Microsoft has made security a major focus of the Windows 10 operating system and it shows with numerous features designed to protect you from malware, exploits, and cyberattacks.
Windows 10 computer is a treasure trove of hidden security features that you can manually enable to further enhance your security.
In this article, we've highlighted the best security features that you should try on Windows 10.
Potentially unwanted applications (PUA) protectionStarting with Windows 10 May 2020 Update, otherwise known as the version 2004 update, Microsoft is making it easy to detect potentially unwanted apps using Microsoft Defender (formerly known as Windows Defender).
Potentially unwanted applications (PUA) are a category of programs that can cause your machine to run slowly or display unexpected ads. PUAs are not considered virus or malware, but they might modify your web browsers, default apps, install extensions and perform other actions which can adversely affect the performance of your device.
May 2020 Update has added a new settings section to Windows Security called 'Reputation-based protection'. This allows you to manage your potentially unwanted apps and allow or block a particular PUA/PUP.
To enable PUA/PUP protection in Windows 10 2004, follow these steps:
Open
Settings.
Navigate to
Update & Security >
Windows Security >
App & browser control.
Look for a new section titled '
Reputation-based protection'.
You can click on the 'Turn on' button to enable the feature. If you want to configure PUA/PUP, you can also click on the 'Reputation-based protection settings'.
This will allow you to access the following settings:
Check apps and files.
SmartScreen for Microsoft Edge.
SmartScreen for Microsoft Store apps.
Memory IntegrityWindows 10 version 1803 or later comes with a feature called "Core isolation" that provides added protection against malware and other attacks. Core isolation feature isolates computer processes from Windows 10 and device, and it enables an extra layer of security against sophisticated attacks.
Memory integrity is a part of core isolation and it ensures that code running in the Windows kernel is securely designed and trustworthy. It uses hardware virtualization and Hyper-V to prevent attempts to inject and run malware in Windows kernel-mode processes.
Memory integrity is a powerful security feature, but it's turned off by default. In order to use core isolation's memory integrity feature, follow these steps:
Open
Settings.
Navigate to
Update & Security >
Windows Security.
Click on
Device security.
Under "
Core isolation" and "
Memory integrity", turn on the Memory integrity toggle switch.
Restart Windows to apply changes.
Enable Windows HelloWindows 10 comes with a great feature called 'Windows Hello', which allows biometric security to work on your PC with facial or fingerprint logins, but it requires special hardware or device.
You'll be able to set up Windows Hello to log into your computer with a fingerprint sensor or a special camera that can detect your face.
Once configured, you can log you into your computer without having to enter a password, thus making your experience 'passwordless'.
To use Windows Hello on Windows 10, follow these steps:
Open
Settings.
In the
Settings app, click on
Accounts.
Click on
sign-in options.
Add a four-digit PIN to Windows.
Select '
Windows Hello Face' if you want to use your face for authentication or select '
Windows Hello
fingerprint' if you want to use your fingerprint for authentication. Both options require special
hardware/device/drivers.
Network scanningBy default, Defender can scan your local files and offer real-time protection from virus, malware, ransomware, and PUAs.
Fortunately, Microsoft also allows you to scan your network files but the option needs to be enabled manually with PowerShell.
To use enable network scanning, follow these steps:
1. Open Windows Search.
2. Search for
PowerShell and click the
Run as administrator option.
3. Type the following command:
4. Press Enter to enable scan network files
By following the above steps, you can use Defender to scan network files. If you want to turn off the feature, enter the following command in PowerShell:
Set-MpPreference -DisableScanningNetworkFiles 1Controlled Folder AccessWindows 10 also comes with the "Controlled Folder Access" feature that allows you to prevent unauthorized access to certain folders. In other words, you can control who can access certain folders on Windows 10.
This feature can also prevent ransomware when it tries to access and encrypt your documents, pictures, and other files stored in those folders. To configure Controlled Folder Access, follow these steps:
1. Open
Windows Security.
2. Click on '
Virus & threat protection'
3. Click on '
Ransomware protection'
4. Locate the "
Controlled folder access" section and click the
On/Off toggle.
5. Select the "
Protected folders" option.
6. Add all the folders that you want to restrict access to.
DNS over http (DoH)Windows 10 preview build comes with initial support for DNS over http (DoH) and it enables DNS resolution over encrypted http connections.
With support for DoH support on Windows 10, Microsoft is hoping to boost privacy on the Internet by encrypting their DNS queries.
"If you havent been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if youre sure youre ready," Microsoft said in a blog spot.
In Build 20185 or newer, you can configure DoH directly in the Settings app.
To configure DoH for ethernet connections, follow these steps:
1. Open
Settings >
Network & Internet >
Status.
2. Click
Properties.
3. Select
Edit IP assignment or
Edit DNS server assignment.
4. Enable DoH in the popup.
To configure DoH for Wi-Fi connections, follow these steps:
1. Open
Settings >
Network & Internet >
Wi-Fi.
2. Click the adapter properties link.
3. Select
Edit IP assignment or
Edit DNS server assignment.
4. Enable DoH in the popup.
source