7 Essential Tips for Configuring Your Windows 10 and 11 Security Settings

Windows Security features more key settings than you might expect. Learn how to set up your Windows OS for maximum virus, malware, and ransomware protection.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

You may have the common inclination to avoid updating Windows security settings when you’re involved in a project or afraid of slowing down your computer. However, with all of the threats facing computer users today, from ransomware to phishing, it’s important to set aside time to update your Windows security, including Windows internet security settings.

Here are some tips on how to manage your security settings on a PC.

In this article
How to turn on Windows Security
Top 7 Windows Security settings to change in 2024
1. Enable anti-ransomware features
2. Enable Microsoft Defender Firewall
3. Turn on reputation-based protection
4. Enable Exploit protection
5. Turn on Core Isolation
6. Set up parental controls
7. Allow Windows Security notifications
Other Windows Security features and settings
Is Windows Defender the best antivirus software for Windows 10 or 11?
Windows Security settings FAQs
Bottom line

How to turn on Windows Security

The Windows Security app is an essential tool for maximizing protection in Windows 10 or 11.

The Windows Security app in Windows 10 or 11 includes an overview of your device health and security.

The Windows Security app is a tool built into the Windows operating system (OS) that provides an overview of your device’s health and security, including virus and firewall protection. It provides settings for antivirus protection, firewall and networks, apps and browsers, device security, and options for tracking your kids’ online activity.

Updating your Windows Security settings can protect your system from malicious files like viruses and malware.

To find the Windows Security app in Windows 11, type Windows Security in the Search field (located in the taskbar at the bottom of your screen). Then, click Windows Security. A blue shield icon should show up in the taskbar. You can right-click the shield and select “Pin to taskbar” for easy access.

As an alternative to Search in Windows 11, you can do the following:

  1. Go to the Start menu.
  2. Select Settings.
  3. Choose Apps.
  4. Select Apps & Features.
  5. Select the three dots next to Windows Security.

Note that in the early versions of Windows 10, Windows Security was called Windows Defender Security Center.

As you scroll through the options in Windows Security, you’ll see a green checkmark for each setting that is turned on, along with a “No action needed” message. Click through the icons in the taskbar on the left to dig further into sections like Virus & threat protection and Account protection.

Top 7 Windows Security settings to change in 2024

Here’s a list of Windows Security settings you’ll want to change in 2023:

1. Enable anti-ransomware features

Ransomware is a type of malware that not only encrypts your files but can lock you out of your computer until you pay a ransom.

Here’s how to enable ransomware protection in Windows 10 or 11:

  1. Open the Windows Security app.
  2. Select Virus & threat protection.
  3. Find Ransomware protection and select Manage ransomware protection.
  4. Turn on controlled folder access if it’s turned off and select protected folders.
  5. You can select + Add a protected folder.
  6. If you need to remove protection from a folder, select it and then choose Remove.

You can enable anti-ransomware features in the Windows Security app.

Note that if Windows detects that you are using another antivirus program like McAfee VirusScan, you won’t see ransomware protection options in Windows Security and Microsoft Defender Antivirus will turn off automatically (it will turn back on if you ever uninstall the other program). However, Microsoft Security has been updated to detect threats in passive mode. Simply turn on Microsoft Defender Antivirus so it can periodically check for threats even with another program running.

Protection against ransomware is called controlled folder access. This means apps can’t access selected folders unless they’re trusted. You can specify which folders are protected.

In Windows 10 or 11, follow these steps to access controlled folders:

  1. Open the Windows Security app.
  2. Select Virus & threat protection.
  3. Select Ransomware protection.
  4. Switch Controlled folder access to On.

You can also set up controlled folder access to help prevent ransomware attacks within Windows Security.

There’s a section in Windows Security to review called Tamper protection. It stops malicious apps from disrupting Microsoft Defender Antivirus settings, such as real-time protection and cloud protection. If you’re using a third-party security app, the Windows Security Tamper protection settings won’t alter the settings in the other app.

Here’s how to find and change the Tamper Protection settings in Windows 10 or 11:

  1. Open Windows Security.
  2. Select Virus & threat protection.
  3. Select Manage settings.
  4. Switch Tamper Protection to On or Off.

2. Enable Microsoft Defender Firewall

Windows comes with a built-in firewall called Microsoft Defender Firewall. It stops unauthorized network traffic from traveling in and out of a local device. Microsoft recommends keeping Microsoft Defender Firewall on even if you’re using a separate firewall.

Here’s how to enable Microsoft Defender Firewall in Windows 10 and 11:

  1. Open Windows Security.
  2. Select Firewall & network protection.
  3. Select one of these network profiles: Domain network, Private network, or Public network.
  4. Find Microsoft Defender Firewall and turn On.

