Windows Security does more than just basic virus protection. It guards against phishing, blocks ransomware, and prevents malicious apps from running. However, these features aren’t easy to spot—they’re hidden behind layers of menus.
Protect Sensitive Files from Ransomware
Downloading files or opening unknown attachments always carries some risk, especially if one turns out to be ransomware that can lock your files in seconds. Luckily, Windows includes a feature calledControlled Folder Accessthat helps protect your most important folders from exactly that.
Once enabled, it blocks untrusted apps from modifying protected folders. By default, it covers locations like Documents, Pictures, and Desktop, but you’re not limited to just those. You can clickProtected foldersto add other locations you care about, such as work projects, financial records, or files stored on an external drive.
To turn it on, openWindows Security, go toVirus & threat protection, then clickManage ransomware protectionunder theRansomware protectionsection. From there, toggle onControlled folder access.
If a trusted app gets blocked, Windows often won’t notify you. To find out what was blocked, open theProtection historysection, where Windows logs recent attempts to access protected folders. Just look underBlocked folder accessand allow any apps you recognize and trust.
And if a known app,such as your video editor or backup tool, encounters problems, you can head straight toAllow an app through Controlled Folder Accessto whitelist it and preventany future interruptions.
Once it’s set up, the protection works quietly in the background. If ransomware or any suspicious app tries to interfere, Windows will block it instantly, keeping your files safe without you lifting a finger.
Block Malicious or Untrusted Apps Automatically
Threats don’t always look suspicious. That file you downloaded might seem useful, but it could install trackers, malware, or otherwise. Even a fake login page can look convincing enough to fool anyone. One wrong click, and your login details could fall into the wrong hands.
Reputation-based protection, built into Windows Security, stops these threats before they reach you. Using Microsoft’s real-time threat intelligence, it blocks shady apps, suspicious downloads, and phishing sites, so you don’t have to second-guess every click.
To turn it on, openWindows Securityand go toApp & browser control. ClickReputation-based protection settings, then turn on all available options:Check apps and files, SmartScreen for Microsoft Edge, Potentially unwanted app blocking, andPhishing protection.
Once it’s active, Windows quietly monitors your activity in the background. If a file or site appears risky, you’ll receive a warning before it’s executed. You can still approve apps you trust, but these built-in checks help you avoid a mistake that could cost you later.
Use Offline Scan for Stubborn Threats
Some malware is sophisticated enough to evade regular scans. It hides deep within your system, starts running before Windows even loads, and evades detection while quietly causing damage in the background.
When that happens, a normal scan usually isn’t enough. That’s why Windows includes an Offline Scan, which performs a deeper check before Windows starts. This way, hidden threats don’t get a chance to load or interfere.
To run it, openWindows Security, head toVirus & threat protection, then clickScan options.
SelectMicrosoft Defender Antivirus (offline scan)and clickScan now.
Your PC will restart, perform the scan in a clean state, and return to your desktop when it’s done. It only takes about 15 minutes, and once it starts, there’s nothing you need to do. When it finishes, openProtection historyto see if anything was found or removed.
Shield Your System With Memory Integrity
Your system memory handles some of the most sensitive tasks on your PC. If malware manages to reach that level, it can tamper with critical processes, install rogue drivers, or quietly take control without ever touching your personal files.
Memory integrity acts like a security checkpoint at the heart of your system. It creates a protected environment using virtualization, keeping vital processes sealed off from anything untrusted. If something shady makes its way through, it gets blocked the moment it tries.
To activate this, navigate toWindows Security > Device security > Core isolation details. If Memory integrity is turned off, toggle it on. You may be prompted to restart your PC.
If the toggle doesn’t work right away, Windows may flag an outdated driver or app that’s causing a conflict. In that case, try updating or reinstalling the affected software. Once everything is compatible, Memory Integrity should turn on without any issues.
Exploit Protection Settings for System and Programs
Most security threats try to trick you into installing something shady, but exploits are a bit sneakier. Instead of asking for permission, they slip in through hidden flaws in your apps. All it takes is one overlooked vulnerability for an attacker to inject code, hijack a process, or quietly take control of your system.
Exploit Protection helps close those gaps before anything nasty can sneak through. Built right into Windows, it acts as a reinforced shield around your software’s weak spots. It monitors for known attack techniques and stops them automatically, even if the app itself hasn’t been patched yet. Whether it’s your browser, PDF viewer, or another everyday program, this feature helps prevent those apps from being turned against you.
You’ll find it under Windows Security—head toApp & browser controland clickExploit protection settingsat the bottom. It includes two sections:System settings, which are enabled by default, andProgramme settings, where you may create custom rules for individual apps.
To lock down a specific app, go to theProgramme settingstab and clickAdd program to customize.Select an app or its .exe file, then enable advanced defenses, such asControl Flow Guard,Data Execution Prevention, orMandatory ASLR,to block common exploit tactics.
Unless you’re troubleshooting or locking down a high-risk app, the defaults are usually enough. But if you want more control, Exploit Protection gives you the flexibility to tighten up security even further.
Fix TPM Security Issues With a Quick Reset
The TPM (Trusted Platform Module) is a tiny but essential chip built into your computer. It handles critical security tasks, such as storing encryption keys and verifying hardware integrity.
However, after a major Windows update, BIOS change, or hardware upgrade, TPM-related problems can sometimes appear. You may encounter BitLocker errors, issues signing in with Windows Hello, or warnings about the security processor.
Fortunately, most TPM issues can be fixed by resetting it through Windows Security. This process clears its stored data and reinitializes the chip, which often fixes the problem without affecting your personal files. Just be aware that you may need to reconfigure certain features like BitLocker or Windows Hello afterward.
To reset the TPM, open Windows Security, go toDevice security, and clickSecurity processor details. Then selectSecurity processor troubleshooting, pick a reason for the reset, and hitClear TPM. Your PC will restart to complete the process.
If you don’t see any TPM options, you might need toenable TPM in the BIOSfirst. Check your BIOS settings for something called TPM, fTPM, or PTT (depending on your hardware), and make sure it’s turned on before trying again.
Control What Your Family Can See and Do
TheFamily options panelin Windows Security ties directly intoMicrosoft Family Safety, giving you a central place to set boundaries and monitor how your device is used.
From here, you can manage screen time, limit apps and games, filter web content, and apply rules to every member of your Microsoft family group. It’s especially helpful for guiding your child’s usage and preventing exposure to unsafe content or unapproved downloads.
To access it, open Windows Security, scroll toFamily options, and clickView family settings. This will take you to the Microsoft Family Safety dashboard in your browser, where you can create child accounts, set restrictions, and check activity reports.
These settings stay linked to your child’s Microsoft account and carry over to any Windows device they use. If they try to access something that’s blocked, you’ll receive a notification and can choose whether to approve or deny the request.
So, these are some of the most powerful features tucked inside Windows Security. They help you protect your files, manage threats, and maintain control over your device’s security. If you haven’t explored them yet, now’s a good time to start.
