to manage security for your account and sign in to Microsoft.
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -19,10 +19,8 @@ You can also choose to hide the section from users of the device, if you don't w
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
You can only configure these settings by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@ -31,6 +29,6 @@ You can only configure these settings by using Group Policy.
1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)

20
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
View File

@ -1,7 +1,7 @@
---
title: App & browser control in Windows Security
description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -11,31 +11,27 @@ The **App and browser control** section contains information and settings for Wi
In Windows 10, version 1709 and later, the section also provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. IT administrators can get more information at [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection).
You can also choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
You can also choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
## Prevent users from making changes to the Exploit protection area in the App & browser control section
You can prevent users from modifying settings in the Exploit protection area. The settings are either greyed out or don't appear if you enable this setting. Users still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options are separately.
You can only prevent users from modifying Exploit protection settings by using Group Policy.
You can prevent users from modifying settings in the Exploit protection area. The settings are either grayed out or don't appear if you enable this setting. Users still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options are separately.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
2. In the **Group Policy Management Editor**, go to **Computer configuration**, select **Policies** and then **Administrative templates**.
3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
4. Open the **Prevent users from modifying settings** setting and set it to **Enabled**. Select **OK**.
4. Select the **Prevent users from modifying settings** setting and set it to **Enabled**. Select **OK**.
5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
## Hide the App & browser control section
You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
This section can be hidden only by using Group Policy.
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
@ -44,6 +40,6 @@ This section can be hidden only by using Group Policy.
5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)

8
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
View File

@ -1,7 +1,7 @@
---
title: Customize Windows Security contact information in Windows Security
description: Provide information to your users on how to contact your IT department when a security issue occurs
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -33,10 +33,6 @@ There are two stages to using the contact card and customized notifications. Fir
1. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Select **OK**.
> [!NOTE]
> This can only be done in Group Policy.
1. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Select **OK**.
1. After you enable the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Select **OK**.
@ -57,4 +53,4 @@ To enable the customized notifications and add the contact information in Intune
- [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings).
> [!IMPORTANT]
> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you don't specify the contact name and a contact method, the contact card isn't visible, and notifications aren't customized.

12
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
View File

@ -1,7 +1,7 @@
---
title: Device & performance health in Windows Security
description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -10,16 +10,14 @@ ms.topic: how-to
The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine.
This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
## Hide the Device performance & health section
You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
This section can be hidden only by using Group Policy.
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@ -28,6 +26,6 @@ This section can be hidden only by using Group Policy.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)

12
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
View File

@ -1,7 +1,7 @@
---
title: Device security in Windows Security
description: Use the Device security section to manage security built into your device, including Virtualization-based security.
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -9,14 +9,14 @@ ms.topic: how-to
The **Device security** section contains information and settings for built-in device security.
You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
## Hide the Device security section
You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side. You can hide the device security section by using Group Policy only.
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
> [!IMPORTANT]
> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
@ -25,7 +25,7 @@ You can choose to hide the entire section by using Group Policy. The section won
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
@ -34,7 +34,7 @@ You can choose to hide the entire section by using Group Policy. The section won
If you don't want users to be able to select the **Clear TPM** button in **Windows Security**, you can disable it.
> [!IMPORTANT]
> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.

10
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
View File

@ -1,7 +1,7 @@
---
title: Family options in Windows Security
description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -15,12 +15,10 @@ This section can be hidden from users of the machine. This option can be useful
## Hide the Family options section
You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
This section can be hidden only by using Group Policy.
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@ -29,6 +27,6 @@ This section can be hidden only by using Group Policy.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)

12
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
View File

@ -1,7 +1,7 @@
---
title: Firewall and network protection in Windows Security
description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -9,16 +9,14 @@ ms.topic: how-to
The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Firewall and any other non-Microsoft firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Firewall with Advanced Security documentation library](../../network-security/windows-firewall/index.md).
This section can be hidden from users of the machine. This information is useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
This section can be hidden from users of the machine. This information is useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
## Hide the Firewall & network protection section
You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
This section can be hidden only by using Group Policy.
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the Group Policy Management Console. Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@ -27,6 +25,6 @@ This section can be hidden only by using Group Policy.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)

