Advice Request Microsoft Defender Recommended settings

Please provide comments and solutions that are helpful to the author of this topic.

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Hello everybody.
i wish you are in a good health
i want to know if we have some guide here to fine tune windows defender setting for best performance and protection possible.
i want to depend only in it as AV solution beside Ad guard desktop which has good web protection to have complete AV security package which has most of premium security features. Also i want to make use of ransomware protection provided with windows defender beside solve the slow computer performance when opening folders has a lot of exe files thanks in advance
 

rndmblk

Level 3
Nov 18, 2020
94
I would suggest starting with ConfigureDefender, GitHub - AndyFul/ConfigureDefender: Utility for configuring Windows 10 built-in Defender antivirus settings.

The recommended settings are definitely a good starting point. If you aren't already using some form of Windows Hardening have a look at Simple Windows Hardening by the same author, AndyFul, Hard_Configurator/SimpleWindowsHardening.exe at master · AndyFul/Hard_Configurator

Alternatively you could used hard/configurator for hardening. It has some addition features but may be a bit more of a learning curve
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
I would suggest go all the way with Microsoft Defender.
Use the new Edge as browser or at least install the Microsoft Defender Browser Protection extension in any other chrome-based browser you use.

ConfigureDefender at High settings are the best settings for Microsoft Defender.

Enable Controlled Folder Access and set it to audit first for some time with ConfigureDefender so you can see what frequently used apps need to be whitelisted.

You can exclude the folders with a lot of exes from Microsoft Defender.

Maybe @Andy Ful and/or other members have more suggestions?
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,480
I would suggest go all the way with Microsoft Defender.
Use the new Edge as browser or at least install the Microsoft Defender Browser Protection extension in any other chrome-based browser you use.

ConfigureDefender at High settings are the best settings for Microsoft Defender.

Enable Controlled Folder Access and set it to audit first for some time with ConfigureDefender so you can see what frequently used apps need to be whitelisted.

You can exclude the folders with a lot of exes from Microsoft Defender.

Maybe @Andy Ful and/or other members have more suggestions?
You can’t go wrong with setting ConfigureDefender to Max either. If you face any problems you can still set it to high afterwards imo.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
You can’t go wrong with setting ConfigureDefender to Max either. If you face any problems you can still set it to high afterwards imo.
Maybe, but recommended by Andy is High:
"HIGH"
Enhanced configuration, which enables many Exploit Guard features like Network Protection and most
of ASR rules. Three ASR rules and Controlled Folder Access ransomware protection are disabled to
avoid false positives. This is the recommended configuration that is appropriate for most users and provides significantly increased security.
"MAX"
The most secure protection level, which enables all advanced Microsoft Defender features and hides
Windows Security Center. Configuration changes can be made only with the ConfigureDefender user
interface. The "MAX" settings are intended to protect children and casual users but can be also used
(with some modifications) to maximize the protection. This protection level usually generates more false positives compared to other settings and may require more user knowledge or skill.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040

DDE_Server,​

The problem with big folders full of EXEs can be solved easily by creating two subfolders (OLD and VERY_OLD).
Just move your old and very old EXEs there. You will probably still suffer when opening these subfolders, but this will happen rarely.
 
Last edited:

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168

DDE_Server,​

The problem with big folders full of EXEs can be solved easily by creating two subfolders (OLD and VERY_OLD).
Just move your old and very old EXEs there. You will probably still suffer when opening these subfolders, but this will happen rarely.
Doesnot windows defender caches any info about scanned exe to enhance its on access scan ??
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
to avoid window defnder from analyze large folder, 4gb, i navigate or launch files using cmd, .bat or powershell console, no wd impact :p use explore gui wd scans and slow resources :mad:
Exactly sometimes i disable real time protection because windows explorer isnot responding . just after Disabling WD real time protection, it responds and list the exe files . that very bad behavior . most AV solution , you may face this for first time until AV learn them and cache some info about them which enhance the performance after little period of time
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
you extended configure defender digital signature expiry date @Andy Ful or it is expired at the last month.
Is there any problem with it? ConfigureDefender is not a commercial application so I use signing only to make sure that the executable is genuine.
Do you provide hash value for verifying it is integrity after download ??
It is not necessary when the file is digitally signed. Any altering that could change the hash would also make the file unsigned.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
If you only keep trusted files in that folder then you may put the folder into exclusions.
Another solution is to arrange them properly. I used to have a folder full of exe files and Defender made browsing that folder super slow. Because of this, I put each of them into their separate folders which completely solved the issue for me. No more slowdowns and my PC is not cluttered anymore like it used to be thanks to Defender. It's funny that Microsoft Defender's failure helped me tidy things up.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Most of time using microsoft defender, i have had it on default settings....cant really go wrong there
These settings are recommended by Microsoft for average users, because of the low false positives rate. Using Defender's advanced settings can slightly increase the number of false positives, just like with any other AV.
Different users require different protection levels. Users who cannot get occasional help to solve the problems with false positives should probably use the AV on default settings. Others can consider using advanced settings, especially when they do not install/use non-prevalent applications.
 

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Is there any problem with it? ConfigureDefender is not a commercial application so I use signing only to make sure that the executable is genuine.

It is not necessary when the file is digitally signed. Any altering that could change the hash would also make the file unsigned.
I mean you wrote in your github it will expire june 2020 so i just want to ask if you renewed it or not. sorry for misunderstanding
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I mean you wrote in your github it will expire june 2020 so i just want to ask if you renewed it or not. sorry for misunderstanding
Yes. The version integrated with Hard_Configurator beta is already signed with a new certificate. The standalone version (beta 2) is going to be published soon.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top