5.8 KiB
title, description, keywords, search.product, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, localizationpriority, author, ms.author
| title | description | keywords | search.product | ms.pagetype | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | localizationpriority | author | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Use Windows Defender Exploit Guard to protect your corporate network | Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection, including helping to prevent ransomware encryption and exploit attacks | emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system | eADQiWindows 10XVcnh | security | w10 | manage | library | security | medium | iaanw | iawilt |
Windows Defender Exploit Guard
Applies to:
- Windows 10 Insider Preview
Audience
- Enterprise security administrators
Windows Defender Exploit Guard is a new set of host intrusion prevention capabilities for Windows 10, allowing enterprise administrators to manage the attack surface of the OS & applications. By resticting the various vectors through which malware can cause harm to your devices, Windows Defender offers a defense in depth solution to keeping the enteprise safe. With a rich collection of tools and features based off the Intelligent Security Graph, Exploit Guard provides an easy to use experience that offers the best balance of security & productivity for an enterprise.
You can use Windows Defender Exploit Guard (WDEG) to configure and manage any of the following functionalities:
- Apply exploit mitigation techniques to apps your organization uses, both individually and to all apps, with Exploit Protection
- Reduce the attack surface of your applications with intelligent rule that stop vectors of office, script & mail based malware Attack Surface Reduction rules
- Extend the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity on the device wwith Network Protection
- Protect files in key system folders from changes made by malicious and suspicious apps with Controlled Folder Access
Evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:
You can also enable audit mode for Windows Defender EG, which provides you with basic event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
- The Windows Defender ATP console
- Windows Defender Antivirus in Windows 10
- Windows Defender SmartScreen
- Windows Defender Device Guard
- Windows Defender Application Guard
You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual alert investigation scenarios.
Each of the features in Windows Defender EG have slightly different requirements:
| Feature | Windows Defender Antivirus | Windows Defender Advanced Threat Protection license | |
|---|---|---|---|
| Exploit Protection | No requirement | Required for reporting in the Windows Defender ATP console | |
| Attack Surface Reduction | Must be enabled | Required for reporting in the Windows Defender ATP console | |
| Network Protection | Must be enabled | Required for reporting in the Windows Defender ATP console | |
| Controlled Folder Access | Must be enabled | Required for reporting in the Windows Defender ATP console |
Note
Each feature's requirements are further described in the individual topics in this library.
In this library
| Topic | Description |
|---|---|
| Protect devices from exploits with Windows Defender Exploit Guard | Exploit Protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once. |
| Reduce attack surfaces with Windows Defender Exploit Guard | Use pre-built rules to manage mitigations for key attack and infection vectors, such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts. |
| Protect your network with Windows Defender Exploit Guard | Minimize the exposure of your devices from network and web-based infection vectors. |
| Protect important folders with Controlled Folder Access | Prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data. |