Security and Maintenance

Security and Maintenance
	Security and Maintenance in Windows 11
Other names	Action Center (Windows 7 to Windows 8.1) ; Windows Health Center (Windows 7 RC build) ; Windows Solution Center (Windows 7 Beta build) ; Windows Security Center (Windows Vista & Windows XP SP2)
Developer(s)	Microsoft
Included with	Windows XP (Service Pack 2) and later; Windows Server 2008 and later
Predecessor	Windows Security Center
Service name	wscsvc
Type	System monitor

Last updated January 29, 2024

Security and Maintenance (formerly known as Action Center, and Security Center in earlier versions) is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.

Operation

Security and Maintenance consists of three major components: A control panel applet, a Windows service and an application programming interface (API) provided by Windows Management Instrumentation (WMI).

The control panel applet divides the monitored criteria into categories and color-codes them. Yellow indicates a non-critical warning, e.g. some settings are not being monitored or are not optimal. Red indicates a critical message, e.g. anti-virus program is offline.

A service, named "Security Center", determines the current state of the settings. The service, by default, starts when the computer starts; it continually monitors the system for changes, and notifies the user if it detects a problem. In versions of Windows prior to Windows 10, it adds a notification icon into the Windows Taskbar.

A WMI provider makes the settings available to the system. Third-party anti-virus, anti-spyware and personal firewall software vendors primarily register with Security and Maintenance through the WMI provider. Windows Vista added a new set of APIs that let programs retrieve the aggregate health status within Security and Maintenance, and to receive notifications when the health status changes. These APIs allow programs to confirm that the system is in a healthy state before engaging in certain actions. For example, a computer game can ensure that a firewall is running before connecting to an online game.

Security and Maintenance is in charge of the following:

Querying the status of the personal firewall and turning it on
Querying the status of the anti-malware program, turning it on and instructing it to update itself
Querying the status of the Internet security settings and asking the user to change them if they are not optimal
Querying the status of the User Account Control settings and asking the user to change it if it is not optimal
Scheduling and executing automatic maintenance tasks, which includes a quick scan for malware, disk defragmentation, power efficiency diagnostics^[1]
Querying the status of Backup and Restore and prompting the user to schedule a backup if one is not in place (Windows 7 only)
Querying the status of File History; however, the user is not alerted about it (Windows 8 and later only)
Querying the status of HomeGroup; no alerts are issued about it
Managing problems logged by Windows Error Reporting: The user can see their details, send them to Microsoft if they are not automatically sent, query a solution for them (although most of the times, there is none) or selectively delete them.

Version history

Windows XP SP2

Microsoft learned from discussions with customers that there was confusion as to whether users were taking appropriate steps to protect their systems, or if the steps they were taking were effective.^[2] From this research, Microsoft made the decision to include a visible control panel with Windows XP Service Pack 2 that would provide a consolidated view of the most important security features. Service Pack 2, released in August 2004, includes the first version of Windows Security Center (WSC). This version monitors Windows Update, Windows Firewall, and the availability of an anti-virus program. Third-party providers of personal firewall and anti-virus software packages were encouraged to use WSC API to register their products with WSC.

On August 25, 2004, PC Magazine published an article in their Security Watch newsletter titled "Windows XP SP2 Security Center Spoofing Threat" which outlined a design vulnerability which could allow malware to manipulate Security Center into displaying a false security status regardless of the true security status. To do so, the malware requires administrative privileges. Microsoft countered their claim by asserting that if a piece of malware gains administrative privileges, it need not spoof anything, as it can commit much nastier malicious actions.^[3]

Windows Vista

WSC in Windows Vista monitors new criteria, such as anti-spyware software, User Account Control, and Internet Explorer security settings. It can also display logos of third-party products that have been registered with the Security Center.

Unlike Windows XP, in the beta versions of Windows Vista, WSC could not be disabled or overridden. Security software maker Symantec spoke out against this, noting that it would cause a great deal of consumer confusion because any security problems would be reported by both WSC and Symantec's tools at the same time.^[4] McAfee, another large security software vendor, lodged similar complaints.^[5] In the end, Microsoft allowed WSC to be disabled.^[6]

Windows 7

In Windows 7, Windows Security Center has been renamed Action Center. It was designed to centralize and reduce the number of notifications about the system; as such, it encompasses both security and maintenance of the computer.^[7] Its notification icon on Windows Taskbar only appears when there is a message for perusal and replaces five separate notification icons found in Windows Vista.^[8] A "Troubleshooting" link was also added, providing a shortcut to Windows 7's new Troubleshooting control panel.

