Device protection in Windows Defender Security Center

Applies to: Windows Defender for Windows 10Windows 10Security

Windows Defender Security Center provides the following built-in security options to help protect your device from attacks by malicious software.

To access the features described below, enter "windows security" in the search box on the taskbar, and then select Device security.

Core isolation

Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. Select Core isolation details to change settings for core isolation features.

Check the core isolation details

Memory integrity

Memory integrity is a feature of core isolation. By turning on the Memory integrity setting, you can help prevent malicious code from accessing high-security processes in the event of an attack.

Memory integrity details under core isolation

Security processor

Your security processor provides additional encryption for your device.

Security processor details

Security processor details link

This is where you’ll find info about the security processor manufacturer and version numbers, as well as about the security processor’s status. Select Security processor details, and then on the details page, select Security processor troubleshooting for additional info and options.

Security processor troubleshooting

The following are advanced options for troubleshooting your security processor. 

Error messages

This is where you will see any relevant error messages about your security processor. Here is a list of the error messages that might appear:

  • A firmware update is needed for your security processor (TPM).
  • TPM is disabled and requires attention.
  • TPM storage is not available. Please clear your TPM.
  • Device health attestation isn't available. Please clear your TPM.
  • Device health attestation isn't supported on this device.
  • Your TPM isn't compatible with your firmware, and may not be working properly.
  • TPM measured boot log is missing.  Try restarting your device.
  • There is a problem with your TPM.  Try restarting your device.

If you still encounter problems after addressing an error message, contact your device manufacturer for assistance.

Clear TPM

Select Clear TPM to reset your security processor to its default settings. Be sure to back up your data before clearing the TPM.

Collect logs

Select Collect logs to gather more information that might help you understand issues with your security processor. The logs will be saved to a folder on your desktop.

Secure boot

Secure boot prevents a sophisticated and dangerous type of malware—called a rootkit—from loading when you start your device. Rootkits use the same privileges as the operating system and start before it, which means they can completely hide themselves. Rootkits are often part of an entire suite of malware that can bypass local logins, record passwords and keystrokes, transfer private files, and capture cryptographic data.

Hardware security capability

At the bottom of the Device security screen, one of the following messages will appear indicating the security capability of your device:

Your device meets the requirements for standard hardware security

This means your device supports memory integrity and core isolation and also has:

  • TPM 2.0 (also referred to as your security processor)
  • Secure boot enabled
  • DEP

Your device meets the requirements for enhanced hardware security

This means that in addition to meeting all the requirements of standard hardware security, your device also has memory integrity turned on.

Your device exceeds the requirements for enhanced hardware security

This means that in addition to meeting all the requirements of enhanced hardware security, your device also has System Management Mode (SMM) protection turned on.

Standard hardware security not supported

This means that your device does not meet at least one of the requirements of standard hardware security.