However, most of the security features offered by Microsoft in both Windows 10 and Windows 11 are disabled by default. So if you are concerned about the security of your device and at the same time do not want to invest in third-party security software, you should not leave the default security settings in place! Let me tell you the features that must be activated now in order to reach the highest levels of protection on Windows.
Potentially unwanted app blocking feature
If you download and install a lot of software, or do so occasionally and rely on trusted sites, it is important to know that there is a category of software that may cause your device to run slow, display random ads everywhere, or at worst, install additional software are unwanted in malicious ways on the system to be a source of nuisance and damage. This category is called PUA for Potentially Unwanted Applications and in addition to being harmful in terms of security, it also unnecessarily takes up a lot of hard space.
Fortunately, since the May 2020 Update, Windows has included a feature to block these programs, called Potentially unwanted app blocking, that helps users protect their devices from PUAs and blocks these potentially unwanted programs before they sneak onto your device, i.e. when you try to download a program that has additional programs, Windows will warn you before starting the installation process or even before downloading. Indeed, after activating the feature, when we were trying to download uTorrent , the program was immediately blocked before we could install it, because it included an advertisement to install another additional program.
But note that Windows Secuirty only blocks the program and does not permanently delete it, so if you insist on installing it regardless of the warnings, you can unblock the program through the Windows Security application and then you can re-download and install the program. For more details on this feature, we recommend that you review our previous topic on automatically blocking malware in Windows .
Controlled Folder Access feature
As you probably know, ransomware or ransomware is one of the deadliest malware in the history of computer viruses that is based on a “hand over and receive” philosophy. Once it hits your device in various ways, all the contents of the hard are encrypted until the victim transfers an exorbitant amount to the hacker for decryption. And what complicates matters further is that the payment here is by digital currencies, the most famous of which is Bitcoin, which denounces the impossibility of recovering your files again in the event of exposure to this type of cyber attack. For our part, we have published a number of articles that explain encryption viruses, Ransomware protection from them, and what you should do in the event that you are forced to pay the ransom when infected with Ransomware viruses .
But Microsoft's response to this type of virus was represented by the innovation of Controlled Folder Access, which is a great feature included in Windows that allows the user to impose a layer of protection on the folders that he defines so that no program can modify the contents of these folders and block any unauthorized changes, and thus Even when your device is infected with a ransomware virus, it will not be able to encrypt the files inside those folders or make modifications in any way, as they are generally immune to any external interference beyond the control of the user.
And because it is a very important feature for anyone who has important files on their computer that they don't want to lose, we have prepared a simple step-by-step guide on Controlled Folder Access including how to enable it in a very easy set of steps. So, if you are using Windows 10 or Windows 11 and have not used this feature before, it is imperative that you do before it is too late.
This feature protects users from phishing attempts while surfing the Internet, and it is part of the SmartScreen technology in the Windows Security program, as it monitors the user's activities in all programs, applications, and websites used on the device, and then shows warning messages when he enters a password Windows passing through an untrusted website or application, or when trying to save its passwords in a text editor such as Microsoft Word or Notepad, or when trying to reuse the same password to log into other accounts.
So far, the Phishing Protection feature only works in Windows 11 starting from version 22H2, and we have already explained all the details about it in a separate article that we suggest looking at.
In addition to ransomware viruses, there are viruses called Rootkits that are no less vicious than their predecessors. As this malware focuses on infecting the Windows kernel or Windows Kernel - where the most sensitive system files and processes are located - through many scenarios, most notably fake
Phishing Protection feature
This feature protects users from phishing attempts while surfing the Internet, and it is part of the SmartScreen technology in the Windows Security program, as it monitors the user's activities in all programs, applications, and websites used on the device, and then shows warning messages when he enters a password Windows passing through an untrusted website or application, or when trying to save its passwords in a text editor such as Microsoft Word or Notepad, or when trying to reuse the same password to log into other accounts.
So far, the Phishing Protection feature only works in Windows 11 starting from version 22H2, and we have already explained all the details about it in a separate article that we suggest looking at.
