mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 23:07:23 +00:00
53 lines
2.9 KiB
Markdown
53 lines
2.9 KiB
Markdown
---
|
|
title: See how exploit protection works in a demo
|
|
description: See how exploit protection can prevent suspicious behaviors from occurring on specific apps.
|
|
keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation
|
|
search.product: eADQiWindows 10XVcnh
|
|
ms.pagetype: security
|
|
ms.prod: w10
|
|
ms.mktglfcycl: manage
|
|
ms.sitesec: library
|
|
ms.pagetype: security
|
|
ms.localizationpriority: medium
|
|
author: andreabichsel
|
|
ms.author: v-anbic
|
|
ms.date: 11/16/2018
|
|
---
|
|
|
|
# Evaluate exploit protection
|
|
|
|
**Applies to:**
|
|
|
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
|
|
|
Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
|
|
|
|
Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection.
|
|
|
|
This topic helps you evaluate exploit protection. For more information about what exploit protection does and how to configure it for real-world deployment, see [Exploit protection](exploit-protection-exploit-guard.md).
|
|
|
|
>[!TIP]
|
|
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
|
|
|
|
## Use audit mode to measure impact
|
|
|
|
You can enable exploit protection in audit mode. You can enable audit mode for individual mitigations.
|
|
|
|
This lets you see a record of what *would* have happened if you had enabled the mitigation.
|
|
|
|
You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious or malicious events generally occur over a certain period.
|
|
|
|
See the [**PowerShell reference** section in customize exploit protection](customize-exploit-protection.md#powershell-reference) for a list of which mitigations can be audited and instructions on enabling the mode.
|
|
|
|
For further details on how audit mode works, and when you might want to use it, see [audit Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md).
|
|
|
|
## Related topics
|
|
- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
|
|
- [Enable exploit protection](enable-exploit-protection.md)
|
|
- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
|
|
- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
|
|
- [Enable network protection](enable-network-protection.md)
|
|
- [Enable controlled folder access](enable-controlled-folders-exploit-guard.md)
|
|
- [Enable attack surface reduction](enable-attack-surface-reduction.md)
|
|
|