本教學介紹一套完全免費、資源佔用低、操作簡單的安全防護方案,結合 ASUS 路由器內建的網路防護與 Windows 11/10 內建的 Microsoft Defender,提供雙重防護,不需安裝任何第三方防毒軟體,適用於家庭用戶、小型辦公室與遠端工作者。
為什麼需要雙重防護?
– ASUS 路由器(AiProtection,由趨勢科技提供):從網路入口層級就封鎖惡意連線與網站,避免威脅進入家中設備
– Windows Defender:偵測並攔截本地電腦內部的惡意檔案、勒索程式、USB 病毒等
兩者互補:前者守門,後者守家。
—
第一步:設定 ASUS 路由器的 AiProtection 網路防護
操作步驟:
1. 在瀏覽器輸入 http://router.asus.com 或 http://192.168.50.1
2. 使用路由器管理員帳號登入(預設帳密見機身背面)
3. 左側點選「AiProtection」> 啟用所有安全項目:
– 惡意網站封鎖
– 雙向入侵防護(IPS)
– 感染裝置阻擋與隔離
– DNS-over-TLS(若支援)
4. 建議開啟通知功能:當內網設備有可疑行為時,會收到提示
效果:可在威脅進入電腦前,即於路由器層級攔截外部攻擊與釣魚網站
—
第二步:啟用 Windows Defender 的進階保護功能
為什麼?
Windows 預設未開啟一些關鍵的資安功能,例如勒索防護、雲端防毒、可疑行為監控。透過 PowerShell 指令可快速開啟,強化本地防護。
操作方法:
1. 開始功能表搜尋 PowerShell
2. 對 PowerShell 點右鍵,選「以系統管理員身份執行」
3. 貼上並執行以下腳本:
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent 1
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -EnableBehaviorMonitoring $true
Set-MpPreference -EnableNetworkProtection Enabled
Set-MpPreference -EnableControlledFolderAccess Enabled
Add-MpPreference -ControlledFolderAccessProtectedFolders “C:\Users\$env:USERNAME\Documents”
Add-MpPreference -ControlledFolderAccessProtectedFolders “C:\Users\$env:USERNAME\Pictures”
Add-MpPreference -ControlledFolderAccessProtectedFolders “D:\重要資料”
Write-Host “✅ Defender 進階功能已啟用”
每段指令說明:
– 啟用 Microsoft 雲端主動防護(MAPS)
– 允許自動上傳可疑樣本(協助快速更新防毒資料庫)
– 確保即時防護為開啟狀態
– 啟用行為監控(偵測未知型態病毒)
– 啟用網路層級保護(防釣魚、防惡意網站)
– 開啟勒索防護:受控資料夾存取
– 加入文件、圖片、D 槽等重要資料夾為受保護範圍
效果:防止本機端的未知病毒、勒索程式或釣魚行為成功執行
—
第三步:讓 Defender 每次開機自動更新病毒碼
為什麼?
如果你沒有長時間開機,有時病毒定義不會即時更新,風險升高。這步驟會讓 Defender 在每次開機時自動取得最新病毒碼。
操作步驟:
1. 開始功能表搜尋「工作排程器」並打開
2. 點「建立基本任務」> 名稱輸入:DefenderUpdateAtStartup
3. 觸發器選「當電腦啟動時」
4. 動作選「啟動程式」
– 程式/指令碼:C:\Program Files\Windows Defender\MpCmdRun.exe
– 引數:-SignatureUpdate
5. 任務建立完成後 → 右鍵內容 → 勾選「使用最高權限執行」
效果:電腦開機後自動執行病毒定義更新,即使沒開一整天也可保持最新防護
—
驗證方式:
– 開啟 Windows 安全性中心 > 病毒與威脅防護,確認病毒碼是否為當天版本
– 在工作排程器中右鍵該任務 → 手動執行測試是否成功
—
最終成果:
– 網路層級防護(ASUS 路由器預先阻擋惡意流量)
– 終端設備防毒(Windows Defender 本地即時防禦)
– 自動更新病毒碼(保持每日防護水準)
此方案具備效率高、佔用資源低、不衝突、無廣告的優點,推薦給絕大多數使用者。
FAQ:
Q:這樣會讓電腦變慢嗎?
A:不會,兩者皆為輕量級系統內建功能。
Q:還需要另外裝卡巴斯基、Avast 嗎?
A:一般用戶不需要,已有完整防護。
Q:會和其他軟體衝突嗎?