Memory Integrity feature
In addition to ransomware viruses, there are viruses called Rootkits that are no less vicious than their predecessors. As this malware focuses on infecting the Windows kernel or Windows Kernel - where the most sensitive system files and processes are located - through many scenarios, most notably fake
definitions.
And until you understand what I mean, drivers are simply programs that act as a link between the operating system and the hardware components in order for the computer to function as required. Starting with the processor, going through the RAM and hard drives, and not ending with the screen, sound, network, mouse and keyboard. Every part of the computer that needs to be "defined" is a driver that sends and receives data to/from the operating system. Thus, every company that manufactures these parts also has to develop the software that runs them after connecting to the computer.
Because drivers play such an important role in the way a device operates, Microsoft needs to rigorously test all drivers provided by manufacturers before they are approved and available for installation on Windows, in order to limit the presence of malicious software drivers that can access the Windows kernel and tamper with them. sensitive system files, which leads to system crashes and computer failures. This means that any driver that is installed on the device is checked by Windows first in a process called "Code integrity" to ensure that it is approved before completing the installation stages.
However, some viruses, such as Rootkits, when they infect the computer, they manipulate the module responsible for verifying that the definition is approved by Microsoft and thus enable themselves to install a fake definition to get to the root of the system or the "Windows kernel" to harm comfortably because the task of removing these viruses It is often "Mission Impossible".
Here comes the role of the Memory Integrity feature in Windows, which makes the "Code integrity" process take place in a safe and isolated environment on the device, and thus it is impossible for Rootkits or others to access the Windows kernel by tampering with the process of checking the approval status of definitions. Therefore, it is necessary to activate it by opening Windows Security, then clicking on Device Security, then Core Isolation Details, and then pressing the Memory Integrity activation key, and you will be prompted to restart the computer.
A new security feature that Microsoft has included in the Windows Secuirty program, starting with version 22H2 for Windows 11, and it uses artificial intelligence to recognize your activities and then block applications and malicious software that harm the safety of the computer. The feature relies on a huge database of signals that includes more than 43 trillion signals stored in cloud repositories, and is updated on a daily basis to indicate potentially unsafe programs and applications.
When activated, the feature works in the background and all program and application checks are done so smoothly and silently that you can only notice when a program is not running. Then a notification will appear on the screen informing the user that the program/application has been blocked because it is not safe, the user can then search for safe alternative applications and can provide his feedback if he thinks that the application has been blocked wrongly. You can review the topic What is the Smart App Control security feature? For more details about the feature.
Windows Sandbox is one of my favorite features and I think anyone who uses Windows and downloads a lot of files and programs should use it. In short, this feature creates an exact copy of the copy of Windows currently installed on the computer, but the copy that is created is "virtual" that is, fake so that you can simply install programs or open suspicious files in a safe environment isolated from the main copy, and once you are done From working on this dummy copy everything is deleted.
In other words, if you download a program or file of any kind and you are sure that it is full of viruses and malware, you can install and run it through Windows Sandbox and the viruses will not affect your computer at all.
This is also useful if you have enabled the Potentially unwanted app blocking feature (which we talked about earlier) and you have been warned that there is an unwanted program on the device, if you are determined to run it regardless of what Windows tells you, you can do so within the default safe environment provided by the feature Windows Sandbox Everything that happens there will have no effect outside of the virtual environment. Therefore, it is considered one of the most important security features provided by Microsoft in Windows.
Users can activate the Windows Sandbox feature in a very easy way by placing a check mark (✔) next to it in the Windows Feature window. Running it does not require a lot of computer resources, but keep in mind that the virtual environment is completely isolated, so you cannot transfer files or programs from the current system. (host) to the virtual system, and vice versa.
We talked at length in a previous topic about what is the “Tamper Protection” feature, including how to activate it, because it is simply one of the important new security additions to the Windows Security application in Windows. In short, the importance of this feature lies in its ability to deter any attempt to tamper with Windows security settings, whether through a program, a CMD command, or changes in the registry .
So that you understand what I mean here, let me tell you that there are malicious programs such as TrickBot, GootKit and Nodersok Trojans that make a concerted effort to bypass Windows protection represented by Windows Defender in order to stay on the infected computer as long as possible or to bypass its protection measures, so, as soon as If you infiltrate the victim's device, the first thing you do is circumvent the security control and disable the protection settings. So, the job of Tamper Protection is to prevent such malware from changing or simply resetting Windows Defender or Windows Security settings. So it is necessary to check if this feature is active on your device.
