Device protection in Windows Defender Security Center

Applies to: Windows Defender for Windows 10Windows 10Security

Windows Defender Security Center provides the following built-in security options to help protect your device from attacks by malicious software.

To access the features described below, enter "windows security" in the search box on the taskbar, and then select Device security

Core isolation

Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. Select Core isolation details to enable, disable, and change the settings for core isolation features.

Check the core isolation details

Memory integrity

Memory integrity is a feature of core isolation. By turning on the Memory integrity setting, you can help prevent malicious code from accessing high-security processes in the event of an attack.

Memory integrity details under core isolation

Security processor

Your security processor provides additional encryption for your device.

Security processor details

Security processor details link

This is where you’ll find info about the security processor manufacturer and version numbers, as well as about the security processor’s status. Select Security processor details, and then on the details page, select Security processor troubleshooting for additional info and options.

Security processor troubleshooting

The following are advanced options for troubleshooting your security processor. 

Error messages

This is where you will see any relevant error messages about your security processor. Here's a list of the error messages that might appear:

  • A firmware update is needed for your security processor (TPM).
  • TPM is disabled and requires attention.
  • TPM storage is not available. Please clear your TPM.
  • Device health attestation isn't available. Please clear your TPM.
  • Device health attestation isn't supported on this device.
  • Your TPM isn't compatible with your firmware, and may not be working properly.
  • TPM measured boot log is missing. Try restarting your device.
  • There is a problem with your TPM. Try restarting your device.

If you still encounter problems after addressing an error message, contact your device manufacturer for assistance.

Clear TPM

Select Clear TPM to reset your security processor to its default settings. Make sure to back up your data before you clear the TPM.

Collect logs

Select Collect logs to gather more information that might help you understand issues with your security processor. The logs will be saved to a folder on your desktop.

Secure boot

Secure boot prevents a sophisticated and dangerous type of malware—a rootkit—from loading when you start your device. Rootkits use the same permissions as the operating system and start before it, which means they can completely hide themselves. Rootkits are often part of an entire suite of malware that can bypass local logins, record passwords and keystrokes, transfer private files, and capture cryptographic data.

You may have to disable secure boot to run some PC graphics cards, hardware, or operating systems such as Linux or earlier versions of Windows. For more info, see How to disable and re-enable secure boot.

Hardware security capability

At the bottom of the Device security screen, one of the following messages appears, indicating the security capability of your device.

Your device meets the requirements for standard hardware security

This means your device supports memory integrity and core isolation and also has:

  • TPM 2.0 (also referred to as your security processor)
  • Secure boot enabled
  • DEP

Your device meets the requirements for enhanced hardware security

This means that in addition to meeting all the requirements of standard hardware security, your device also has memory integrity turned on.

Your device exceeds the requirements for enhanced hardware security

This means that in addition to meeting all the requirements of enhanced hardware security, your device also has System Management Mode (SMM) protection turned on.

Standard hardware security not supported

This means that your device does not meet at least one of the requirements of standard hardware security.


More information

More info about Windows Defender Security Center

Troubleshooting resources

  • If Windows Defender is displayed in the wrong language, follow the guidance in Windows Language Packs to get it to display in the language of your choice. Generally, Windows Defender uses the language that Windows 10 is set to at Start  > Settings  > Time & Language
  • If Windows Defender blocks printer installation, you can temporarily disable Windows Defender Firewall while you install the printer on your PCTo do this, see Turn Windows Defender Firewall on or off. After you've installed the printer, make sure you turn the firewall back on.

    If you have a wireless printer on a network that you can't access after you've enabled Windows Defender, you may need to configure your Windows Defender Firewall settings to allow access. For help with this process, contact your printer manufacturer.
  • If you're prompted repeatedly by Windows Defender pop-ups, see How to stop Windows Defender pop-ups in Windows 10 from Microsoft TechNet (in English only). 

    If a particular pop-up window is causing you problems, see How to close a pop-up window if Microsoft Edge isn't responding.

    Finally, this issue might be caused by ad malware, which a good ad-blocker can prevent. In Microsoft Store, try searching on "adblock," choose an ad-blocker, install it, and see if this fixes the issue.
  • If you experience a kernel security check failure when you run a Windows Defender feature, this may be a corrupted or outdated driver issue. To investigate and fix this situation, see Update drivers in Windows 10.