If you’re on a corporate network, you’ll need to consult your IT administrator to make necessary changes to your Windows Defender Firewall.

3. Turn on reputation-based protection

Reputation-based protection can guard your machine against potentially unwanted applications (PUA). These applications can slow down your computer, display unexpected ads, or install harmful apps.

Turning reputation-based protection on in Windows Security can help protect you against potentially unwanted apps (PUA).

Windows comes with this feature turned off on consumer machines. Potentially unwanted app blocking can block problematic apps that you downloaded or installed. However, it only blocks downloads if you’re using the Microsoft Edge browser.

Here’s how to turn on reputation-based protection in Windows 11:

  1. Search reputation-based protection in the Search field on the taskbar.
  2. Select reputation-based settings under Best Match.
  3. Switch on Potentially Unwanted App Blocking.

In Windows 10, follow these steps:

  1. Open Windows Security.
  2. Choose App & browser control.
  3. Select Reputation-based protection settings.
  4. Click Potentially unwanted app blocking.
  5. Check Block apps.
  6. Check Block downloads.

4. Enable Exploit protection

The Enable Exploit protection feature provides a shield against exploits that could infect your devices and spread throughout your system. The settings apply to the OS or separate apps.

To enable Exploit protection in Windows 11, do the following:

  1. Type in Exploit protection in the Search field in the taskbar.
  2. Open Exploit protection.
  3. Go to Program settings and choose the app you want to protect.
  4. If the app is already listed, choose it and select Edit. If not, select Add program to customize.
  5. Select Add by program name to apply the Exploit protection settings to a running process.
  6. Select Choose exact file path if you need a standard Windows Explorer file picker window.

Enabling Exploit protection in the Windows Security app adds an additional layer of security.

5. Turn on Core Isolation

Core isolation adds virtualization-based security features for added protection against hackers and malicious code. This prevents hackers from taking control of unsecured drivers on your computer.

This feature isolates core processes in memory. Memory integrity builds an isolated environment using hardware virtualization to protect against malicious programs.

Memory integrity in an isolated environment is like a security guard standing inside a locked booth. For applications to safely run a piece of code, the security guard must first approve the code. As Microsoft describes it, a scenario without memory integrity would be like a security guard monitoring your applications from outside the locked booth where someone could hijack the code approval process and allow malicious applications to run.[1]

If you have Windows 11 2022 Update, you should already have Core isolation enabled. If not, follow these steps in Windows 11:

1. Turn on Windows Security.

2. Select Device Security.

3. Select Core isolation.

4. Under Core isolation, click Memory integrity.

6. Set up parental controls

Keeping a child’s devices safe is a key concern for any parent. You’ll find this capability under Family options.

To access Family options, follow these steps:

  1. Open Windows Security.
  2. Select Family options.
  3. Select View family settings.

In this section, you can create a profile and customize settings for particular family members, such as setting screen time limits. In addition, you can select View devices to see where you and your family members have signed in.

7. Allow Windows Security notifications

Windows can let you know when updates are available to strengthen the detection of malware and other threats on your machine.

Follow these steps to enable Windows Security notifications:

  1. Open Windows Security.
  2. Select Settings.
  3. Choose Manage notifications (under Notifications).
  4. Turn on Get informational notifications (under Virus & threat protection notifications).

Be sure to turn on Windows Security notifications to keep tabs on your device health and security levels.

Other Windows Security features and settings

Here are a few other Windows Security settings to keep in mind.

Set up Windows Security Updates

Follow these steps to configure security updates:

  1. Go to the Start menu.
  2. Select Settings.
  3. Select Windows Update.

Scan your PC with Microsoft Defender Antivirus

In addition to a full scan, you can also choose a quick scan, a custom scan, or a Microsoft Defender Antivirus offline scan. Here’s how to start scanning:

  1. Open Windows Security.
  2. Click Virus & threat protection.
  3. Select Scan options under Current threats.
  4. Select Full scan.

You can use the Windows Defender Antivirus option in Windows Security to scan your PC for viruses and malware.

Temporarily turn off Microsoft Defender Antivirus

Microsoft Defender Antivirus automatically turns off if you’re running other antivirus software. The best antivirus programs include AVG and McAfee. Whichever option you choose, antivirus software is necessary to protect against threats of malware, viruses, phishing, and cyberattacks.