114
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
View File

@ -1,7 +1,7 @@
---
title: Hide notifications from Windows Security
description: Prevent Windows Security notifications from appearing on user endpoints
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
@ -9,7 +9,7 @@ ms.topic: how-to
**Windows Security** is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
In some cases, it may not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the users in your organization.
In some cases, it might not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the users in your organization.
There are two levels to hiding notifications:
@ -18,16 +18,12 @@ There are two levels to hiding notifications:
If you set **Hide all notifications** to **Enabled**, changing the **Hide non-critical notifications** setting has no effect.
You can only use Group Policy to change these settings.
## Use Group Policy to hide noncritical notifications
You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Windows Update for Business reports or Microsoft Configuration Manager reporting).
These notifications can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. Download the latest [Administrative Templates (.admx) for Windows 10, v2004](https://www.microsoft.com/download/101445).
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
@ -38,20 +34,14 @@ These notifications can be hidden only by using Group Policy.
## Use Group Policy to hide all notifications
You can hide all notifications that are sourced from **Windows Security**. This option may be useful if you don't want users of the machines from inadvertently modifying settings, running antivirus scans, or otherwise performing security-related actions without your input.
These notifications can be hidden only by using Group Policy.
You can hide all notifications that are sourced from **Windows Security**. This option might be useful if you don't want users of the machines from inadvertently modifying settings, running antivirus scans, or otherwise performing security-related actions without your input.
> [!IMPORTANT]
> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**.
> [!NOTE]
> For Windows 10 version 2004 and above the path would be **Windows components > Windows Security > Notifications**.
1. Expand the tree to **Windows components > Windows Security > Notifications**.
1. Open the **Hide all notifications** setting and set it to **Enabled**. Select **OK**.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
@ -72,49 +62,49 @@ These notifications can be hidden only by using Group Policy.
## Notifications
| Purpose | Notification text | Toast Identifier | Critical? |Notification Toggle|
|---------|------------------|-------------|-----------|---------|
| Network isolation | Your IT administrator has caused Windows Defender to disconnect your device. Contact IT help desk. | SENSE_ISOLATION | Yes |Firewall and network protection notification|
| Network isolation customized | _Company name_ has caused Windows Defender to disconnect your device. Contact IT help desk _phone number_, _email address_, _url_. | SENSE_ISOLATION_CUSTOM (body) | Yes |Firewall and network protection notification|
| Restricted access | Your IT administrator has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION | Yes |Firewall and network protection notification|
| Restricted access customized | _Company_ has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION_CUSTOM (body) | Yes |Firewall and network protection notification|
| HVCI, driver compat check fails (upon trying to enable) | There may be an incompatibility on your device. | HVCI_ENABLE_FAILURE | Yes |Firewall and network protection notification|
| HVCI, reboot needed to enable | The recent change to your protection settings requires a restart of your device. | HVCI_ENABLE_SUCCESS | Yes |Firewall and network protection notification|
| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes |Virus & threat protection notification|
| Remediation failure | Microsoft Defender Antivirus couldn't completely resolve potential threats. | CLEAN_FAILED | Yes |Virus & threat protection notification|
| Follow-up action (restart & scan) | Microsoft Defender Antivirus found _threat_ in _file name_. Restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes |Virus & threat protection notification|
| Follow-up action (restart) | Microsoft Defender Antivirus found _threat_ in _file_. Restart your device. | WDAV_REBOOT | Yes |Virus & threat protection notification|
| Follow-up action (Full scan) | Microsoft Defender Antivirus found _threat_ in _file_. Run a full scan of your device. | FULLSCAN_REQUIRED | Yes |Virus & threat protection notification|
| Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes |Virus & threat protection notification|
| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won't be supported, and your device might be at risk. | SUPPORT_ENDING | Yes |Virus & threat protection notification|
| OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes |Virus & threat protection notification|
| Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No |Virus & threat protection notification|
| Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No |Virus & threat protection notification|
| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus didn't find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |Virus & threat protection notification|
| Summary notification, **no** items found, no scans | Microsoft Defender Antivirus didn't find any threats since your last summary. | RECAP_NO_THREATS | No |Virus & threat protection notification|
| Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No |Virus & threat protection notification|
| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
| Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No |Virus & threat protection notification|
| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device. You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
| Long running BaFS | Your IT administrator requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
| Long running BaFS customized | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
| Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No |Firewall and network protection notification|
| Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
| Ransomware specific detection | Microsoft Defender Antivirus has detected threats, which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No |Virus & threat protection notification|
| ASR (HIPS) block | Your IT administrator caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED | No |Firewall and network protection notification|
| ASR (HIPS) block customized | _Company_ caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
| CFA (FolderGuard) block | Controlled folder access blocked _process_ from making changes to the folder _path_ | FOLDERGUARD_BLOCKED | No |Firewall and network protection notification|
| Network protect (HIPS) network block customized | _Company_ caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
| Network protection (HIPS) network block | Your IT administrator caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED | No |Firewall and network protection notification|
| PUA detection, not blocked | Your settings cause the detection of any app that might perform unwanted actions on your computer. | PUA_DETECTED | No |Firewall and network protection notification|
| PUA notification | Your IT settings caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED | No |Firewall and network protection notification|
| PUA notification, customized | _Company_ caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
| Network isolation ended | | | No |Firewall and network protection notification|
| Network isolation ended, customized | | | No |Firewall and network protection notification|
| Restricted access ended | | | No |Firewall and network protection notification|
| Restricted access ended, customized | | | No |Firewall and network protection notification|
| Dynamic lock on, but bluetooth off | | | No |Account protection notification|
| Dynamic lock on, bluetooth on, but device unpaired | | | No |Account protection notification|
| Dynamic lock on, bluetooth on, but unable to detect device | | | No |Account protection notification|
| NoPa or federated no hello | | | No |Account protection notification|
| NoPa or federated hello broken | | | No |Account protection notification|
| Purpose | Notification text | Toast Identifier | Critical? | Notification Toggle |
|---------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------|-----------|----------------------------------------------|
| Network isolation | Your IT administrator has caused Windows Defender to disconnect your device. Contact IT help desk. | SENSE_ISOLATION | Yes | Firewall and network protection notification |
| Network isolation customized | _Company name_ has caused Windows Defender to disconnect your device. Contact IT help desk _phone number_, _email address_, _url_. | SENSE_ISOLATION_CUSTOM (body) | Yes | Firewall and network protection notification |
| Restricted access | Your IT administrator has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION | Yes | Firewall and network protection notification |
| Restricted access customized | _Company_ has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION_CUSTOM (body) | Yes | Firewall and network protection notification |
| HVCI, driver compat check fails (upon trying to enable) | There may be an incompatibility on your device. | HVCI_ENABLE_FAILURE | Yes | Firewall and network protection notification |
| HVCI, reboot needed to enable | The recent change to your protection settings requires a restart of your device. | HVCI_ENABLE_SUCCESS | Yes | Firewall and network protection notification |
| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes | Virus & threat protection notification |
