Share via


Windows Defender Real-Time Protection

Applies To: Windows Server 2008

Real-Time Protection (RTP) is a feature of Windows Defender, running in the context of the logged-on user, that monitors the registry and file system on the computer by using agents that monitor auto-start extensibility points (ASEP). By default, Windows Defender monitors the following ASEPs: applications that are configured to automatically start when the computer boots up, system configuration settings, Internet Explorer Add-ons, Internet Explorer configuration settings, installed services, installed drivers, application registration, and Windows Add-ons.

Aspects

The following is a list of all aspects that are part of this managed entity:

Name Description

Real-Time Protection Availability

In order for Windows Defender to alert you when spyware or other potentially unwanted software is installed on a real-time basis, Real-Time Protection must be enabled and functioning correctly.

Real-Time Protection Detection

Real-Time Protection helps to protect users by examining auto-start extensibility points (ASEP), where spyware or other potentially unwanted software tends to install itself. If Windows Defender Real-Time Protection detects spyware or other potentially unwanted software, Windows Defender will stop the installation and raise an alert. When Windows Defender raises an alert, a decision must be made to remove the software or allow it to continue to run on your computer. If Windows Defender incorrectly identified legitimate software, you can allow it to run on the computer.

Real-Time Protection Spyware Removal

Windows Defender uses Real-Time Protection to examine auto-start extensibility points (ASEPs). If a change to one of these ASEPs is detected, Windows Defender will alert you. By default, Windows Defender monitors the following ASEPs: applications that are configured to automatically start when the computer starts up, system configuration settings, Internet Explorer Add-ons, Internet Explorer configuration settings, installed services, installed drivers, application registration, and Windows Add-ons.

When Windows Defender raises an alert, it takes the action specified in the definition that detected the spyware or other potentially unwanted software. If Windows Defender incorrectly identified legitimate software, you can allow it to run on the computer. If Windows Defender detected spyware or other potentially unwanted software, you should remove it.

Windows Defender