A:不會,全為官方功能,穩定性高。
(本文版權所有,禁止任何形式的轉載與抄襲)
Overview:
This guide introduces a free and lightweight security solution that combines the strengths of ASUS router-based protection and Microsoft’s built-in Windows Defender. It provides dual-layer defense without relying on third-party antivirus software. Ideal for home users, freelancers, and remote workers.
Why Two Layers of Protection?
– ASUS router (via AiProtection by Trend Micro): Blocks threats at the network gateway level before they reach your devices.
– Windows Defender (built into Windows 10/11): Detects, blocks, and removes threats that may exist locally or enter through USBs, email attachments, etc.
Together, these tools create a strong defense: ASUS guards the door, and Defender protects what’s inside.
—
Step 1: Configure ASUS Router Security (AiProtection)
1. Open a browser and go to: http://router.asus.com or http://192.168.50.1
2. Log in with the admin username and password (usually on the back of the router).
3. Navigate to “AiProtection” > Enable all protection options:
– Malicious Site Blocking
– Two-Way Intrusion Prevention System (IPS)
– Infected Device Prevention and Blocking
– DNS-over-TLS (if available)
4. Enable Notifications: This allows alerts if any connected device behaves suspiciously (e.g., connects to a malicious IP).
Effect: Your network is protected from malware, phishing websites, and external attacks before reaching your PC or mobile devices.
—
Step 2: Enable Advanced Features in Windows Defender
Why?
By default, some advanced Defender protections are disabled. We use PowerShell to enable key features like ransomware protection, behavior monitoring, and cloud-based threat intelligence.
How to Do It:
1. Open PowerShell as Administrator:
– Click Start, search “PowerShell”
– Right-click > Run as Administrator
2. Paste and run the following script:
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent 1
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -EnableBehaviorMonitoring $true
Set-MpPreference -EnableNetworkProtection Enabled
Set-MpPreference -EnableControlledFolderAccess Enabled
Add-MpPreference -ControlledFolderAccessProtectedFolders “C:\Users\$env:USERNAME\Documents”
Add-MpPreference -ControlledFolderAccessProtectedFolders “C:\Users\$env:USERNAME\Pictures”
Add-MpPreference -ControlledFolderAccessProtectedFolders “D:\ImportantData”
Write-Host “✅ Advanced Defender features enabled.”
Explanation of Each Line:
– Enables Microsoft Active Protection Service (MAPS) for real-time cloud protection.
– Allows automatic submission of suspicious samples.
– Ensures real-time protection is ON.
– Enables behavior-based detection (critical for unknown threats).
– Enables protection against web-based and network threats.
– Turns on Controlled Folder Access: protects key folders from ransomware.
– Adds personal folders to be monitored (Documents, Pictures, custom D drive folder).
Effect: Local protections are upgraded; ransomware, phishing, and unknown threats are much less likely to succeed.
—
Step 3: Automatically Update Virus Definitions on Startup
Why?
Even with real-time protection, if virus definitions are outdated, threats may slip through. This task ensures Defender gets the latest signatures every time the PC boots.
Steps:
1. Open Task Scheduler (search in Start Menu).
2. Click “Create Basic Task” > Name it: DefenderUpdateAtStartup
3. Trigger: When the computer starts
4. Action:
– Program/script: C:\Program Files\Windows Defender\MpCmdRun.exe
– Add arguments: -SignatureUpdate
5. After creation, right-click the task > Properties > check “Run with highest privileges”
Effect: Ensures your virus definitions are always current, even if you don’t leave the PC on all day.
—
Verification:
– In Windows Security > Virus & Threat Protection, check if the definition version matches the current date.
– Manually run the scheduled task to ensure it completes without error.
—
Final Result:
You now have:
– Network layer protection (ASUS router blocks external threats)
– Endpoint protection (Windows Defender monitors everything running locally)
– Automatic signature updates (minimizing risk from new viruses)
This solution is effective, light on resources, and compatible with almost any home/office setup.
FAQ:
Q: Will this slow down my PC?
A: No. Both systems are efficient and low-overhead.
Q: Do I still need another antivirus?
A: Not unless you’re in a high-risk environment. For most users, this setup is sufficient.
Q: Will it cause software conflicts?
A: No. These are built-in features, officially supported by Microsoft and ASUS.
(This article is copyrighted, reproduction and plagiarism of any kind are prohibited)