5.9 KiB
title, description, keywords, search.product, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, localizationpriority, author, ms.author
| title | description | keywords | search.product | ms.pagetype | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | localizationpriority | author | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Use Windows Defender Exploit Guard to protect your corporate network | Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection. It replaces EMET. | emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system | eADQiWindows 10XVcnh | security | w10 | manage | library | security | medium | iaanw | iawilt |
Windows Defender Exploit Guard
Applies to:
- Windows 10 Insider Preview, build 16232 and later
Audience
- Enterprise security administrators
Manageability available with
- Group Policy
- PowerShell
- Windows Management Instrumentation (WMI)
- System Center Configuration Manager
- Microsoft Intune
- Windows Defender Security Center app
Windows Defender Exploit Guard is a new collection of tools and features that help you keep your network safe from exploits. Exploits are infection vectors for malware that rely on vulnerabilities in software.
You can use Windows Defender EG to:
- Apply exploit mitigation techniques to apps your organization uses, both individually and to all apps, with Exploit Protection
- Reduce the attack surface that exploits can leverage, by utlizing rules that go beyond standard host-intrusion prevention systems (HIPS) with Attack Surface Reduction rules
- Extend the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity outside of the browser with Network Protection
- Protect files in key system folders from changes made by malicious and suspicious apps with Controlled Folder Access
Evaluate Windows Defender EG with our evaluation and set-up guide, which provides a pre-built PowerShell script and testing tool so you can see the new features in action:
You can also enable audit mode for Windows Defender EG, which provides with reporting and event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
Windows Defender EG is a component of the new Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies. Other components of Windows Defender Advanced Threat Protection include:
- The Windows Defender ATP console
- Windows Defender Antivirus in Windows 10
- [Windows Defender SmartScreen]
- [Windows Defender Device Guard]
- [Windows Defender Application Control]
Each of the features in Windows Defender EG have slightly different requirements:
| Feature | Minimum Windows 10 Insider Preview build | Windows Defender Antivirus | Windows Defender Advanced Threat Protection license |
|---|---|---|---|
| Exploit Protection | 16232 | No requirement | Required for reporting in the Windows Defender ATP console |
| Attack Surface Reduction | 16232 | Must be enabled | Required |
| Network Protection | not released | Must be enabled | Required for reporting in the Windows Defender ATP console |
| Controlled Folder Access | 16232 | Must be enabled | Required for reporting in the Windows Defender ATP console |
Note
Each feature's requirements are further described in the individual topics in this library.
The way in which the features can be managed, configured, and reported on also varies:
| Feature | Configuration available with | Reporting available with |
|---|---|---|
| Exploit Protection | System Center Configuration Manager, Group Policy, Microsoft Intune, Mobile device management policies, PowerShell, Windows Defender Security Center | Windows Event logs |
| Attack Surface Reduction | Group Policy, Microsoft Intune, Mobile device management policies, Windows Defender Security Center | x |
| Network Protection | System Center Configuration Manager, Group Policy, Microsoft Intune, Mobile device management policies, Windows Defender Security Center | x |
| Controlled Folder Access | System Center Configuration Manager, Group Policy, Microsoft Intune, Mobile device management policies, Windows Defender Security Center | x |
In this library
| Topic | Description |
|---|---|
| Protect devices from exploits with Windows Defender Exploit Guard | Exploit Protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once. |
| Reduce attack surfaces with Windows Defender Exploit Guard | Use pre-built rules to manage mitigations for key attack and infection vectors, such as macro, script, PowerShell, USB, and Flash security policies and configuration. |
| Protect your network with Windows Defender Exploit Guard | Minimize the exposure of your devices from network and web-based infection vectors, and set up reporting for suspicious activity. |
| Protect important folders with Controlled Folder Access | Prevent unknown or unauthorized apps (such as ransomware malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data. |