deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fixed a link; folded in a bit of tech review fdbk

Browse Source
This commit is contained in:
JanKeller1 2017-02-09 16:43:31 -08:00
parent 1388ea5779
commit 1a523e73e1
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/keep-secure/overview-of-threat-mitigations-in-windows-10.md
View File

@ -46,7 +46,7 @@ Windows 10 mitigations that you can configure are listed in the following two ta
| **UEFI Secure Boot**,<br>which mitigates against<br>bootkits and rootkits | Unified Extensible Firmware Interface (UEFI) Secure Boot helps to protect the boot process and firmware from tampering, such as from a physically present attacker or from forms of malware that run early in the boot process or in kernel after startup.<br><br>**More information**: [UEFI and Secure Boot](bitlocker-countermeasures.md#uefi-and-secure-boot)</a> |
| **Credential Guard**,<br>which mitigates against<br>credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.<br>Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.<br><br>**More information**: [Protect derived domain credentials with Credential Guard](credential-guard.md) |
| **OS key pinning**,<br>which mitigates against<br>man-in-the-middle attacks that leverage PKI | With OS key pinning, you can “pin” (associate) an X.509 certificate and its public key to its legitimate Certification Authority (root or leaf). This provides validation for digitally signed certificates (SSL certificates) used while browsing, and mitigates against man-in the-middle attacks that involve these certificates.<br><br>**More information**: OS_KEY_PINNING_LINK |
| **Windows Defender SmartScreen**,<br>which mitigates against<br>malicious applications that<br>a user might download | Windows Defender SmartScreen can check the reputation of a downloaded application by using a service that Microsoft maintains. The first time a user runs an app that originates from the Internet (even if the user copied it from another PC), SmartScreen checks to see if the app lacks a reputation or is known to be malicious, and responds accordingly.<br><br>**More information**: [The SmartScreen filter](#the-smartscreen-filter), later in this topic |
| **Windows Defender SmartScreen**,<br>which mitigates against<br>malicious applications that<br>a user might download | Windows Defender SmartScreen can check the reputation of a downloaded application by using a service that Microsoft maintains. The first time a user runs an app that originates from the Internet (even if the user copied it from another PC), SmartScreen checks to see if the app lacks a reputation or is known to be malicious, and responds accordingly.<br><br>**More information**: [Windows Defender SmartScreen](#windows-defender-smartscreen), later in this topic |
| **Windows Defender Antivirus**, which mitigates against<br>multiple threats | Windows 10 includes Windows Defender Antivirus, a robust inbox antimalware solution. Windows Defender Antivirus has been significantly improved since it was introduced in Windows 8.<br><br>**More information**: [Windows Defender Antivirus](#windows-defender-antivirus), later in this topic |
| **Blocking of untrusted fonts**, <br>which mitigates against<br>elevation-of-privilege attacks from untrusted fonts | The Block Untrusted Fonts setting allows you to prevent users from loading untrusted fonts onto your network, which can mitigate against elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](https://msdn.microsoft.com/library/windows/desktop/mt595898(v=vs.85).aspx) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).<br><br>**More information**: [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |
| **Memory protections** listed in [Table 2](#table-2),<br>which mitigate against<br>malware that uses memory<br>manipulation techniques such as<br>buffer overruns | This set of mitigations helps to protect against memory-based attacks, where malware or other code manipulates memory to gain control of a system. For example, malware might use buffer overruns to inject malicious executable code into memory.<br>A minority of trusted apps will not be able to run if some of these mitigations are set to their most restrictive settings. Testing can help you maximize protection while still allowing needed apps to run correctly.<br><br>**More information**: [Table 2](#table-2), later in this topic |
@ -139,12 +139,14 @@ You can use the Group Policy setting called **Process Mitigation Options** to co
Starting with Windows Internet Explorer 8, the SmartScreen Filter has helped protect users from both malicious applications and nefarious websites by using the SmartScreen Filters application and URL reputation services. The SmartScreen Filter in Internet Explorer would check URLs and newly downloaded apps against an online reputation service that Microsoft maintained. If the app or URL were not known to be safe, SmartScreen Filter would warn the user or even prevent the app or URL from loading, depending on how systems administrators had configured Group Policy settings.
For Windows 10, Microsoft further developed SmartScreen, now called Windows Defender SmartScreen, by integrating its app reputation abilities into the operating system itself, which allows SmartScreen to protect users regardless of the web browser they are using or the path that the app uses to arrive on the device (for example, email, USB flash drive). The first time a user runs an app that originates from the Internet, even if the user copied it from another PC, SmartScreen checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, SmartScreen warns the user or blocks execution entirely, depending on how the administrator has configured Group Policy (see Figure 4).
For Windows 10, Microsoft further developed SmartScreen, now called Windows Defender SmartScreen, by integrating its app reputation abilities into the operating system itself, which allows SmartScreen to check the reputation of files downloaded from the Internet and warn users when theyre about to run a high-risk downloaded file. The first time a user runs an app that originates from the Internet, SmartScreen checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, SmartScreen warns the user or blocks execution entirely, depending on how the administrator has configured Group Policy (see Figure 4).
![SmartScreen Filter at work in Windows 10](images/security-fig7-smartscreenfilter.png)
**Figure 4.&nbsp;&nbsp;SmartScreen at work in Windows 10**
<!-- There are probably some deletions to make in the following paragraph, and the screenshot needs to be replaced. Wait and see -- other information will likely be coming in. -->
By default, users have the option to bypass SmartScreen protection so that it will not prevent a user from running a legitimate app. You can use Control Panel or Group Policy settings to disable SmartScreen or to completely prevent users from running apps that SmartScreen does not recognize. The Control Panel settings are shown in Figure 5.
![SmartScreen configuration options](images/security-fig8-smartscreenconfig.png)