mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-16 07:17:24 +00:00
intro topics for main, evaluate, audit, asr, cfa drafted
This commit is contained in:
Iaan D'Souza-Wiltshire
parent
0a4a65fadc
commit
16b320ef2f
@ -1,7 +1,7 @@
|
||||
---
|
||||
title:
|
||||
description:
|
||||
keywords:
|
||||
title: Test how the features will work in your organization
|
||||
description: Auditing mode lets you use the event log to see how Windows Defender Exploit Guard would protect your devices if it were enabled
|
||||
keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -14,44 +14,34 @@ ms.author: iawilt
|
||||
---
|
||||
|
||||
|
||||
# Use audit mode to evaluate Windows Defender Exploit Guard features
|
||||
# Use auditing mode to evaluate Windows Defender Exploit Guard features
|
||||
|
||||
|
||||
You can enable each of the features of Windows Defender Explot Guard in auditing mode. This lets you see a record of what *would* have happened if you had enabled the feature.
|
||||
|
||||
You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.
|
||||
|
||||
This topic lists the auditing functionality available for each feature, the management tools (Group Policy, Intune, MDM CSPs, System Center Configuration Manager, or PowerShell) that can be used to configure and deploy the setting to multiple machines in your network(s), and links to configuring each feature or setting.
|
||||
While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable auditing mode and then review the event log to see what impact the feature would have had were it enabled.
|
||||
|
||||
This topic links to enabling the auditing functionality for each feature. It also You can use Group Policy, PowerShell, and configuration servicer providers (CSPs) to enable auditing mode.
|
||||
|
||||
|
||||
Auditing options | How to enable auditing mode | How to view events
|
||||
- | - | -
|
||||
Auditing applies to all events | [Enable Controlled Folder Access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled Folder Access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer)
|
||||
Auditing applies to individual rules | [Enable Attack Surface Reduction rules](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules) | [Attack Surface Reduction events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer)
|
||||
Auditing applies to all events | [Enable Network Protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network Protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer)
|
||||
Auditing applies to individual mitigations | [Enable Exploit Protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit Protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
Topic | Description
|
||||
---|---
|
||||
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard)
|
||||
- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
|
||||
- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
|
||||
- [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Audit/block modes
|
||||
|
||||
Controlled Folder Access has mitigations that can be individually enabled in audit or blocking mode.
|
||||
|
||||
Component |Description |Rule/mitigation description |
|
||||
-|-|-|-
|
||||
Controlled Folder Access |Automatically blocks access to content to protected folders. - This can be enabled in audit/block mode |Protected folders |Folders that are shielded by this component.
|
||||
| | | Allowed apps |Apps that are allowed to write into protected folders
|
||||
|
||||
|
||||
|
||||
|
||||
### Audit/block modes
|
||||
|
||||
Each of these components can individually be enabled in audit or blocking mode.
|
||||
|
||||
Attack Surface Reduction and Controlled Folder Access also have mitigations that can be individually enabled in audit or blocking mode.
|
||||
|
||||
Component |Description |Rule/mitigation description |
|
||||
-|-|-|-
|
||||
Attack Surface Reduction (ASR) | Provides rules that allow you to prevent macro, script and email threats. - Each rule can be enabled in audit/block mode - Supports file/folder exclusions applied to all rules |Rules to prevent macro threats |Block office application from creating executable content
|
||||
| | | | Block obfuscated js/vbs/ps/macro code
|
||||
| | | | Block office application from launching child processes
|
||||
| | | | Block office application from injecting into other processes
|
||||
| | | | Block Win32 imports from macro code in Office
|
||||
| | | Rules to prevent script threats |Block js/vbs from executing payload downloaded from Internet
|
||||
| | | | Block obfuscated js/vbs/ps/macro code
|
||||
| | | Rules to prevent email threats |Block execution of executable content (exe, dll, ps, js, vbs, etc) dropped from email (webmail/mail-client).
