2.9 KiB
title, description, keywords, search.product, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, ms.author, ms.date
| title | description | keywords | search.product | ms.pagetype | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.localizationpriority | author | ms.author | ms.date |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| See how exploit protection works in a demo | See how exploit protection can prevent suspicious behaviors from occurring on specific apps. | Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation | eADQiWindows 10XVcnh | security | w10 | manage | library | security | medium | andreabichsel | v-anbic | 11/16/2018 |
Evaluate exploit protection
Applies to:
Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
Many of the features that are part of the Enhanced Mitigation Experience Toolkit (EMET) are included in exploit protection.
This topic helps you evaluate exploit protection. For more information about what exploit protection does and how to configure it for real-world deployment, see Exploit protection.
Tip
You can also visit the Windows Defender Testground website at demo.wd.microsoft.com to confirm the feature is working and see how it works.
Use audit mode to measure impact
You can enable exploit protection in audit mode. You can enable audit mode for individual mitigations.
This lets you see a record of what would have happened if you had enabled the mitigation.
You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious or malicious events generally occur over a certain period.
See the PowerShell reference section in customize exploit protection for a list of which mitigations can be audited and instructions on enabling the mode.
For further details on how audit mode works, and when you might want to use it, see audit Windows Defender Exploit Guard.