From 76236dc81bb1d0f4736591c7bcd0e1b7c0544196 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 1 May 2018 10:55:21 -0700 Subject: [PATCH] revised requirements --- .../attack-surface-reduction-exploit-guard.md | 5 +--- .../windows-defender-exploit-guard.md | 24 +++++++++---------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index ad413e8016..f2d3e4c2f8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -194,15 +194,12 @@ With this rule, admins can prevent unsigned or untrusted executable files from r ## Requirements -The following requirements must be met before Attack surface reduction will work: +Attack surface reduction requires Microsoft 365 E5 and Windows Defender AV real-time protection. Windows 10 version | Windows Defender Antivirus - | - Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled - - - ## Review Attack surface reduction events in Windows Event Viewer You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited): diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index eac14b3d74..f2f958ce4d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -59,7 +59,13 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e ## Requirements -Each of the features in Windows Defender EG have slightly different requirements: +The following table lists requirements for each feature in Windows Defender EG. + +**Legend**
+![not supported](./images/ball_empty.png) Not supported
+![supported](./images/ball_50.png) Supported
+![supported, enhanced](./images/ball_75.png) Includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity)
+![supported, full reporting](./images/ball_full.png) Includes automated reporting into the Windows Defender ATP console
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | @@ -68,20 +74,14 @@ Each of the features in Windows Defender EG have slightly different requirements | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -> [!NOTE] -> ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).
-> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes automated reporting into the Windows Defender ATP console. +The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. - -| Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) +| Feature | Real-time protection | |-----------------| ------------------------------------ | | Exploit protection | No requirement | -| Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | -| Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | -| Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | - -> [!NOTE] -> Each feature's requirements are further described in the individual topics in this library. +| Attack surface reduction | Must be enabled | +| Network protection | Must be enabled | +| Controlled folder access | Must be enabled | ## In this library