|
||||
@ -13,6 +13,7 @@ author: iaanw
|
||||
ms.author: iawilt
|
||||
---
|
||||
|
||||
# Customize Attack Surface Reduction
|
||||
|
||||
**Applies to:**
|
||||
|
||||
@ -70,7 +71,7 @@ Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add
|
||||
>[!IMPORTANT]
|
||||
>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
|
||||
|
||||
### Use MDM CSPs to to exclude files and folders
|
||||
### Use MDM CSPs to exclude files and folders
|
||||
|
||||
Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
|
||||
|
||||
@ -78,8 +79,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusio
|
||||
|
||||
## Customize the notification
|
||||
|
||||
|
||||
See the [Windows Defender Security Center](/windows-defender-security-center/windows-defender-security-center#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
|
||||
See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -35,13 +35,15 @@ ms.author: iawilt
|
||||
|
||||
Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
|
||||
|
||||
|
||||
|
||||
## Enable and audit Attack Surface Reduction rules
|
||||
|
||||
You can use Group Policy, PowerShell, or MDM CSPs to configure the state or mode for each rule. This can be useful if you only want to enable some rules, or you want to enable rules individually in audit mode.
|
||||
|
||||
For further details on how audit mode works, and when you might want to use it, see the [auditing Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
|
||||
|
||||
## Enable Attack Surface Reduction rules
|
||||
|
||||
ASR rules are identified by their unique rule ID.
|
||||
Attack Surface Reduction rules are identified by their unique rule ID.
|
||||
|
||||
Rule IDs willl be populated on machines that are enrolled in an E5 license. These machines will also properly report their Attack Surface Reduction rule history in the Windows Defender Security Center web console.
|
||||
|
||||
@ -107,7 +109,19 @@ See the [Evaluate Attack Surface Reduction rules](evaluate-attack-surface-reduct
|
||||
>Not sure if this is right. What does AttackSurfaceReductionRules_Actions do? Do you need to add $TRUE/$FALSE or 1/0 at the end to enable it? Does the rule need to go in " or {}? Some examples would be handy here I think
|
||||
|
||||
>[!IMPORTANT]
|
||||
>Use `Add-MpPreference` to append or add rules. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
|
||||
>Use `Add-MpPreference` to append or add rules. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
|
||||
|
||||
You can enable the feauting in auditing mode using the following cmdlet:
|
||||
|
||||
```PowerShell
|
||||
Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode
|
||||
```
|
||||
|
||||
Use `Disabled` insead of AuditMode to turn the feature off.
|
||||
|
||||
>[!NOTE]
|
||||
>We need to walk through this so I understand how it works
|
||||
|
||||
|
||||
### Use MDM CSPs to enable Attack Surface Reduction rules
|
||||
|
||||
|
||||
@ -39,6 +39,9 @@ Controlled Folder Access helps you protect valuable data from malicious apps and
|
||||
|
||||
This topic describes how to enable Controlled Folder Access with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs).
|
||||
|
||||
|
||||
## Enable and audit Controlled Folder Access
|
||||
|
||||
You can enable Controlled Folder Access with the Windows Defender Security Center app, Group Policy, PowerShell, or MDM CSPs. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
|
||||
|
||||
For further details on how audit mode works, and when you might want to use it, see the [auditing Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
|
||||
@ -83,9 +86,12 @@ For further details on how audit mode works, and when you might want to use it,
|
||||
2. Enter the following cmdlet:
|
||||
|
||||
```PowerShell
|
||||
Set-MpPreference -EnableControlledFolderAccess 1
|
||||
Set-MpPreference -EnableControlledFolderAccess Enabled
|
||||
```
|
||||
|
||||
You can enable the feauting in auditing mode by specifying `AuditMode` instead of `Enabled`.
|
||||
|
||||
Use `Disabled` to turn the feature off.
|
||||
|
||||
### Use MDM CSPs to enable Controlled Folder Access
|
||||
|
||||
|
||||
@ -245,7 +245,7 @@ This enables all Attack Surface Reduction rules in audit mode.
|
||||
|
||||
>[!TIP]
|
||||
>If you want to fully audit how Attack Surface Reduction will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
|
||||
You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [Attack Surface Reduction topic](attack-surface-reduction-exploit-guard.md).
|
||||
You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Attack Surface Reduction topic](attack-surface-reduction-exploit-guard.md).
