Windows Defender Security Lab

1. Open Windows Security: Win + I → Update & Security → Windows Security
2. Alternative access: Start → type "Windows Security" → Open
3. Explore each security area: Virus & threat, Account, Firewall, App & browser, Device security
4. Note the status icons: Green (good), Yellow (attention needed), Red (action required)
5. Check "Protection history" for any recent security events

Real-time Protection Settings:

1. Navigate to Virus & threat protection → Virus & threat protection settings
2. Verify Real-time protection is ON (should be enabled by default)
3. Enable Cloud-delivered protection for latest threat intelligence
4. Enable Automatic sample submission to help Microsoft improve protection
5. Turn ON Tamper Protection to prevent malicious changes

Scan Configuration:

1. Go to Virus & threat protection → Quick scan (or Scan options)
2. Perform a Quick scan and observe the process
3. Access Scan options → Try Microsoft Defender Offline scan (schedule for next restart)
4. Set up a Custom scan for your Downloads folder only
5. Review scan results and any detected items

1. Navigate to Virus & threat protection settings → Add or remove exclusions
2. Create a test folder: C:\TempExclusion
3. Add folder exclusion for C:\TempExclusion
4. Add file type exclusion for .log files (example only)
5. Remove the exclusions you just created (security best practice)
6. Delete the test folder C:\TempExclusion

1. Access Firewall: Windows Security → Firewall & network protection
2. Check status of all three profiles: Domain, Private, Public networks
3. Click on your active network (likely Private network)
4. Note the firewall status (should show "Firewall is on")
5. Click "Allow an app through firewall" to see current exceptions

1. Open Windows Defender Firewall with Advanced Security: Start → type "wf.msc"
2. Examine the overview showing active profiles and rules count
3. Click "Inbound Rules" → Browse existing rules and their configurations
4. Create new inbound rule: Action → New Rule → Port → TCP → Specific ports: 8080
5. Configure rule: Allow connection → Apply to all profiles → Name: "Test Web Server"
6. Verify the rule appears in Inbound Rules list
7. Right-click the rule → Properties → Advanced tab → Check which profiles it applies to
8. Delete the test rule: Right-click → Delete (cleanup)

1. Navigate to Virus & threat protection → Ransomware protection
2. Turn ON Controlled folder access (may require confirmation)
3. Click "Protected folders" to view default protected locations
4. Create a test folder on Desktop: "TestProtected"
5. Add this folder to protected folders list
6. Test protection: Try to create/modify files in protected folder with Notepad
7. If blocked, add Notepad to "Allow an app through Controlled folder access"
8. Clean up: Remove test folder from protected list and delete it

1. Go to Windows Security → App & browser control
2. Check "Reputation-based protection settings"
3. Ensure "Check apps and files" is set to Warn or Block
4. Enable "SmartScreen for Microsoft Edge"
5. Enable "Potentially unwanted app blocking"
6. Test SmartScreen: Download a small utility from a lesser-known website

1. Navigate to Windows Security → Device security
2. Check "Security processor (TPM)" status
3. Review "Secure boot" status (if supported by hardware)
4. Click on "Core isolation" → Core isolation details
5. Check if "Memory integrity" is available and enabled
6. Note any compatibility issues or requirements for enabling features

1. Go to Windows Security → Virus & threat protection → Protection history
2. Review any recent security events or actions taken
3. Click on individual events to see detailed information
4. Create a test event: Try to download EICAR test virus file (harmless test file)
5. Observe how Defender blocks the test file and creates a protection history entry
6. Use filters to view specific types of events (threats, actions, etc.)

1. Open Event Viewer: Start → type "eventvwr"
2. Navigate to Applications and Services Logs → Microsoft → Windows → Windows Defender
3. Expand Windows Defender and check "Operational" log
4. Review recent Windows Defender events and their details
5. Check Windows Firewall logs: Windows Firewall With Advanced Security → Operational

1. Open PowerShell as Administrator: Right-click Start → Windows PowerShell (Admin)
2. Check Defender status: Get-MpComputerStatus
3. View specific settings: Get-MpPreference | fl
4. Update virus definitions: Update-MpSignature
5. Start a quick scan: Start-MpScan -ScanType QuickScan
6. View threat detections: Get-MpThreatDetection
7. Check firewall profiles: Get-NetFirewallProfile

1. Complete security overview check in Windows Security
2. Verify all security areas show green status (or acceptable yellow)
3. Document current security configuration settings
4. Create backup of custom firewall rules and exclusions
5. Clean up any test configurations created during the lab