Windows Defender Security Warning Scam: Remove the Fake Alert

Stephanie Adlam
Stephanie Adlam
7 Min Read
Windows Defender Security Warning scam alert with Defender-style shield and do not call warning
Windows Defender Security Warning scam alert with Defender-style shield and do-not-call warning.

Windows Defender Security Warning is a scam pop-up, not a real Microsoft Defender alert. It usually appears inside a browser tab, claims your PC is infected or locked, and pressures you to call a fake support number. Do not call the number, do not install remote-access software, and do not pay anyone who appears through that warning. Close the browser safely, remove notification spam if it returns, and scan the PC if you downloaded anything or allowed remote access.

If the fake page title specifically says Windows Defender Security Center, use the focused Windows Defender Security Center scam removal guide. This article covers the broader “Windows Defender Security Warning” pop-up that victims see after a redirect, malicious ad, hacked page, push notification, or adware infection.

What Is the Windows Defender Security Warning Scam?

The Windows Defender Security Warning scam is browser scareware. A malicious page imitates a Microsoft or Windows security alert and claims that spyware, trojans, or stolen credentials were found on the computer. The page may play alarm sounds, open full-screen mode, show a fake scan, or block the close button so the warning feels urgent.

Fake Windows Defender Security Warning browser pop-up with scam red flags highlighted
Example of a fake Windows Defender Security Warning page. The browser address, phone number, and aggressive wording are the real clues.

The goal is not to fix your PC. The goal is to make you call a scam number, install a remote-control tool, buy useless “support,” or download malware. Microsoft Defender does not ask you to call a phone number from a browser pop-up, and real Windows Security alerts open through the Windows Security app, not through a random web page.

Fake Warning vs Real Defender Alert

What you see What it usually means
A browser page says “Windows Defender Security Warning” and shows a support phone number. Scam. Close the page and do not call.
The alert claims the computer is locked until you contact support. Scareware. Use Task Manager or force quit the browser.
Windows Security opens from the Start menu and lists a threat under Protection history. Likely a real Defender event. Review the detection name and quarantine status.
The warning returns after every browser restart. Check notification permissions, extensions, startup pages, and installed apps.
You called the number or allowed remote access. Disconnect, change passwords from a clean device, and run a full malware scan.

Why You Are Seeing It

Most victims land on this fake warning after a redirect. Common sources include malicious ads, hacked websites, typo-squatted download pages, browser notification spam, shady streaming sites, and bundled adware. If you only saw it once after clicking an ad, the PC may not be infected. If it keeps returning, something in the browser or system is likely reopening the scam page.

  • Malvertising or redirects: a bad ad sends the browser to a fake Microsoft page.
  • Notification spam: a site was allowed to send notifications and now pushes fake security alerts.
  • Suspicious extensions: an add-on changes search, homepage, or new-tab behavior.
  • Adware or PUPs: a bundled app injects ads and redirects into the browser.
  • Remote-access follow-up: after a scam call, attackers may leave tools or startup items behind.

How to Close the Fake Warning Safely

Do not interact with buttons inside the warning. Treat every “Scan,” “Allow,” “Call,” “Continue,” or “Download” button as part of the scam page.

  1. Press Esc to exit full-screen mode if the page took over the screen.
  2. Try Alt + F4 on Windows or Command + Q on macOS to close the browser.
  3. If it will not close, open Task Manager with Ctrl + Shift + Esc, select the browser, and choose End task.
  4. Reopen the browser without restoring the previous session. If the browser offers to restore tabs, decline it.
  5. If the page reopens automatically, continue with notification, extension, and app cleanup below.

Remove Pop-Ups, Notifications, and Redirects

Resetting the browser is not always the first move. Start with the pieces that usually reopen the fake warning: notification permissions, extensions, startup pages, and suspicious installed apps.

Remove Malicious Notification Permissions

If fake alerts appear even when you are not on the scam page, a site may have notification permission. Remove unknown or suspicious sites from notification settings.

If a website keeps showing unwanted pop-ups, you likely granted it permission to send notifications. To stop them, you need to revoke that permission in your browser settings.

Google ChromeSafariMozilla FirefoxMicrosoft EdgeBraveOpera
Google Chrome
  1. Copy and paste this into the address bar: chrome://settings/content/notifications
  2. Scroll down to the Allowed to send notifications list.
  3. Find the suspicious site.
  4. Click the three dots (...) next to it and select Remove (or Block).
Safari
  1. Open Safari and go to Settings (or Preferences).
  2. Click the Websites tab and select Notifications on the left.
  3. Find the suspicious site in the list on the right.
  4. Select it and click Remove (or change "Allow" to "Deny").
Mozilla Firefox
  1. Copy and paste this into the address bar: about:preferences#privacy
  2. Scroll down to Permissions and click Settings... next to Notifications.
  3. Type the suspicious site in the search bar or find it in the list.
  4. Select the site and click Remove Website.
Microsoft Edge
  1. Copy and paste this into the address bar: edge://settings/content/notifications
  2. Look under the Allow section.
  3. Find the suspicious site.
  4. Click the three dots (...) next to it and select Remove (or Block).
Brave
  1. Copy and paste this into the address bar: brave://settings/content/notifications
  2. Scroll to the Allowed to send notifications list.
  3. Find the suspicious site.
  4. Click the three dots (...) and select Remove (or Block).
Opera
  1. Copy and paste this into the address bar: opera://settings/content/notifications
  2. Check the Allowed to send notifications list.
  3. Find the suspicious site.
  4. Click the three dots next to it and select Remove.

