diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index ad413e8016..74a07d5588 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -63,6 +63,14 @@ When a rule is triggered, a notification will be displayed from the Action Cente You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack surface reduction would impact your organization if it were enabled. +## Requirements + +Attack surface reduction requires Windows 10 Enterprise E5 and Windows Defender AV real-time protection. + +Windows 10 version | Windows Defender Antivirus +- | - +Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled + ## Attack surface reduction rules Windows 10, version 1803 has five new Attack surface reduction rules: @@ -192,17 +200,6 @@ With this rule, admins can prevent unsigned or untrusted executable files from r - Executable files (such as .exe, .dll, or .scr) - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) -## Requirements - -The following requirements must be met before Attack surface reduction will work: - -Windows 10 version | Windows Defender Antivirus -- | - -Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled - - - - ## Review Attack surface reduction events in Windows Event Viewer You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited): diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index 4a24317f84..2ce348a33d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -61,11 +61,9 @@ As with other features of Windows Defender Exploit Guard, you can use [audit mod ## Requirements -The following requirements must be met before Controlled folder access will work: - Windows 10 version | Windows Defender Antivirus -|- -Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled +Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled ## Review Controlled folder access events in Windows Event Viewer diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index 0d2f55a6c5..3c95ea7702 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -63,11 +63,11 @@ Exploit protection works best with [Windows Defender Advanced Threat Protection] ## Requirements -The following requirements must be met before Exploit protection will work: +Exploit protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection. Windows 10 version | Windows Defender Advanced Threat Protection -|- -Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md) +Windows 10 version 1709 or later | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md) ## Review Exploit protection events in Windows Event Viewer diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 675b02a32e..896d6f07f7 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -56,11 +56,11 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua ## Requirements -The following requirements must be met before Network protection will work: +Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection. Windows 10 version | Windows Defender Antivirus - | - -Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled +Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled ## Review Network protection events in Windows Event Viewer diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 64c306467a..996a0d79d9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -63,7 +63,15 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e ## Requirements -Each of the features in Windows Defender EG have slightly different requirements: +This section covers requirements for each feature in Windows Defender EG. + +| Symbol | Support | +|--------|---------| +| ![not supported](./images/ball_empty.png) | Not supported | +| ![supported](./images/ball_50.png) | Supported | +| ![supported, enhanced](./images/ball_75.png) | Includes advanced exploit protection for the kernel mode via [HVCI](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) | +| ![supported, full reporting](./images/ball_full.png) | Includes automated reporting into the Windows Defender ATP console| + | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | @@ -72,20 +80,14 @@ Each of the features in Windows Defender EG have slightly different requirements | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | -> [!NOTE] -> ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).
-> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes automated reporting into the Windows Defender ATP console. +The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. - -| Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) +| Feature | Real-time protection | |-----------------| ------------------------------------ | | Exploit protection | No requirement | -| Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | -| Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | -| Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | - -> [!NOTE] -> Each feature's requirements are further described in the individual topics in this library. +| Attack surface reduction | Must be enabled | +| Network protection | Must be enabled | +| Controlled folder access | Must be enabled | ## In this library