| Remediation failure | Microsoft Defender Antivirus couldn't completely resolve potential threats. | CLEAN_FAILED | Yes | Virus & threat protection notification |
| Follow-up action (restart & scan) | Microsoft Defender Antivirus found _threat_ in _file name_. Restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes | Virus & threat protection notification |
| Follow-up action (restart) | Microsoft Defender Antivirus found _threat_ in _file_. Restart your device. | WDAV_REBOOT | Yes | Virus & threat protection notification |
| Follow-up action (Full scan) | Microsoft Defender Antivirus found _threat_ in _file_. Run a full scan of your device. | FULLSCAN_REQUIRED | Yes | Virus & threat protection notification |
| Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes | Virus & threat protection notification |
| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won't be supported, and your device might be at risk. | SUPPORT_ENDING | Yes | Virus & threat protection notification |
| OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes | Virus & threat protection notification |
| Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No | Virus & threat protection notification |
| Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No | Virus & threat protection notification |
| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus didn't find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No | Virus & threat protection notification |
| Summary notification, **no** items found, no scans | Microsoft Defender Antivirus didn't find any threats since your last summary. | RECAP_NO_THREATS | No | Virus & threat protection notification |
| Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No | Virus & threat protection notification |
| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No | Virus & threat protection notification |
| Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No | Virus & threat protection notification |
| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device. You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No | Virus & threat protection notification |
| Long running BaFS | Your IT administrator requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS | No | Firewall and network protection notification |
| Long running BaFS customized | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No | Firewall and network protection notification |
| Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No | Firewall and network protection notification |
| Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No | Firewall and network protection notification |
| Ransomware specific detection | Microsoft Defender Antivirus has detected threats, which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No | Virus & threat protection notification |
| ASR (HIPS) block | Your IT administrator caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED | No | Firewall and network protection notification |
| ASR (HIPS) block customized | _Company_ caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED_CUSTOM (body) | No | Firewall and network protection notification |
| CFA (FolderGuard) block | Controlled folder access blocked _process_ from making changes to the folder _path_ | FOLDERGUARD_BLOCKED | No | Firewall and network protection notification |
| Network protect (HIPS) network block customized | _Company_ caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED_CUSTOM (body) | No | Firewall and network protection notification |
| Network protection (HIPS) network block | Your IT administrator caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED | No | Firewall and network protection notification |
| PUA detection, not blocked | Your settings cause the detection of any app that might perform unwanted actions on your computer. | PUA_DETECTED | No | Firewall and network protection notification |
| PUA notification | Your IT settings caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED | No | Firewall and network protection notification |
| PUA notification, customized | _Company_ caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED_CUSTOM (body) | No | Firewall and network protection notification |
| Network isolation ended | | | No | Firewall and network protection notification |
| Network isolation ended, customized | | | No | Firewall and network protection notification |
| Restricted access ended | | | No | Firewall and network protection notification |
| Restricted access ended, customized | | | No | Firewall and network protection notification |
| Dynamic lock on, but bluetooth off | | | No | Account protection notification |
| Dynamic lock on, bluetooth on, but device unpaired | | | No | Account protection notification |
| Dynamic lock on, bluetooth on, but unable to detect device | | | No | Account protection notification |
| NoPa or federated no hello | | | No | Account protection notification |
| NoPa or federated hello broken | | | No | Account protection notification |

