deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

lint/cleaned network protection

Browse Source
This commit is contained in:
martyav
2019-07-30 14:39:44 -04:00
parent 5e1037d359
commit 54901becf6
1 changed files with 14 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/windows-defender-exploit-guard/network-protection.md
View File

@ -20,7 +20,7 @@ manager: dansimp
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
@ -35,7 +35,7 @@ Network protection works best with [Microsoft Defender Advanced Threat Protectio
When network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Network protection would impact your organization if it were enabled.
You can also use [audit mode](audit-windows-defender.md) to evaluate how Network protection would impact your organization if it were enabled.
## Requirements
@ -49,11 +49,11 @@ Windows 10 version 1709 or later | [Windows Defender AV real-time protection](..
Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
Here is an example query
```
```PowerShell
MiscEvents
| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
```
@ -62,7 +62,7 @@ MiscEvents
You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain:
1. [Copy the XML directly](event-views-exploit-guard.md).
1. [Copy the XML directly](event-views.md).
2. Click **OK**.
@ -76,7 +76,5 @@ You can review the Windows event log to see events that are created when network
## Related topics
Topic | Description
---|---
[Evaluate network protection](evaluate-network-protection.md) | Undertake a quick scenario that demonstrate how the feature works, and what events would typically be created.
[Enable network protection](enable-network-protection.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage network protection in your network.