deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

mv & rm pages w/o renaming folder yet

Browse Source
This commit is contained in:
martyav 2019-07-30 11:19:06 -04:00
parent 647734dd1c
commit fab58fbc7b
8 changed files with 0 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md → windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction.md
View File

0
windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md → windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender.md
View File

0
windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md → windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders.md
View File

0
windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md → windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection.md
View File

53
windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
View File

@ -1,53 +0,0 @@
---
title: Evaluate the impact of Windows Defender Exploit Guard
description: Use our evaluation guides to quickly enable and configure features, and test them against common attack scenarios
keywords: evaluate, guides, evaluation, exploit guard, controlled folder access, attack surface reduction, exploit protection, network protection, test, demo
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: levinec
ms.author: ellevin
ms.date: 05/30/2018
ms.reviewer:
manager: dansimp
---
# Evaluate Windows Defender Exploit Guard
**Applies to:**
- Windows 10, version 1709 and later
- Windows Server 2016
Windows Defender Exploit Guard is a collection of tools and features that help you keep your network safe from exploits. Exploits are infection vectors for malware that rely on vulnerabilities in software.
Windows Defender Exploit Guard is comprised of four features. We've developed evaluation guides for each of the features so you can easily and quickly see how they work and determine if they are suitable for your organization.
>[!TIP]
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisites are.
- [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md)
- [Evaluate controlled folder access](evaluate-controlled-folder-access.md)
- [Evaluate exploit protection](evaluate-exploit-protection.md)
- [Evaluate network protection](evaluate-network-protection.md)
You might also be interested in enabling the features in audit mode - which allows you to see how the features work in the real world without impacting your organization or employee's work habits:
- [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md)
## Related topics
| Topic | Description |
|-------|-------------|
| | |
- [Protect devices from exploits](exploit-protection-exploit-guard.md)
- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md)
- [Protect your network](network-protection-exploit-guard.md)
- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)

0
windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md → windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection.md
View File

0
windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md → windows/security/threat-protection/windows-defender-exploit-guard/network-protection.md
View File

90
windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
View File

@ -1,90 +0,0 @@
---
title: Use Windows Defender Exploit Guard to protect your network
description: Windows Defender EG employs features that help protect your network from threats, including helping prevent ransomware encryption and exploit attacks
keywords: emet, exploit guard, Controlled folder access, Network protection, Exploit protection, Attack surface reduction, hips, host intrusion prevention system
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.date: 08/09/2018
ms.reviewer:
manager: dansimp
---
# Windows Defender Exploit Guard
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
There are four features in Windows Defender EG:
- [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV).
- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware. Requires Windows Defender AV.
- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV.
- [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV.
Windows 10, version 1803 provides additional protections:
- New Attack surface reduction rules
- Controlled folder access can now block disk sectors
You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:
- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for the features, which provides you with basic event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
>[!TIP]
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work.
Windows Defender EG can be managed and reported on in the Windows Security app as part of the Microsoft Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies.
You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [sign up for a free trial of Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
## Requirements
This section covers requirements for each feature in Windows Defender EG.
| Symbol | Support |
|--------|---------|
| ![not supported](./images/ball_empty.png) | Not supported |
| ![supported](./images/ball_50.png) | Supported |
| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Microsoft Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.|
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 Enterprise | Windows 10 with Enterprise E3 subscription | Windows 10 with Enterprise E5 subscription |
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | :--------------------------------------: |
| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
>[!NOTE]
> The [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as the Enterprise E5 subscription.
The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus.
| Feature | Real-time protection |
|-----------------| ------------------------------------ |
| Exploit protection | No requirement |
| Attack surface reduction rules | Must be enabled |
| Network protection | Must be enabled |
| Controlled folder access | Must be enabled |
## In this library
Topic | Description
---|---
[Protect devices from exploits](exploit-protection-exploit-guard.md) | Exploit protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once.
[Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts.
[Protect your network](network-protection-exploit-guard.md) | Minimize the exposure of your devices from network and web-based infection vectors.
[Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data.