Remove Suspicious Extensions

Disable recently installed extensions, coupon tools, search helpers, PDF converters, video downloaders, and anything you do not recognize. Then restart the browser and check whether the warning returns.

Google ChromeSafariMozilla FirefoxMicrosoft EdgeBraveOpera
Google Chrome
Extension Manager
  1. Launch Chrome.
  2. Click the three dots (...) in the top right corner.
  3. Select Extensions > Manage Extensions.
  4. Click Remove next to the extension you want to delete.

Quick Access: Type chrome://extensions/ in the address bar.

Safari
Settings > Extensions
  1. Open Safari.
  2. In the menu bar, click Safari and select Settings (or Preferences).
  3. Click on the Extensions tab.
  4. Select the extension and click Uninstall.
Mozilla Firefox
Add-ons and Themes
  1. Click the menu button, select Add-ons and themes.
  2. Go to the Extensions tab.
  3. Click the three dots (...) next to the extension and select Remove.

Quick Access: Type about:addons in the address bar.

Microsoft Edge
Browser Extensions
  1. Launch Microsoft Edge.
  2. Click the three dots (...) in the top right corner.
  3. Select Extensions.
  4. Find the extension and click Remove.

Quick Access: Type edge://extensions/ in the address bar.

Brave
Shields and Extensions
  1. Launch Brave browser.
  2. Click the menu icon > Extensions.
  3. Find the extension and click Remove.

Quick Access: Type brave://extensions/ in the address bar.

Opera
Extension Management
  1. Launch Opera.
  2. Click the Opera logo in the top left corner.
  3. Select Extensions > Extensions.
  4. Click the X or Remove button next to the extension.

Quick Access: Type opera://extensions/ in the address bar.

Check Installed Apps

If the warning returns across multiple browsers, check installed programs for recently added apps you did not intentionally install. Pay attention to fake cleaners, driver updaters, search tools, and download assistants.

If you see any suspicious applications that you don't remember installing, you should remove them as well.

WindowsMacAndroid
Windows 10/11
  1. Right-click the Start button and select Installed Apps (or Apps & Features).
  2. Scroll through the list to find suspicious app or any other unfamiliar program.
  3. Click the three dots (...) next to it and select Uninstall.
Mac OS
  1. Open Finder and go to the Applications folder.
  2. Locate suspicious app or any app you don't recognize.
  3. Drag it to the Trash.
  4. Empty the trash to remove it permanently.
Android 11+
  1. Go to Settings > Apps > See all apps.
  2. Find suspicious app or any suspicious app in the list.
  3. Tap on it and select Uninstall.

Reset the Browser if Needed

If notifications and extensions were clean but the scam page still opens, reset the affected browser. This removes custom startup pages and many unwanted settings while keeping bookmarks and saved passwords in most browsers.

Google ChromeSafariBraveMozilla FirefoxMicrosoft EdgeOpera
Google Chrome
Full Browser Reset
  1. Tap on the three dots (...) in the top right corner and Choose Settings. Choose Settings
  2. Choose Reset and Clean up and Restore settings to their original defaults. Choose Reset and Clean
  3. Tap Reset settings. Fake Virus Alert removal

Quick Access: Type chrome://settings/reset in the address bar.

Safari
Clear History and Cache
  1. Open Safari.
  2. In the menu bar, click Safari > Clear History.
  3. Select all history and click Clear History.
  4. Go to Safari > Settings (or Preferences).
  5. Click the Privacy tab and select Manage Website Data... > Remove All.
  6. In the Advanced tab, check Show features for web developers.
  7. In the menu bar, select Develop > Empty Caches.
Brave
Restore Factory Settings
  1. Launch Brave browser.
  2. Click the menu icon in the top right corner and select Settings.
  3. Click Additional settings > Reset settings.
  4. Tap Restore settings to their original defaults.
  5. Confirm by clicking Reset settings.

Quick Access: Type brave://settings/reset in the address bar.

Mozilla Firefox
Refresh Browser State
  1. In the upper right corner tap the three-line icon and Choose Help. Firefox: Choose Help
  2. Choose More Troubleshooting Information. Firefox: Choose More Troubleshooting
  3. Choose Refresh Firefox... then Refresh Firefox. Firefox: Choose Refresh

Quick Access: Type about:support and click Refresh Firefox.

