Configure Windows Defender on a Windows System
This IT Pro Challenge helps learners understand how Microsoft Windows Defender works. Participants will learn how to configure Windows Defender to create an exclusion, how to verify that exclusion, and how to work with Windows Defender to prevent the installation of malicious software.
In this IT Pro Challenge, learners will understand how to use Windows PowerShell to verify that the Microsoft Windows Defender Graphical User Interface is installed and that Windows Defender is running, how to configure an exclusion, how to use Real-time protection to block the copy/paste operation of known malware. Learners will perform an exercise as a proof of concept of how Windows Defender can block or not block software installation. The skills learned in this virtual lab are useful to anyone pursuing a career as a system or network administrator.
The scenario for this virtual lab is that you are a systems administrator who is responsible for a server running Windows Server 2016. Your job is to confirm that the Windows Defender service will block the installation of potentially malicious software. To accomplish this, you will first verify that the Windows Defender service is running. Next, you will stop Windows Defender from scanning folders where potentially malicious software may be saved. You will then use Windows Defender to observe the effects of scanning and exclusions, and finally, you will allow Windows Defender to remove any malicious software.
Windows Defender (now called Microsoft Defender after the November 2019 Windows 10 Update) is an anti-malware (shorthand for malicious software) tool included with Microsoft Windows.
Check the Windows Defender service
To begin, you will launch Windows PowerShell and verify that the Windows Defender Graphical User Interface (GUI) is installed and that the Windows Defender service (windefend) is running.
NOTE: You can run Windows Defender without a GUI by using Group Policy or another centralized management process.
Configure Windows Defender
Now you will create a folder. Then you will launch Windows Defender and create an exclusion for the folder you just created. In Windows PowerShell, you will verify the exclusion path by running the Get-MpPreference command.
Work with malicious software
Finally, you will copy potentially malicious software (in this case, it’s a password-cracking utility) from a DVD to the directory that you created at the beginning of this lab. Because Microsoft has designated password-cracking utilities as malware, Windows Defender should detect the malware in the folder.
You will try to copy the malware to the folder you created. Windows Defender should alert you to the presence of malware and block the copy/paste operation. Then, as a proof of concept, you will turn off the Real-time protection option in Windows Defender and then attempt to copy and paste the malware to the folder again. This time, the copy/paste operation should be successful.
By completing this lab, you will learn how to work with Windows Defender to accomplish various tasks, such as:
- Confirm the Windows Defender status.
- Configure an exclusion in Windows Defender.
- Use Windows Defender to observe the effect of Real-Time Scanning and Exclusions.
- Use Windows Defender to observe the removal of potentially malicious software.