Windows 8

In Windows 8, Action Center monitors 10 new items: Microsoft account, Windows activation, SmartScreen, automatic maintenance, drive status, device software, startup apps, HomeGroup, File History, and Storage Spaces.^[9]

Windows 10

In Windows 10, the name "Action Center" is now used for application notifications and quick actions.^[10] The Action Center from Windows 8.1 was renamed to Security and Maintenance, causing confusion for users and IT administrators.^[11] It no longer displays an icon in the notification area, but otherwise retains all the features of the Windows 8.1 Action Center. The "Troubleshooting" link was removed in Windows 10 Fall Creators Update.

Starting with Windows 10 Creators Update, Microsoft has introduced a new component called Windows Defender Security Center (WDSC) that provides much of the same functionality. This new component is a Universal Windows Platform app and is also the default front-end for Windows Defender.^[12]^[13] It relies on its own service, called "Windows Defender Security Center Service".

In comparison to Security and Maintenance, the WDSC:

monitors antivirus and firewall software, device drivers, device security, storage capacity, account protection, parental control, SmartScreen and Windows Update^[14]
has its own distinct icon in the notification area (a black-and-white shield divided by a cross in four sectors)
can fully control Windows Defender^[12]
recognizes and supports third-party antivirus and firewall (version 1709 and later):^[14] upon detecting such software, it will automatically disable itself

In Windows 10 version 1809, the Windows Defender Security Center was renamed to Windows Security Center.^[15]

Related Research Articles

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Windows Management Instrumentation (WMI) consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF).

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

<span class="mw-page-title-main">Microsoft Defender Antivirus</span> Anti-malware software

Microsoft Defender Antivirus is an antivirus software component of Microsoft Windows. It was first released as a downloadable free anti-spyware program for Windows XP and was shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials in Windows 8 or later versions.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

AutoRun and the companion feature AutoPlay are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted.

Windows Live OneCare was a computer security and performance enhancement service developed by Microsoft for Windows. A core technology of OneCare was the multi-platform RAV, which Microsoft purchased from GeCAD Software Srl in 2003, but subsequently discontinued. The software was available as an annual paid subscription, which could be used on up to three computers.

Windows Genuine Advantage (WGA) is an anti-infringement system created by Microsoft that enforces online validation of the licensing of several Microsoft Windows operating systems when accessing several services, such as Windows Update, and downloading Windows components from the Microsoft Download Center. WGA consists of two components: an installable component called WGA Notifications that hooks into Winlogon and validates the Windows license upon each logon and an ActiveX control that checks the validity of the Windows license when downloading certain updates from the Microsoft Download Center or Windows Update. WGA Notifications covers Windows XP and later, with the exception of Windows Server 2003 and Windows XP Professional x64 Edition. The ActiveX control checks Windows 2000 Professional licenses as well.

Windows Firewall is a firewall component of Microsoft Windows. It was first included in Windows XP SP2 and Windows Server 2003 SP1. Before the release of Windows XP Service Pack 2, it was known as the "Internet Connection Firewall."

As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

Kaspersky Internet Security was an internet security suite developed by Kaspersky Lab compatible with Microsoft Windows and Mac OS X. Kaspersky Internet Security offers protection from malware, as well as email spam, phishing and hacking attempts, and data leaks. Kaspersky Lab Diagnostics results are distributed to relevant developers through the MIT License.

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

Microsoft Security Essentials (MSE) is an antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free of charge. It replaces Windows Live OneCare, a discontinued commercial subscription-based AV service, and the free Windows Defender, which only protected users from spyware until Windows 8.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

AV-TEST is an independent organization which evaluates and rates antivirus and security suite software for Microsoft Windows, MacOS and Android operating systems, according to a variety of criteria. The organisation is based in Magdeburg, Germany.

Norton 360 was an "all-in-one" security suite for the consumer market developed by Symantec. Originally released in 2006, it was discontinued in 2014; its features were carried over to its successor, Norton Security. However, in 2019, Symantec released a "NEW Norton 360", as a product replacement for Norton Security.

