This is Part Three of our series on Microsoft Security Essentials, earlier parts dealt with How to download, Install and Update MSE in Part one and How to Set-up Microsoft Security Essentials in Part two. This final part explains the real-time protection, various levels of alert and the actions recommended by Microsoft Security Essentials (MSE) when it detects a threat to your PC.
Real-time Protection in Microsoft Security Essentials helps users to address potential threats before they become a problem. Users are alerted when a known malicious threat attempts to run or install on the system.
This component continuously monitors the registry, file, network and kernel mode actions taken by unknown programs to look for suspicious behavior.
If a process exhibit characteristics consistent with malware, it is prevented from running. Likewise suspicious files and programs are stopped from opening if it indulges in malicious software like behavior.
Real-time protection has a couple of options that can be modified, but it is recommended to enable both the options.
Monitor file and program activity on your computer – Monitors files and programs when they start running on your system and alerts you if it detects any suspicious activity.
Scan all downloaded files and attachments – Monitors your computer for any malicious files or programs that you may have downloaded.
According to Microsoft “This option monitors files and programs that are designed to work with Windows Internet Explorer and Microsoft Outlook Express, such as ActiveX controls and software installation programs. These files can be downloaded, installed, or run by the browser itself. Malicious software, including viruses, spyware, and other potentially unwanted software, can be included with these files and installed without your knowledge.”
If the real-time protection is turned off for any reason, Microsoft Security Essentials will change your computer’s status to “At risk” and notifies you.
Whenever MSE real-time protection detects an actual threat or a potential threat like behavior, it displays a notification and allows you to quickly “Clean computer” or to “Show details” and then choose the action to be applied.
When a possible threat is detected on a user’s computer, Microsoft Security Essentials notifies the user by alerts categorized as Severe, High, Medium or Low level. This categorization can help guide the user while responding to detected threats. Users may click on “Show details” to view additional information about the detected threat.
- Severe – MSE identifies exceptionally malicious programs which threaten the privacy and security of your computer and can damage your system as Severe level threats.
- High – MSE categorizes those programs that collects personal information, changes settings without user’s consent or knowledge or damage your system as High level threats.
- Medium – Programs that collect personal information or changes settings but do not cause damage to your system are classified by MSE as Medium level threats.
- Low – MSE classifies those programs that collect personal information or changes settings but do not cause damage to your system and found to be operating within the licensing terms displayed when you installed the software, as Low level threats.
Actions and Recommended Actions
Actions are specific actions that the user can apply when MSE detects a threat.
For each item detected, the user can choose whether to remove, quarantine or allow the item.
- Remove – This action permanently deletes the detected item.
- Quarantine – This action moves the detected item to the quarantined area from where the user can restore or permanently delete the item.
- Allow – This action allows the detected item and will also add it to the “Allowed Items” list.
Recommended actions are those actions recommended by Microsoft Security Essentials based on their severity level.
- Severe and High – The MSE recommended action is to remove the detected programs immediately.
- Medium – Review the alert details by clicking on “Show details”, consider quarantining or removing the detected item, if you don’t trust the publisher.
- Low – Review the alert details by clicking on “Show details”, consider quarantining or removing the detected item, if you don’t trust the publisher.
Microsoft Security Essentials automatically addresses Severe and High level threats if no action is taken by the user within 10 minutes. This action will Remove or Quarantine the detected threat based on options selected by the user in Default actions settings.
If any of the infected files is found to be unknown to MSE even after querying the Dynamic Signature Service, it deems that file should be submitted for further analysis. Here the user has the option to cancel the submission.
Looking for more articles on Microsoft Security Essentials?
- Microsoft Security Essentials – What you need to know?
- How to block Microsoft SpyNet
- Microsoft Security Essentials – How to download, Install and Update
- Microsoft Security Essentials – How to Set-up