Because drivers play such an important role in the way a device operates, Microsoft needs to rigorously test all drivers provided by manufacturers before they are approved and available for installation on Windows, in order to limit the presence of malicious software drivers that can access the Windows kernel and tamper with them. sensitive system files, which leads to system crashes and computer failures. This means that any driver that is installed on the device is checked by Windows first in a process called "Code integrity" to ensure that it is approved before completing the installation stages.
However, some viruses, such as Rootkits, when they infect the computer, they manipulate the module responsible for verifying that the definition is approved by Microsoft and thus enable themselves to install a fake definition to get to the root of the system or the "Windows kernel" to harm comfortably because the task of removing these viruses It is often "Mission Impossible".
Here comes the role of the Memory Integrity feature in Windows, which makes the "Code integrity" process take place in a safe and isolated environment on the device, and thus it is impossible for Rootkits or others to access the Windows kernel by tampering with the process of checking the approval status of definitions. Therefore, it is necessary to activate it by opening Windows Security, then clicking on Device Security, then Core Isolation Details, and then pressing the Memory Integrity activation key, and you will be prompted to restart the computer.
Smart App Control feature
A new security feature that Microsoft has included in the Windows Secuirty program, starting with version 22H2 for Windows 11, and it uses artificial intelligence to recognize your activities and then block applications and malicious software that harm the safety of the computer. The feature relies on a huge database of signals that includes more than 43 trillion signals stored in cloud repositories, and is updated on a daily basis to indicate potentially unsafe programs and applications.
When activated, the feature works in the background and all program and application checks are done so smoothly and silently that you can only notice when a program is not running. Then a notification will appear on the screen informing the user that the program/application has been blocked because it is not safe, the user can then search for safe alternative applications and can provide his feedback if he thinks that the application has been blocked wrongly. You can review the topic What is the Smart App Control security feature? For more details about the feature.
Windows Sandbox feature
Windows Sandbox is one of my favorite features and I think anyone who uses Windows and downloads a lot of files and programs should use it. In short, this feature creates an exact copy of the copy of Windows currently installed on the computer, but the copy that is created is "virtual" that is, fake so that you can simply install programs or open suspicious files in a safe environment isolated from the main copy, and once you are done From working on this dummy copy everything is deleted.
In other words, if you download a program or file of any kind and you are sure that it is full of viruses and malware, you can install and run it through Windows Sandbox and the viruses will not affect your computer at all.
This is also useful if you have enabled the Potentially unwanted app blocking feature (which we talked about earlier) and you have been warned that there is an unwanted program on the device, if you are determined to run it regardless of what Windows tells you, you can do so within the default safe environment provided by the feature Windows Sandbox Everything that happens there will have no effect outside of the virtual environment. Therefore, it is considered one of the most important security features provided by Microsoft in Windows.
Users can activate the Windows Sandbox feature in a very easy way by placing a check mark (✔) next to it in the Windows Feature window. Running it does not require a lot of computer resources, but keep in mind that the virtual environment is completely isolated, so you cannot transfer files or programs from the current system. (host) to the virtual system, and vice versa.
Tamper Protection feature
We talked at length in a previous topic about what is the “Tamper Protection” feature, including how to activate it, because it is simply one of the important new security additions to the Windows Security application in Windows. In short, the importance of this feature lies in its ability to deter any attempt to tamper with Windows security settings, whether through a program, a CMD command, or changes in the registry .
So that you understand what I mean here, let me tell you that there are malicious programs such as TrickBot, GootKit and Nodersok Trojans that make a concerted effort to bypass Windows protection represented by Windows Defender in order to stay on the infected computer as long as possible or to bypass its protection measures, so, as soon as If you infiltrate the victim's device, the first thing you do is circumvent the security control and disable the protection settings. So, the job of Tamper Protection is to prevent such malware from changing or simply resetting Windows Defender or Windows Security settings. So it is necessary to check if this feature is active on your device.