Windows Updates:

Introduction: Windows Update is a service provided by Microsoft to deliver security updates, feature
enhancements, and patches for the Windows operating system and other Microsoft products like
Microsoft Defender. These updates are crucial for maintaining the security, stability, and performance of
Windows devices.

Patch Tuesday: Updates are typically released on the 2nd Tuesday of each month, known as Patch
Tuesday. However, critical updates can be released at any time if deemed urgent by Microsoft.

Accessing Windows Update: You can access Windows Update through the Settings menu. Another
method is using the Run dialog box or Command Prompt by executing the command control /name
Microsoft.WindowsUpdate.

Key Points:

1. Managed Settings: In some cases, Windows Update settings may be managed, especially in
enterprise environments. Home users usually have direct control over their update settings.

2. No Available Updates: The absence of available updates in the attached virtual machine could
be due to the lack of internet access to communicate with Microsoft for new updates.

3. Forced Updates: With Windows 10, Microsoft has enforced updates more rigorously to ensure
that users receive critical updates promptly. Postponing updates is possible, but eventually, the
system will install them to maintain security.

4. Restart Required: Some updates may require a system restart. Windows 10 provides options to
schedule the restart, ensuring that users have control over when the update is applied.

User Interaction: While users may have been accustomed to delaying updates in the past, Windows 10
emphasizes the importance of timely updates for security reasons. Users can still postpone updates but
cannot ignore them indefinitely.

Restart Options: When a restart is required after an update, users are presented with options to
schedule the restart at a convenient time. This ensures that updates do not disrupt users during crucial
work hours.

Windows Security Overview:

According to Microsoft, "Windows Security is your home to manage the tools that protect your device
and your data." This suite of tools is accessible through the Settings menu and serves as a central hub for
managing various aspects of device security.

Protection Areas: Windows Security is organized into distinct protection areas, each focusing on specific
aspects of security:

1. Virus & threat protection

2. Firewall & network protection

3. App & browser control

1
 4. Device security

Status Icons: The status icons serve as visual indicators of your device's security status:

• Green: Your device is adequately protected, and no recommended actions are needed.

• Yellow: A safety recommendation is available for review.

• Red: A warning indicates that immediate attention is required.

Accessing Windows Security: Windows Security can be accessed directly through the Settings menu.
Once opened, users can navigate through the different protection areas and take necessary actions
based on recommendations.

Note: The appearance may vary slightly between Windows Server and Windows 10 editions.

Next Steps: The subsequent tasks will provide insights into each protection area, starting with "Virus &
threat protection." Each area addresses specific security aspects, allowing users to manage and optimize
their device's security posture.

Virus & Threat Protection:

The "Virus & threat protection" section is divided into two main parts: "Current threats" and "Virus &
threat protection settings."

1. Current Threats:

• Scan Options:

• Quick Scan: Checks common threat locations on your system.

• Full Scan: Examines all files and running programs on your hard disk, potentially taking
over an hour.

• Custom Scan: Allows you to choose specific files and locations for scanning.

• Threat History:

• Last Scan: Displays information about the most recent automatic scan conducted by
Windows Defender Antivirus.

• Quarantined Threats: Lists threats that have been isolated and prevented from running.

• Allowed Threats: Shows items identified as threats but permitted to run. Caution is
advised when allowing items labeled as threats to run.

Warning: Exercise caution when allowing identified threats to run, and only do so if you are certain of the
safety of the item.

2. Virus & Threat Protection Settings:

• Manage Settings:

• Real-time Protection: Locates and halts malware installations or executions in real-time.

2
 • Cloud-Delivered Protection: Enhances protection by accessing the latest threat data in
the cloud.

• Automatic Sample Submission: Sends sample files to Microsoft to contribute to threat

intelligence.

• Controlled Folder Access: Safeguards files, folders, and memory areas from
unauthorized changes by potentially harmful applications.

• Exclusions: Allows excluding specific items from Windows Defender Antivirus scans.

• Notifications: Receives critical notifications regarding device health and security.

• Virus & Threat Protection Updates:

• Check for Updates: Manually checks for updates to ensure Windows Defender Antivirus
definitions are up to date.

• Ransomware Protection:

• Controlled Folder Access: Required for ransomware protection; needs real-time

protection to be enabled.

Note: Real-time protection in the attached VM is turned off for performance reasons, considering the
VM's isolated environment. In personal devices, ensure real-time protection is enabled and up-to-date.

Tip: You can perform on-demand scans on any file or folder by right-clicking the item and selecting 'Scan
with Microsoft Defender.'

Microsoft Defender SmartScreen Settings:

In this section, you can configure settings related to Microsoft Defender SmartScreen, which provides
protection against phishing, malware websites, and potentially malicious file downloads. Below are the
key settings:

1. Check Apps and Files:

• Windows Defender SmartScreen checks for unrecognized apps and files from the web, helping
protect your device against potential threats.

2. Exploit Protection:

• Exploit protection is integrated into Windows 10 (including Windows Server 2019) to enhance
device security against various attacks.

Volume Shadow Copy Service (VSS): Overview

Definition: The Volume Shadow Copy Service (VSS) is a Windows service that facilitates the creation of
consistent shadow copies, also known as snapshots or point-in-time copies, of data intended for backup
purposes. It coordinates the necessary actions to ensure the integrity of the data during the snapshot
creation process.

3
Key Functions:

1. Snapshot Coordination:

• VSS orchestrates the actions required to generate a snapshot of data, ensuring that the
data remains consistent and coherent during the backup process.

2. Storage of Shadow Copies:

• Volume Shadow Copies are stored in the System Volume Information folder on each drive
where protection is enabled. This feature is part of the System Protection mechanism.

3. System Protection Tasks:

• When VSS is enabled, users can perform various tasks related to system protection and
restore points, including creating restore points, performing system restores, configuring
restore settings, and deleting restore points.

4. Security Considerations:

• Malware writers are aware of the existence of Volume Shadow Copies and may include
code in their malicious software to identify and delete these files. This malicious activity
aims to prevent users from recovering their systems, especially in the context of
ransomware attacks.

Security Perspective:

• From a security perspective, the potential vulnerability lies in the fact that malware may
intentionally target and delete Volume Shadow Copies to hinder recovery efforts. Having offline
or off-site backups becomes crucial in such scenarios.

Configuration in VM:

• If you wish to configure Shadow Copies within the attached VM, specific steps and settings would
be provided based on the context of the VM.