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title:
|
||||
description:
|
||||
keywords:
|
||||
title: Evaluate the impact of each of the four features in Windows Defender Exploit Guard
|
||||
description: Use our evaluation guides to quickly enable and configure features, and test them against common attack scenarios
|
||||
keywords: evaluate, guides, evaluation, exploit guard, controlled folder access, attack surface reduction, exploit protection, network protection, test, demo
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -28,13 +28,25 @@ ms.author: iawilt
|
||||
|
||||
Windows Defender Exploit Guard is a new collection of tools and features that help you keep your network safe from exploits. Exploits are infection vectors for malware that rely on vulnerabilities in software.
|
||||
|
||||
You can use Windows Defender EG to:
|
||||
Windows Defender Exploit Guard is comprised of four features. We've developed evaluation guides for each of the features so you can easily and quickly see how they work and determine if they are suitable for your organization.
|
||||
|
||||
- Apply exploit mitigation techniques to apps your organization uses, both individually and to all apps, with [Exploit Protection](exploit-protection-exploit-guard.md)
|
||||
- Reduce the attack surface that exploits can leverage, by utlizing rules that go beyond standard host-intrusion prevention systems (HIPS) with [Attack Surface Reduction rules](attack-surface-reduction-exploit.guard.md)
|
||||
- Extend the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity outside of the browser with [Network Protection](network-protection-exploit-guard.md)
|
||||
- Protect files in key system folders from changes made by malicious and suspicious apps with [Controlled Folder Access](controlled-folders-exploit-guard.md)
|
||||
|
||||
There are a few ways you can get started evaluating Windows Defender EG to see how it works and how it could help protect your network. This topic brings together the evaluation topics for each of the four features in Windows Defender EG.
|
||||
Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisutes are.
|
||||
|
||||
|
||||
- [Evaluate Attack Surface Reduction](evaluate-attack-surface-reduction.md)
|
||||
- [Evaluate Controlled Folder Access](evaluate-controlled-folder-access.md)
|
||||
- [Evaluate Exploit Protection](evaluate-exploit-protection.md)
|
||||
- [Evaluate Network Protection](evaluate-network-protection.md)
|
||||
|
||||
You might also be interested in enabling the features in auditing mode - which allows you to see how the features work in the real world without impacting your organization or employee's work habits:
|
||||
|
||||
- [Use auditing mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md)
|
||||
|
||||
## Related topics
|
||||
|
||||
Topic | Description
|
||||
---|---
|
||||
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard)
|
||||
- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
|
||||
- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
|
||||
- [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md)
|
||||
@ -37,56 +37,10 @@ ms.author: iawilt
|
||||
- Windows Defender Security Center app
|
||||
|
||||
|
||||
Windows Defender Exploit Guard is a new collection of tools and features that help you keep your network safe from exploits. Exploits are infection vectors for malware that rely on vulnerabilities in software.
|
||||
|
||||
You can use Windows Defender EG to:
|
||||
|
||||
- Apply exploit mitigation techniques to apps your organization uses, both individually and to all apps, with [Exploit Protection](exploit-protection-exploit-guard.md)
|
||||
- Reduce the attack surface that exploits can leverage, by utlizing rules that go beyond standard host-intrusion prevention systems (HIPS) with [Attack Surface Reduction rules](attack-surface-reduction-exploit.guard.md)
|
||||
- Extend the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity outside of the browser with [Network Protection](network-protection-exploit-guard.md)
|
||||
- Protect files in key system folders from changes made by malicious and suspicious apps with [Controlled Folder Access](controlled-folders-exploit-guard.md)
|
||||
|
||||
Evaluate Windows Defender EG with our evaluation and set-up guide, which provides a pre-built PowerShell script and testing tool so you can see the new features in action:
|
||||
- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
|
||||
|
||||
You can also [enable audit mode](audit-mode-exploit-guard.md) for Windows Defender EG, which provides with reporting and event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
|
||||
|
||||
Windows Defender EG is a component of the new Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies. Other components of Windows Defender Advanced Threat Protection include:
|
||||
- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
- [Windows Defender SmartScreen]
|
||||
- [Windows Defender Device Guard]
|
||||
- [Windows Defender Application Control]
|
||||
|
||||
Each of the features in Windows Defender EG have slightly different requirements:
|
||||
|
||||
Feature | Minimum Windows 10 Insider Preview build | Windows Defender Antivirus | Windows Defender Advanced Threat Protection license
|
||||
-|-|-|-
|
||||
Exploit Protection | 16232 | No requirement | Required for reporting in the Windows Defender ATP console
|
||||
Attack Surface Reduction | 16232 | Must be enabled | Required
|
||||
Network Protection | not released | Must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
Controlled Folder Access | 16232 | Must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
|
||||
> [!NOTE]
|
||||
> Each feature's requirements are further described in the individual topics in this library.
|
||||
|
||||
The way in which the features can be managed, configured, and reported on also varies:
|
||||
|
||||
Feature | Configuration available with | Reporting available with
|
||||
-|-|-
|
||||
Exploit Protection | System Center Configuration Manager, Group Policy, Microsoft Intune, Mobile device management policies, PowerShell, Windows Defender Security Center | Windows Event logs
|
||||
Attack Surface Reduction | Group Policy, Microsoft Intune, Mobile device management policies, Windows Defender Security Center | x
|
||||
Network Protection | System Center Configuration Manager, Group Policy, Microsoft Intune, Mobile device management policies, Windows Defender Security Center | x
|
||||
Controlled Folder Access | System Center Configuration Manager, Group Policy, Microsoft Intune, Mobile device management policies, Windows Defender Security Center | x
|
||||
|
||||
|
||||
## In this library
|
||||
|
||||
Topic | Description
|
||||
---|---
|
||||
[Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard) | Exploit Protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once.
|
||||
[Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit.guard.m) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as macro, script, PowerShell, USB, and Flash security policies and configuration.
|
||||
[Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md) | Minimize the exposure of your devices from network and web-based infection vectors, and set up reporting for suspicious activity.
|
||||
[Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (such as ransomware malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data.
|
||||
|
||||
|
||||
|
||||
|
||||
Set-MpPreference -EnableNetworkProtection [Disabled|Enabled|AuditMode]
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Use Windows Defender Exploit Guard to protect your corporate network
|
||||
description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection. It replaces EMET.
|
||||
description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection, including helping to prevent ransomware encryption and exploit attacks
|
||||
keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
@ -20,7 +20,7 @@ ms.author: iawilt
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Insider Preview, build 16242 and later
|
||||
- Windows 10 Insider Preview
|
||||
|
||||
**Audience**
|
||||
|
||||
@ -31,21 +31,21 @@ Windows Defender Exploit Guard is a new collection of tools and features that he
|
||||
You can use Windows Defender EG to:
|
||||
|
||||
- Apply exploit mitigation techniques to apps your organization uses, both individually and to all apps, with [Exploit Protection](exploit-protection-exploit-guard.md)
|
||||
- Reduce the attack surface that exploits can leverage, by utlizing rules that go beyond standard host-intrusion prevention systems (HIPS) with [Attack Surface Reduction rules](attack-surface-reduction-exploit.guard.md)
|
||||
- Reduce the attack surface that exploits can leverage, by utlizing rules that go beyond standard host-intrusion prevention systems (HIPS) with [Attack Surface Reduction rules](attack-surface-reduction-exploit-guard.md)
|
||||
- Extend the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity outside of the browser with [Network Protection](network-protection-exploit-guard.md)
|
||||
- Protect files in key system folders from changes made by malicious and suspicious apps with [Controlled Folder Access](controlled-folders-exploit-guard.md)
|
||||
|
||||
Evaluate Windows Defender EG with our evaluation and set-up guide, which provides a pre-built PowerShell script and testing tool so you can see the new features in action:
|
||||
- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
|
||||
|
||||
You can also [enable audit mode](audit-mode-exploit-guard.md) for Windows Defender EG, which provides with reporting and event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
|
||||
You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for Windows Defender EG, which provides with reporting and event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
|
||||
|
||||
Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
|
||||
- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
- [Windows Defender SmartScreen]
|
||||
- [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
|
||||
- [Windows Defender Device Guard]
|
||||
- [Windows Defender Application Control]
|
||||
- [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
|
||||
|
||||
Each of the features in Windows Defender EG have slightly different requirements:
|
||||
|
||||
@ -53,7 +53,7 @@ Feature | Minimum Windows 10 Insider Preview build | Windows Defender Antivirus
|
||||
-|-|-|-
|
||||
Exploit Protection | 16232 | No requirement | Required for reporting in the Windows Defender ATP console
|
||||
Attack Surface Reduction | 16232 | Must be enabled | Required
|
||||
Network Protection | not released | Must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
Network Protection | Not released | Must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
Controlled Folder Access | 16232 | Must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
|
||||
> [!NOTE]
|
||||
@ -74,7 +74,7 @@ Controlled Folder Access | System Center Configuration Manager, Group Policy, Mi
|
||||
Topic | Description
|
||||
---|---
|
||||
[Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard) | Exploit Protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once.
|
||||
[Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit.guard.m) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as macro, script, PowerShell, USB, and Flash security policies and configuration.
|
||||
[Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as macro, script, PowerShell, USB, and Flash security policies and configuration.
|
||||
[Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md) | Minimize the exposure of your devices from network and web-based infection vectors, and set up reporting for suspicious activity.
|
||||
[Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (such as ransomware malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user