Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Microsoft Security Essentials – Real-time protection, Alert levels and Actions

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

This is Part Three of our series on Microsoft Security Essentials, earlier parts dealt with How to download, Install and Update MSE in Part one and How to Set-up Microsoft Security Essentials in Part two. This final part explains the real-time protection, various levels of alert and the actions recommended by Microsoft Security Essentials (MSE) when it detects a threat to your PC.

Real-time Protection

Real-time Protection in Microsoft Security Essentials helps users to address potential threats before they become a problem. Users are alerted when a known malicious threat attempts to run or install on the system.

This component continuously monitors the registry, file, network and kernel mode actions taken by unknown programs to look for suspicious behavior.

If a process exhibit characteristics consistent with malware, it is prevented from running. Likewise suspicious files and programs are stopped from opening if it indulges in malicious software like behavior.

Real-time protection has a couple of options that can be modified, but it is recommended to enable both the options.

mse alerts actions 013 590x244 Microsoft Security Essentials   Real time protection, Alert levels and Actions

Image of MSE real-time protection settings

Monitor file and program activity on your computer – Monitors files and programs when they start running on your system and alerts you if it detects any suspicious activity.

Scan all downloaded files and attachments – Monitors your computer for any malicious files or programs that you may have downloaded.

According to Microsoft “This option monitors files and programs that are designed to work with Windows Internet Explorer and Microsoft Outlook Express, such as ActiveX controls and software installation programs. These files can be downloaded, installed, or run by the browser itself. Malicious software, including viruses, spyware, and other potentially unwanted software, can be included with these files and installed without your knowledge.”

mse alerts actions 001 590x380 Microsoft Security Essentials   Real time protection, Alert levels and Actions

Image of MSE with real-time protection turned off

If the real-time protection is turned off for any reason, Microsoft Security Essentials will change your computer’s status to “At risk” and notifies you.

Whenever MSE real-time protection detects an actual threat or a potential threat like behavior, it displays a notification and allows you to quickly “Clean computer” or to “Show details” and then choose the action to be applied.

Alert Levels

When a possible threat is detected on a user’s computer, Microsoft Security Essentials notifies the user by alerts categorized as Severe, High, Medium or Low level. This categorization can help guide the user while responding to detected threats. Users may click on “Show details” to view additional information about the detected threat.

mse alerts actions 003 Microsoft Security Essentials   Real time protection, Alert levels and Actions

Image of MSE detecting a threat

  • Severe – MSE identifies exceptionally malicious programs which threaten the privacy and security of your computer and can damage your system as Severe level threats.
  • High – MSE categorizes those programs that collects personal information, changes settings without user’s consent or knowledge or damage your system as High level threats.
  • Medium – Programs that collect personal information or changes settings but do not cause damage to your system are classified by MSE as Medium level threats.
  • Low – MSE classifies those programs that collect personal information or changes settings but do not cause damage to your system and found to be operating within the licensing terms displayed when you installed the software, as Low level threats.

Actions and Recommended Actions

Actions are specific actions that the user can apply when MSE detects a threat.

mse alerts actions 005 Microsoft Security Essentials   Real time protection, Alert levels and Actions

Image of MSE detecting a threat and actions available

For each item detected, the user can choose whether to remove, quarantine or allow the item.

  • Remove – This action permanently deletes the detected item.
  • Quarantine – This action moves the detected item to the quarantined area from where the user can restore or permanently delete the item.
  • Allow – This action allows the detected item and will also add it to the “Allowed Items” list.

Recommended actions are those actions recommended by Microsoft Security Essentials based on their severity level.

  • Severe and High – The MSE recommended action is to remove the detected programs immediately.
  • Medium – Review the alert details by clicking on “Show details”, consider quarantining or removing the detected item, if you don’t trust the publisher.
  • Low – Review the alert details by clicking on “Show details”, consider quarantining or removing the detected item, if you don’t trust the publisher.

Microsoft Security Essentials automatically addresses Severe and High level threats if no action is taken by the user within 10 minutes. This action will Remove or Quarantine the detected threat based on options selected by the user in Default actions settings.

If any of the infected files is found to be unknown to MSE even after querying the Dynamic Signature Service, it deems that file should be submitted for further analysis. Here the user has the option to cancel the submission.

Looking for more articles on Microsoft Security Essentials?

You may also like to read



{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: