mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 10:53:43 +00:00
add tip to go to testground
This commit is contained in:
Iaan D'Souza-Wiltshire
@ -43,6 +43,11 @@ You can also [specify how long the file should be prevented from running](config
|
||||
> [!IMPORTANT]
|
||||
> There is no specific individual setting in System Center Configuration Manager to enable or disable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly. You must use Group Policy settings to enable or disable the feature.
|
||||
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the features are working and see how Cloud-delivered protection and the Block at first sight features work.
|
||||
|
||||
|
||||
## How it works
|
||||
|
||||
When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
|
||||
|
||||
@ -32,6 +32,12 @@ This topic lists the connections that must be allowed, such as by using firewall
|
||||
|
||||
See the Enterprise Mobility and Security blog post [Important changes to Microsoft Active Protection Services endpoint](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/important-changes-to-microsoft-active-protection-service-maps-endpoint/) for some details about network connectivity.
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the following features are working:
|
||||
>- Cloud-delivered protection
|
||||
>- Fast learning (including Black at first sight)
|
||||
>- Potentially unwanted application blocking
|
||||
|
||||
## Allow connections to the Windows Defender Antivirus cloud
|
||||
|
||||
The Windows Defender Antivirus cloud provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommend as it provides very important protection against malware on your endpoints and across your network.
|
||||
|
||||
@ -41,6 +41,9 @@ Typical PUA behavior includes:
|
||||
|
||||
These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
## How it works
|
||||
|
||||
PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:
|
||||
|
||||
@ -28,6 +28,13 @@ ms.date: 08/25/2017
|
||||
|
||||
If you're an enterprise security administrator, and you want to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications, then you can use this guide to help you evaluate Microsoft protection.
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the following features are working and see how they work:
|
||||
>- Cloud-delivered protection
|
||||
>- Fast learning (including Black at first sight)
|
||||
>- Potentially unwanted application blocking
|
||||
|
||||
|
||||
It explains the important features available for both small and large enterprises in Windows Defender, and how they will increase malware detection and protection across your network.
|
||||
|
||||
You can choose to configure and evaluate each setting independently, or all at once. We have grouped similar settings based upon typical evaluation scenarios, and include instructions for using PowerShell to enable the settings.
|
||||
|
||||
@ -34,6 +34,11 @@ The tables list:
|
||||
- [Windows Defender AV client error codes](#error-codes)
|
||||
- [Internal Windows Defender AV client error codes (used by Microsoft during development and testing)](#internal-error-codes)
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the features are working, including:
|
||||
>- Cloud-delivered protection
|
||||
>- Fast learning (including Black at first sight)
|
||||
>- Potentially unwanted application blocking
|
||||
|
||||
<a id="windows-defender-av-ids"></a>
|
||||
## Windows Defender AV event IDs
|
||||
|
||||
@ -40,6 +40,10 @@ src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc
|
||||
|
||||
Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the features are working and see how Cloud-delivered protection and the Block at first sight feature works.
|
||||
|
||||
|
||||
The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager.
|
||||
|
||||
|
||||
|
||||
@ -42,6 +42,13 @@ Some of the highlights of Windows Defender AV include:
|
||||
- [Always-on scanning](configure-real-time-protection-windows-defender-antivirus.md), using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
|
||||
- [Dedicated protection updates](manage-updates-baselines-windows-defender-antivirus.md) based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research
|
||||
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the features are working and see how they work, including:
|
||||
>- Cloud-delivered protection
|
||||
>- Fast learning (including Black at first sight)
|
||||
>- Potentially unwanted application blocking
|
||||
|
||||
## What's new in Windows 10, version 1703
|
||||
|
||||
New features for Windows Defender AV in Windows 10, version 1703 include:
|
||||
|
||||
@ -46,6 +46,9 @@ Attack surface reduction helps prevent actions and apps that are typically used
|
||||
|
||||
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
Attack surface reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
The feature is comprised of a number of rules, each of which target specific behaviors that are typically used by malware and malicious apps to infect machines, such as:
|
||||
|
||||
@ -58,7 +58,7 @@ You can also use the a custom PowerShell script that enables the features in aud
|
||||
|
||||
2. Right-click **Windows PowerShell**, click **Run as administrator** and click **Yes** or enter admin credentials at the prompt.
