Windows Security
Per Microsoft, "Windows Security is your home to manage the tools that
protect your device and your data".
In case you missed it, Windows
Security is also available in Settings.
In the above image, focus your attention on Protection areas.
- Virus & threat protection
- Firewall & network protection
- App & browser control
- Device security
Each following task will briefly touch on these areas.
Before
proceeding, let's provide a quick comment on the status icons.
- Green means your device is sufficiently protected, and there aren't any recommended actions.
- Yellow means there is a safety recommendation for you to review.
- Red is a warning that something needs your immediate attention.
Click on Open Windows Security.
Note: Since the attached VM is a Windows Server 2019 edition, it looks
different from a Windows 10 Home or Professional edition.
The
below image is from a Windows 10 device.
1) In the above image, which area needs immediate attention?
Ans - Virus and Threat Protection
Virus & threat protection
Virus & threat protection is divided into two
parts:
- Current threats
- Virus & threat protection settings
The image below only focuses on Current threats.
Current threats
Scan options
- Quick scan - Checks folders in your system where threats are commonly found.
- Full scan - Checks all files and running programs on your hard disk. This scan could take longer than one hour.
- Custom scan - Choose which files and locations you want to check.
Threat history
- Last scan - Windows Defender Antivirus automatically scans your device for viruses and other threats to help keep it safe.
- Quarantined threats - Quarantined threats have been isolated and prevented from running on your device. They will be periodically removed.
- Allowed threats - Allowed threats are items identified as threats, which you allowed to run on your device.
Warning: Allow an item to run that has been identified as a threat only if you are 100% sure of what you are doing.
Next is Virus & threat protection settings.
Virus & threat protection settings
Manage settings
- Real-time protection - Locates and stops malware from installing or running on your device.
- Cloud-delivered protection - Provides increased and faster protection with access to the latest protection data in the cloud.
- Automatic sample submission - Send sample files to Microsoft to help protect you and others from potential threats.
- Controlled folder access - Protect files, folders, and memory areas on your device from unauthorized changes by unfriendly applications.
- Notifications - Windows Defender Antivirus will send notifications with critical information about the health and security of your device.
Warning: Excluded items could contain threats that make your
device vulnerable. Only use this option if you are 100% sure of what you are
doing.
Virus & threat protection updates
Check for updates - Manually check for updates to update Windows
Defender Antivirus definitions.
Ransomware protection
Controlled folder access - Ransomware protection requires this
feature to be enabled, which in turn requires Real-time protection to be
enabled.
Note: Real-time protection is turned
off in the attached VM to decrease the chances of performance issues. Since
the VM can't reach the Internet and there aren't any threats in the VM, this
is safe to do. Real-time protection should definitely be enabled in your
personal Windows devices unless you have a 3rd party product that provides the
same protection. Ensure it's always up-to-date and enabled.
Tip: You can perform on-demand scans on any file/folder by right-clicking the
item and selecting 'Scan with Microsoft Defender'.
The below
image was taken from another Windows device to show this feature.
1) Specifically, what is turned off that Windows is notifying you to turn
on?
Ans - Real-time protection
Firewall & network protection
What is a firewall?
Per Microsoft, "Traffic
flows into and out of devices via what we call ports. A firewall is what
controls what is - and more importantly isn't - allowed to pass through those
ports. You can think of it like a security guard standing at the door,
checking the ID of everything that tries to enter or exit".
The
below image will reflect what you will see when you navigate to
Firewall & network protection.
Note: Each network may have different status icons for you.
What is the difference between the 3 (Domain, Private, and Public)?
Per Microsoft, "Windows Firewall offers three firewall profiles:
domain, private and public".
- Domain - The domain profile applies to networks where the host system can authenticate to a domain controller.
- Private - The private profile is a user-assigned profile and is used to designate private or home networks.
- Public - The default profile is the public profile, used to designate public networks such as Wi-Fi hotspots at coffee shops, airports, and other locations.
If you click on any firewall profile, another screen
will appear with two options: turn the firewall on/off and block all incoming
connections.
Warning: Unless you are 100% confident in what you are doing, it is
recommended that you leave your Windows Defender Firewall enabled.
Allow an app through firewall
You can view what the current settings for any firewall profile are. In the above image, several apps have access in the Private and/or Public firewall profile. Some of the apps will provide additional information if it's available via the Details button.
Advance Setting
Configuring the Windows Defender Firewall is for advanced
Windows users. Refer to the following Microsoft documentation on best
practices here.
Tip: Command to open the Windows Defender
Firewall is WF.msc.
1) If you were connected to airport Wi-Fi, what most likely will be the
active firewall profile?
Ans - public network
App & browser control
In this section, you can change the settings for the Microsoft Defender
SmartScreen.
Per Microsoft, "Microsoft Defender SmartScreen protects
against phishing or malware websites and applications, and the downloading of
potentially malicious files".
Refer to the official
Microsoft document for more information on
Microsoft Defender SmartScreen
here.
Check apps and file
Windows Defender SmartScreen helps protect your device by checking for
unrecognized apps and files from the web.
Exploit protection
Exploit protection is built into Windows 10 (and, in our case, Windows Server 2019) to help protect your device against attacks.
Warning: Unless you are 100% confident in what you are doing, it is
recommended that you leave the default settings.
Device security
Even though you'll probably never change any of these settings, for
completion's sake, it will be covered briefly.
Core isolation
Memory Integrity - Prevents attacks from inserting malicious code into high-security processes.
Warning: Unless you are 100% confident in what you are doing, it is
recommended that you leave the default settings.
The below images
are from another machine to show another security feature that should be
available in a personal Windows 10 device.
Security processor
Below are the Security processor details.
What is the Trusted Platform Module (TPM)?
Per Microsoft,
"Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related
functions. A TPM chip is a secure crypto-processor that is designed to
carry out cryptographic operations. The chip includes multiple physical
security mechanisms to make it tamper-resistant, and malicious software is
unable to tamper with the security functions of the TPM".
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.
0 comments:
Post a Comment
For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.