Microsoft Edge
System Reset
  1. Tap the three dots. Microsoft Edge: Fake Virus Alert Removal
  2. Choose Settings. Microsoft Edge: Settings
  3. Tap Reset Settings, then Click Restore settings to their default values. Disable Fake Virus Alert in Edge

Quick Access: Type edge://settings/reset in the address bar.

Opera
Reset and Clean Up
  1. Launch the Opera browser.
  2. Click the Opera menu button in the top left corner and select Settings.
  3. Scroll down to the Advanced section in the left sidebar and click Reset and clean up.
  4. Click Restore settings to their original defaults.
  5. Click Reset settings to confirm.

Quick Access: Type opera://settings/reset in the address bar.

What to Do if You Called the Number

If you spoke with the fake support operator, assume the risk is higher. Scammers often ask victims to install remote-access tools, reveal banking information, or pay for fake repairs.

  1. Disconnect from the internet if a stranger still has remote access.
  2. Uninstall remote-access tools you did not use before the call.
  3. From a clean device, change passwords for email, Microsoft, banking, PayPal, crypto, and any account opened during the call.
  4. Review bank and card activity. Contact the bank quickly if you paid or shared card details.
  5. Run a full system scan to look for adware, remote tools, and malware left behind.

If you downloaded a file from the fake warning page, uploaded personal documents, or let someone control the computer, scan the system before using it for banking or password changes.

Run a full system scan after manual cleanup.

After uninstalling the suspicious app or deleting the visible threat, use Gridinsoft Anti-Malware to check hidden files, startup entries, scheduled tasks, bundled apps, browser changes, and other persistence points that can restore malware.

Download Anti-Malware

Microsoft Edge Scareware Blocker

Microsoft now documents an Edge scareware blocker designed to detect deceptive full-screen alerts and fake malware warnings. It is a helpful layer, especially for users who often land on aggressive pop-ups, but it does not replace browser cleanup or malware scanning after a suspicious download or remote-access session.

In Edge, check Settings > Privacy, search, and services > Security, then confirm that protective features such as Microsoft Defender SmartScreen and scareware blocking are enabled when available for your device. Keep Edge and Windows updated so these protections receive current detection logic.

How to Avoid This Scam Again

  • Do not trust support phone numbers shown inside browser pop-ups.
  • Use bookmarks or typed addresses for Microsoft, banking, and security tools.
  • Block notification requests from unknown sites.
  • Keep Windows, browsers, and extensions updated.
  • Download software only from official sources.
  • Use a reputable security tool to check suspicious files and bundled installers.
  • Teach less technical family members that real support will not demand a call from a panic pop-up.

FAQ

Is Windows Defender Security Warning real?

A warning inside a browser tab that asks you to call a phone number is not a real Defender alert. Real Defender events appear in Windows Security and Protection history.

Why does the warning keep coming back?

The most common reasons are browser notification spam, a malicious extension, a startup page set by adware, or a suspicious app reopening redirects.

Should I call the phone number on the warning?

No. The number belongs to a fake support flow. Calling can lead to remote-access fraud, payment requests, or malware installation.

Can simply closing the page remove the scam?

Yes, if it was a one-time redirect from an ad. If the alert returns, clean notification permissions, extensions, startup settings, and installed apps.

Do I need to reset Windows?

Usually no. Start with browser cleanup and a malware scan. Consider Windows recovery only if remote access was allowed, malware is confirmed, or the system remains unstable after cleanup.

References

  1. Microsoft Support. “Protect yourself from tech support scams.” Microsoft, accessed June 7, 2026. https://support.microsoft.com/en-us/windows/protect-yourself-from-tech-support-scams-2ebf91bd-f94c-2a8a-e541-f5c800d18435
  2. Microsoft Support. “Prevent online scams with the scareware blocker in Microsoft Edge.” Microsoft, accessed June 7, 2026. https://support.microsoft.com/en-us/edge/prevent-online-scams-with-the-scareware-blocker-in-microsoft-edge
Is Softonic Safe and Legit? Reviews, APKs, and Download Risks
Avoid Getting Locked Out Phishing Email
Trojan:Win64/Zusy.CZ!MTB
$TRUMP Airdrop Scam Explained
NodePay Claims Scam
TAGGED:
Share This Article
ByStephanie Adlam
Follow:
Stephanie is our wordsmith, transforming technical research into engaging content that resonates with users. Her expertise in cybercrime prevention and online safety ensures that Gridinsoft's advice is accessible to everyone—whether they’re tech-savvy or not.
Previous Article Behavior:Win32/Fynloski.gen!A Backdoor Analysis & Removal Guide Behavior:Win32/Fynloski.gen!A
Next Article Poisoned DNS cache diverting a trusted route to a fake login page. DNS Cache Poisoning: Signs, Risks, and Prevention
Leave a Comment

AI Assistant

Hello! 👋 How can I help you today?