deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

error fixes (invalid file links - need to insert md to prevent error message in build)

Browse Source
This commit is contained in:
Iaan D'Souza-Wiltshire 2017-08-26 02:36:11 -07:00
parent 79c390b734
commit 08787d64fe
11 changed files with 18 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -41,7 +41,7 @@ Attack Surface Reduction helps prevent actions and apps that are typically used
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
Attack Surface Reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection).
Attack Surface Reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
The feature is comprised of a number of rules, each of which target specific behaviors that are typically used by malware and malicious apps to infect machines, such as:

4
windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
View File

@ -34,7 +34,7 @@ You might want to do this when testing how the feature will work in your organiz
While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled.
You can use Windows Defender Advanced Threat Protection to get greater granularity into each event, especially for investigating Attack Surface Reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection).
You can use Windows Defender Advanced Threat Protection to get greater granularity into each event, especially for investigating Attack Surface Reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
@ -73,7 +73,7 @@ You can also use the a custom PowerShell script that enables the features in aud
Topic | Description
---|---
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard)
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
- [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md)

2
windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
View File

@ -42,7 +42,7 @@ Controlled Folder Access helps you protect valuable data from malicious apps and
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
Controlled Folder Access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection).
Controlled Folder Access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.

6
windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
View File

@ -43,7 +43,7 @@ You configure these settings using the Windows Defender Security Center on an in
This topic lists each of the mitigations available in Exploit Protection, indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works.
It also describes how to enable or configure the mitigations using Windows Defender Security Center, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml).
It also describes how to enable or configure the mitigations using Windows Defender Security Center, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
## Exploit Protection mitigations
@ -103,7 +103,7 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
4. Repeat this for all the system-level mitigations you want to configure.
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml) or continue on to configure app-specific mitigations.
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or continue on to configure app-specific mitigations.
Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
@ -133,7 +133,7 @@ Exporting the configuration as an XML file allows you to copy the configuration
![](images/wdsc-exp-prot-app-settings-options.png)
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml) or return to configure system-level mitigations.
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or return to configure system-level mitigations.
Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.

2
windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
View File

@ -61,7 +61,7 @@ You can also convert an existing EMET configuration file (in XML format) and imp
See the following topics for instructions on configuring Exploit Protection mitigations and importing, exporting, and converting configurations:
1. [Configure the mitigations you want to enable or audit](customize-exploit-protection.md)
2. [Export the configuration to an XML file that you can use to deploy the configuration to multiple machines](import-export-exploit-protection-emet-xml).
2. [Export the configuration to an XML file that you can use to deploy the configuration to multiple machines](import-export-exploit-protection-emet-xml.md).
## Related topics

7
windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
View File

@ -101,7 +101,7 @@ Block mode will cause a notification to appear on the user's desktop:
![](images/asr-notif.png)
You can [modify the notification to display your company name and links](attack-surface-reduction-exploit-guard.md#customize-the-notification) for users to obtain more information or contact your IT help desk.
You can [modify the notification to display your company name and links](customize-attack-surface-reduction.md#customize-the-notification) for users to obtain more information or contact your IT help desk.
For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
@ -226,10 +226,7 @@ You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the s
During your evaluation, you may wish to configure each rule individualy or exclude certain files and processes from being evaluated by the feature.
See the following topics for configuring the feature with management tools, including Group Policy and MDM CSP policies:
- [Exclude files and folders](customize-attack-surface-reduction.md#exclude-files-and-folders)
- [Configure rules individually](enable-attack-surface-reduction.md#individually-enable-attack-surface-reduction-rules)
See the [Customize Exploit Protection](customize-exploit-protection.md) topic for information on configuring the feature with management tools, including Group Policy and MDM CSP policies.
## Related topics

5
windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
View File

@ -125,10 +125,7 @@ For further details on how audit mode works, and when you might want to use it,
During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files.
See the following sections in the main [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) topic for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSPs:
- [Protect additional folders](controlled-folders-exploit-guard.md#protect-additional-folders)
- [Allow specifc apps to make changes to controlled folders](controlled-folders-exploit-guard.md#allow-specifc-apps-to-make-changes-to-controlled-folders)
See the main [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) topic for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSP.
## Related topics
- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)

2
windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
View File

@ -49,7 +49,7 @@ You might also be interested in enabling the features in audit mode - which allo
Topic | Description
---|---
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard)
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
- [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md)

4
windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
View File

@ -38,11 +38,11 @@ ms.date: 08/25/2017
Exploit Protection automatically applies a number of exploit mitigation techniques on both [the operating system processes](configure-system-exploit-protection.md) and on [individual apps](configure-app-exploit-protection.md).
Exploit Protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
Exploit Protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection).
Exploit Protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
You [configure these settings using the Windows Defender Security Center app or PowerShell](customize-exploit-protection.md) on an individual machine, and then [export the configuration as an XML file that you can deploy to other machines](import-export-exploit-protection-emet-xml.md). You can use Group Policy to distribute the XML file to multiple devices at once.

2
windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
View File

@ -42,7 +42,7 @@ It expands the scope of [Windows Defender SmartScreen](../windows-defender-smart
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
Network Protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection).
Network Protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
When Network Protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.

6
windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
View File

@ -52,11 +52,11 @@ Windows Defender EG can be managed and reported on in the Windows Defender Secur
- Windows Defender Device Guard
- [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection).
You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
Each of the features in Windows Defender EG have slightly different requirements:
Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | [Windows Defender Advanced Threat Protection license](../windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection)
Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | [Windows Defender Advanced Threat Protection license](../windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md)
-|-|-|-
Exploit Protection | No requirement | Required for reporting in the Windows Defender ATP console
Attack Surface Reduction | Must be enabled | Required for reporting in the Windows Defender ATP console
@ -71,7 +71,7 @@ Controlled Folder Access | Must be enabled | Required for reporting in the Windo
Topic | Description
---|---
[Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard) | Exploit Protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once.
[Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) | Exploit Protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once.
[Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts.
[Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md) | Minimize the exposure of your devices from network and web-based infection vectors.
[Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data.