Understanding Windows Defender real-time protection

Real-time protection alerts you when spyware and other potentially unwanted software attempts to install itself or run on your computer. Depending on the alert level, you can choose one of these actions to apply to the software:

Ignore. Allows the software to be installed or run on your computer. If the software is still running during the next scan, or if it the software tries to change security-related settings on your computer, Windows Defender will alert you about this software again.
Quarantine. When Windows Defender quarantines software, it moves it to another location on your computer, and then prevents the software from running until you choose to restore it or remove it from your computer.
Remove. Permanently deletes the software from your computer.
Always Allow. Adds the software to the Windows Defender allowed list and allows it to run on your computer. Windows Defender will stop alerting you to risks that the software might pose to your privacy or your computer. Add software to the allowed list only if you trust the software and the software publisher.

You are also alerted if programs attempt to change important Windows settings. Because the software is already running on your computer, you can choose one of these actions:

Permit. Allows the software to change security-related settings on your computer.
Deny. Prevents the software from changing security-related settings on your computer.

You can choose the software and settings that you want Windows Defender to monitor, but we recommend that you use all of the real-time protection options, called agents. The following table explains each agent and why it is important.

Real-time protection agent	Purpose
Auto Start	Monitors lists of programs that are allowed to automatically run when you start your computer. Spyware and other potentially unwanted software can be set to run automatically when Windows starts. That way, it can run without your knowledge and collect information. It can also make your computer start or run slowly.
System Configuration (Settings)	Monitors security-related settings in Windows. Spyware and other potentially unwanted software can change hardware and software security settings, and then collect information that can be used to further undermine your computer's security.
Internet Explorer Add-ons	Monitors programs that automatically run when you start Internet Explorer. Spyware and other potentially unwanted software can masquerade as web browser add-ons and run without your knowledge.
Internet Explorer Configurations (Settings)	Monitors browser security settings, which are your first line of defense against malicious content on the Internet. Spyware and other potentially unwanted software can try to change these settings without your knowledge.
Internet Explorer Downloads	Monitors files and programs that are designed to work with Internet Explorer, such as ActiveX controls and software installation programs. These files can be downloaded, installed, or run by the browser itself. Spyware and other potentially unwanted software can be included with these files and installed without your knowledge.
Services and Drivers	Monitors services and drivers as they interact with Windows and your programs. Because services and drivers perform essential computer functions (such as allowing devices to work with your computer), they have access to important software in the operating system. Spyware and other potentially unwanted software can use services and drivers to gain access to your computer or to try to run undetected on your computer like normal operating system components.
Application Execution	Monitors when programs start and any operations they perform while running. Spyware and other potentially unwanted software can use vulnerabilities in programs that you have installed to run malicious or unwanted software without your knowledge. For example, spyware can run itself in the background when you start a program that you frequently use. Windows Defender monitors your programs and alerts you if suspicious activity is detected.
Application Registration	Monitors tools and files in the operating system where programs can register to run at any time, not just when you start Windows or another program. Spyware and other potentially unwanted software can register a program to start without notice and run, for example, at a scheduled time each day. This allows the program to collect information about you or your computer or gain access to important software in the operating system without your knowledge.
Windows Add-ons	Monitors add-on programs (also known as software utilities) for Windows. Add-ons are designed to enhance your computing experience in areas such as security, browsing, productivity, and multimedia. However, add-ons can also install programs that will collect information about you or your online activities and expose sensitive, personal information, often to advertisers.

Scan for spyware and other potentially unwanted software

Keep Windows Defender definitions up to date

Add or remove items from the Windows Defender allowed list