18
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
View File

@ -1,13 +1,13 @@
---
title: Virus and threat protection in Windows Security
description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party antivirus products.
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: how-to
---
# Virus and threat protection
The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party antivirus products. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and non-Microsoft antivirus products. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
IT administrators and IT pros can get more configuration information from these articles:
@ -22,12 +22,10 @@ You can hide the **Virus & threat protection** section or the **Ransomware prote
## Hide the Virus & threat protection section
You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
This section can be hidden only by using Group Policy.
You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@ -36,18 +34,16 @@ This section can be hidden only by using Group Policy.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
## Hide the Ransomware protection area
You can choose to hide the **Ransomware protection** area by using Group Policy. The area won't appear on the **Virus & threat protection** section of **Windows Security**.
This area can be hidden only by using Group Policy.
You can choose to hide the **Ransomware protection** area by using Group Policy. When hidden, this area doesn't appear on the **Virus & threat protection** section of **Windows Security**.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.

30
windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
View File

@ -1,7 +1,7 @@
---
title: Windows Security
description: Windows Security brings together common Windows security features into one place.
ms.date: 06/27/2024
ms.date: 04/15/2025
ms.topic: article
---
@ -15,7 +15,7 @@ This article describes **Windows Security** settings, and provides information o
![Screenshot of the Windows Security showing that the device is protected and five icons for each of the features.](images/security-center-home.png)
> [!NOTE]
> **Windows Security** is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/).
> **Windows Security** is a client interface on Windows 10, version 1703 and later. It isn't the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/).
You can't uninstall **Windows Security**, but you can do one of the following actions:
@ -34,7 +34,7 @@ For more information about each section, options for configuring the sections, a
- [Family options](wdsc-family-options.md), which include access to parental controls along with tips and information for keeping kids safe online.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
>
> ![Windows Security with all sections hidden by group policy.](images/wdsc-all-hide.png)
@ -53,27 +53,18 @@ For more information about each section, options for configuring the sections, a
![Screenshot of Windows Settings showing the different areas available in the Windows Security.](images/settings-windows-defender-security-center-areas.png)
> [!NOTE]
> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Configuration Manager, will generally take precedence over the settings in the Windows Security.
> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Configuration Manager, take precedence over the settings in the Windows Security.
## How Windows Security works with Windows security features
> [!IMPORTANT]
> **Microsoft Defender Antivirus** and **Windows Security** use similarly named services for specific purposes.
>
> The **Windows Security** uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center Service (*wscsvc*). This service makes sure that **Windows Security** provides the most up-to-date information about the protection status on the endpoint. This information includes protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.
> The **Windows Security** uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center Service (*wscsvc*). This service makes sure that **Windows Security** provides the most up-to-date information about the protection status on the endpoint. This information includes protection offered by third-party antivirus products, Windows Firewall, third-party firewalls, and other security protection.
>
> These services don't affect the state of Microsoft Defender Antivirus. Disabling or modifying these services won't disable Microsoft Defender Antivirus. It will lead to a lowered protection state on the endpoint, even if you're using a third-party antivirus product.
> These services don't affect the state of Microsoft Defender Antivirus. Disabling or modifying these services doesn't disable Microsoft Defender Antivirus. It leads to a lowered protection state on the endpoint, even if you're using a third-party antivirus product.
>
> Microsoft Defender Antivirus will be [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
>
> Disabling the Windows Security Center Service won't disable Microsoft Defender Antivirus or [Windows Defender Firewall](../../network-security/windows-firewall/index.md).
> [!WARNING]
> If you disable the Windows Security Center Service, or configure its associated group policy settings to prevent it from starting or running, **Windows Security** may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>
> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>
> This will significantly lower the protection of your device and could lead to malware infection.
> Microsoft Defender Antivirus is [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
**Windows Security** operates as a separate app or process from each of the individual features, and displays notifications through the Action Center.
@ -82,6 +73,11 @@ It acts as a collector or single place to see the status and perform some config
If you disable any of the individual features, it prevents that feature from reporting its status in **Windows Security**. For example, if you disable a feature through group policy or other management tools, such as Microsoft Configuration Manager, **Windows Security** itself still runs and shows status for the other security features.
> [!IMPORTANT]
> If you individually disable any of the services, it won't disable the other services or **Windows Security** itself.
> If you individually disable any of the services, it doesn't disable the other services or **Windows Security** itself.
For example, [using a third-party antivirus disables Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, **Windows Security** still runs, shows its icon in the taskbar, and displays information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
> [!WARNING]
> Disabling the Windows Security Center Service doesn't disable Microsoft Defender Antivirus or [Windows Firewall](../../network-security/windows-firewall/index.md). If you disable the Windows Security Center Service, or configure its associated group policy settings to prevent it from starting or running, **Windows Security** might display stale or inaccurate information about any antivirus or firewall products installed on the device.
>
> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you might have previously installed. This will significantly lower the protection of your device and could lead to malware infection.