|
||||
|
||||
3. Enter the following in the PowerShell window to enable Controlled folder access and Attack surface reduction in audie mode:
|
||||
3. Enter the following in the PowerShell window to enable Controlled folder access and Attack surface reduction in audit mode:
|
||||
```PowerShell
|
||||
Set-ExecutionPolicy Bypass -Force
|
||||
<location>\Enable-ExploitGuardAuditMode.ps1
|
||||
|
||||
@ -42,6 +42,9 @@ Controlled folder access helps you protect valuable data from malicious apps and
|
||||
|
||||
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.
|
||||
|
||||
@ -39,12 +39,15 @@ ms.date: 08/25/2017
|
||||
|
||||
Attack surface reduction is a feature that is part of Windows Defender Exploit Guard [that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines](attack-surface-reduction-exploit-guard.md).
|
||||
|
||||
This topic helps you evaluate Attack surface reduction. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organisation.
|
||||
This topic helps you evaluate Attack surface reduction. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization.
|
||||
|
||||
>[!NOTE]
|
||||
>This topic uses a customized testing tool and PowerShell cmdlets to make it easy to enable the feature and test it.
|
||||
>For instructions on how to use Group Policy, Mobile Device Management (MDM), and System Center Configuration Manager to deploy these settings across your network, see the main [Attack surface reduction topic](attack-surface-reduction-exploit-guard.md).
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
|
||||
## Use the demo tool to see how Attack surface reduction works
|
||||
|
||||
|
||||
@ -38,12 +38,14 @@ Controlled folder access is a feature that is part of Windows Defender Exploit G
|
||||
|
||||
It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
|
||||
|
||||
This topic helps you evaluate Controlled folder access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organisation.
|
||||
This topic helps you evaluate Controlled folder access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization.
|
||||
|
||||
>[!NOTE]
|
||||
>This topic uses PowerShell cmdlets to make it easy to enable the feature and test it.
|
||||
>For instructions on how to use Group Policy, Mobile Device Management (MDM), and System Center Configuration Manager to deploy these settings across your network, see the main [Controlled folder access topic](controlled-folders-exploit-guard.md).
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
## Use the demo tool to see how Controlled folder access works
|
||||
|
||||
|
||||
@ -46,6 +46,8 @@ This topcs helps you evaluate Exploit protection. See the [Exploit protection to
|
||||
>This topic uses PowerShell cmdlets to make it easy to enable the feature and test it.
|
||||
>For instructions on how to use Group Policy and Mobile Device Management (MDM to deploy these settings across your network, see the main [Exploit protection topic](exploit-protection-exploit-guard.md) .
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
## Enable and validate an Exploit protection mitigation
|
||||
|
||||
|
||||
@ -45,6 +45,9 @@ This topic helps you evaluate Network protection by enabling the feature and gui
|
||||
>[!NOTE]
|
||||
>The site will replicate the behavior that would happen if a user visted a malicious site or domain. The sites in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious.
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
## Enable Network protection
|
||||
|
||||
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
|
||||
|
||||
@ -33,7 +33,11 @@ Windows Defender Exploit Guard is a new collection of tools and features that he
|
||||
|
||||
Windows Defender Exploit Guard is comprised of four features. We've developed evaluation guides for each of the features so you can easily and quickly see how they work and determine if they are suitable for your organization.
|
||||
|
||||
Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisutes are.
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the features are working and see how they work.
|
||||
|
||||
|
||||
Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisites are.
|
||||
|
||||
|
||||
- [Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md)
|
||||
@ -45,6 +49,8 @@ You might also be interested in enabling the features in audit mode - which allo
|
||||
|
||||
- [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md)
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
Topic | Description
|
||||
|
||||
@ -42,6 +42,9 @@ Exploit protection automatically applies a number of exploit mitigation techniqu
|
||||
|
||||
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
Exploit protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
You [configure these settings using the Windows Defender Security Center app or PowerShell](customize-exploit-protection.md) on an individual machine, and then [export the configuration as an XML file that you can deploy to other machines](import-export-exploit-protection-emet-xml.md). You can use Group Policy to distribute the XML file to multiple devices at once.
|
||||
|
||||
@ -42,6 +42,9 @@ It expands the scope of [Windows Defender SmartScreen](../windows-defender-smart
|
||||
|
||||
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how it works.
|
||||
|
||||
Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
When Network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
|
||||
|
||||
@ -45,6 +45,9 @@ You can evaluate each feature of Windows Defender EG with the guides at the foll
|
||||
|
||||
You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for the features, which provides you with basic event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com) to confirm the feature is working and see how each of the features work.
|
||||
|
||||
Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
|
||||
- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
|
||||
Reference in New Issue
Block a user