References

↑ Stanek, William (February 15, 2014). Windows Server 2012 R2 Inside Out Volume 1: Configuration, Storage, & Essentials. Inside Out. Vol. 1. Microsoft Press (published 2014). ISBN 9780735685611. In Task Scheduler, the following tasks are triggered by automated maintenance: [...] Microsoft\Windows\Power Efficiency Diagnostics. Analyzes power usage
↑ "Microsoft Windows Security Center: The Voice of Security for Windows Vista". Microsoft. October 6, 2006. Archived from the original on November 4, 2015. Retrieved November 16, 2009.
↑ Munro, Jay (August 25, 2004). "Windows XP SP2 Security Center Spoofing Threat". PC Magazine . Ziff Davis.
↑ Jeremy Reimer (September 27, 2006). "Symantec says Vista will "reduce consumer choice"". Ars Technica. Retrieved October 14, 2006.
↑ Hines, Matt (October 3, 2006). "McAfee Chides Microsoft Over Vista Security Policies". eWeek. Archived from the original on December 7, 2023.
↑ Seltzer, Larry (October 16, 2006). "Microsoft Caves on Vista Security". eWeek. Archived from the original on January 2, 2013. Retrieved August 13, 2008.
↑ Gilmour, Sean (November 11, 2008). Sinofsky, Steven (ed.). "Action Center". Engineering Windows 7. Microsoft. Archived from the original on October 29, 2014. Retrieved October 29, 2014.
↑ Rubenking, Neil J. (November 20, 2008). "Security in Windows 7: Getting Started". PC Magazine . Ziff Davis. Archived from the original on December 28, 2019.
↑ Shultz, Greg (August 2, 2012). "Keep tabs on performance in Windows 8 with Action Center". TechRepublic . CBS Interactive. Archived from the original on October 29, 2014. Retrieved October 29, 2014.
↑ "Find action center in Windows 10". Microsoft Support. Archived from the original on January 29, 2023.
↑ Chen, Raymond (May 16, 2017). "There's a group policy for Action Center, and another one for Action Center". The Old New Thing. Microsoft. Archived from the original on January 13, 2019.
1 2 Lich, Brian (May 18, 2017). "Windows Defender Antivirus in the Windows Defender Security Center app". Microsoft Learn.
↑ Popa, Bogdan (August 24, 2017). "Quick Tip: Use the Old Windows Defender in Windows 10 Creators Update". Softpedia . SoftNews.
1 2 Lich, Brian (October 17, 2017). "The Windows Defender Security Center app". Microsoft Learn. In Windows 10, version 1709, we increased the scope of the app to also show information from third-party antivirus and firewall apps.
↑ "What's new in Windows 10, version 1809 for IT Pros". docs.microsoft.com . September 2018. Archived from the original on November 11, 2020. Retrieved December 19, 2020.

External links

MSDN: Windows Security Center API

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Stanek, William (February 15, 2014). Windows Server 2012 R2 Inside Out Volume 1: Configuration, Storage, & Essentials. Inside Out. Vol. 1. Microsoft Press (published 2014). ISBN 9780735685611. In Task Scheduler, the following tasks are triggered by automated maintenance: [...] Microsoft\Windows\Power Efficiency Diagnostics. Analyzes power usage

[vistawp-2] "Microsoft Windows Security Center: The Voice of Security for Windows Vista". Microsoft. October 6, 2006. Archived from the original on November 4, 2015. Retrieved November 16, 2009.

[3] Munro, Jay (August 25, 2004). "Windows XP SP2 Security Center Spoofing Threat". PC Magazine . Ziff Davis.

[4] Jeremy Reimer (September 27, 2006). "Symantec says Vista will "reduce consumer choice"". Ars Technica. Retrieved October 14, 2006.

[5] Hines, Matt (October 3, 2006). "McAfee Chides Microsoft Over Vista Security Policies". eWeek. Archived from the original on December 7, 2023.

[6] Seltzer, Larry (October 16, 2006). "Microsoft Caves on Vista Security". eWeek. Archived from the original on January 2, 2013. Retrieved August 13, 2008.

[7] Gilmour, Sean (November 11, 2008). Sinofsky, Steven (ed.). "Action Center". Engineering Windows 7. Microsoft. Archived from the original on October 29, 2014. Retrieved October 29, 2014.

[8] Rubenking, Neil J. (November 20, 2008). "Security in Windows 7: Getting Started". PC Magazine . Ziff Davis. Archived from the original on December 28, 2019.

[9] Shultz, Greg (August 2, 2012). "Keep tabs on performance in Windows 8 with Action Center". TechRepublic . CBS Interactive. Archived from the original on October 29, 2014. Retrieved October 29, 2014.

[10] "Find action center in Windows 10". Microsoft Support. Archived from the original on January 29, 2023.

[11] Chen, Raymond (May 16, 2017). "There's a group policy for Action Center, and another one for Action Center". The Old New Thing. Microsoft. Archived from the original on January 13, 2019.

[Da_da_da_defender_is_coming!-12] 1 2 Lich, Brian (May 18, 2017). "Windows Defender Antivirus in the Windows Defender Security Center app". Microsoft Learn.

[13] Popa, Bogdan (August 24, 2017). "Quick Tip: Use the Old Windows Defender in Windows 10 Creators Update". Softpedia . SoftNews.

[WDSC_app-14] 1 2 Lich, Brian (October 17, 2017). "The Windows Defender Security Center app". Microsoft Learn. In Windows 10, version 1709, we increased the scope of the app to also show information from third-party antivirus and firewall apps.

[15] "What's new in Windows 10, version 1809 for IT Pros". docs.microsoft.com . September 2018. Archived from the original on November 11, 2020. Retrieved December 19, 2020.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]