People may turn off Microsoft Defender Antivirus if it’s running a scan and they’re accessing sensitive data. Here’s how to turn off Microsoft Defender Antivirus:

  1. Search for Windows Security in the Start menu.
  2. Open Windows Security.
  3. Find Virus & threat protection and select Virus & threat protection.
  4. Select Manage settings.
  5. Switch Real-time protection off.

How to turn on Microsoft Defender Firewall in Windows 10 or 11

Microsoft recommends keeping Defender Firewall on even if you are running a separate firewall. If you need to run an application that Microsoft Defender Firewall may block, you can allow it. Here’s how to turn on Microsoft Defender Firewall.

  1. Search for Windows Security in the Search field in the taskbar.
  2. Open Windows Security.
  3. Select a network profile among the following: Domain network, Private network, or Public network.
  4. Look for Microsoft Defender Firewall and switch it on.

Check your device health

Another key security feature involves managing device health and performance. You can track battery life status and ensure there are no issues with apps and software.

Follow these steps to access settings for device performance and health.

  1. Open Windows Security.
  2. Select Device performance and health.

Here, you can check if your system is running low on disk space by exploring the Storage capacity section. Check Battery Life to find out if various applications are straining your battery.

You can also check your device health within the Windows Security app to spot any issues with software.

Is Windows Defender the best antivirus software for Windows 10 or 11?

Windows Defender is the antivirus product preinstalled with Windows. It offers some attractive features, such as parental controls, and can protect your devices from malware while you navigate the internet. However, it lacks webcam protection, which parents and other users may prefer.

In addition, Windows Defender scored high in testing by AV-TEST in late 2022. It scored a 6 out of 6 on two evaluations, plus a 100% detection rate.[2] Its performance was strong against malware, but it slows your machine when you’re installing frequently used applications.

The downside to Windows Defender is it may bring reduced protection when using browsers like Google Chrome or Mozilla Firefox. You’ll have to stick with the Microsoft Edge browser to get the most protection. Windows Defender only blocked phishing sites 68% of the time, and that was when using the Microsoft Edge browser. Windows Defender also lacks a password manager.

Given these limitations, we understand you may prefer a third-party antivirus product. Try comprehensive antivirus packages like Bitdefender, AVG, or TotalAV.

Bitdefender offers strong malware protection, AVG adds highly customizable settings and blocking for unsafe email attachments, and TotalAV provides a user-friendly interface for first-time antivirus users.

Windows Security settings FAQs


+

What are the best security settings for Windows 10 or 11?

Enable anti-ransomware features in Windows 10 or 11 so you won’t be locked out of using your computer and asked to pay a ransom (don’t ever pay a ransom, as it doesn’t guarantee recovery). Also, be sure to configure Windows Security notifications so you know when updates are available to strengthen the detection of malware and other threats on your machine.


+

What is Windows Security settings?

Windows Security settings is where you can manage the security providers that protect your device. It also lets you configure your Windows Security notifications.


+

Is Windows 10 or 11 Security all I need?

Yes, if you tend to use the Microsoft Edge browser and Office 365, you will have solid protection with Windows 10 or 11 Security. However, you may experience limited protection when using third-party browsers like Google Chrome or Firefox.

Bottom line

When you’re thinking about how to protect your Windows PC, remember to keep on top of your virus and security updates no matter which applications you use. Keep the following settings on to optimize your protection against cyberthreats:

  • Anti-ransomware features
  • Tamper protection
  • Phishing protection
  • Exploit protection
  • Core isolation

In addition, be sure to update your online security settings for Google and the social media sites you use to ensure maximum protection against hackers and malware.

Read more on configuring your online privacy settings and social media settings to keep your accounts safe.

Online Protection With VPN Access and Identity Monitoring
5.0
Editorial Rating
Learn More
On McAfee's website
All-In-One
McAfee
Save $90 on a 2-year plan
  • Inclusive antivirus, scam, and web protection with the added privacy of a VPN, identity monitoring, and secure password manager
  • Get a real-time Protection Score that measures your online safety and offers guidance to improve security
  • Added peace of mind with 24/7 expert online support and McAfee’s Virus Protection Pledge
  • Multiple pop-ups for text notifications can be annoying

Author Details
Brian T. Horowitz is a writer with more than 25 years of experience covering technology. He has written on security topics that include deepfakes, identity management, payment card security, data breaches, zero trust, ransomware protection, and data privacy. His work has appeared in publications that include Computer Shopper, eWEEK, Fast Company, InformationWeek, IEEE Spectrum, PCMag, and Scientific American. A resident of New York City, he earned a degree in English from Hofstra University. Follow him on Twitter @bthorowitz.

Citations

[1] Core Isolation

[2] AV-TEST Product Review and Certification Report — Nov-Dec/2022