deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
abd5c4ad390a51cb15a5b1e3cc5efa8ad1b91449
windows-itpro-docs/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
Liza Poggemeyer d9d1fedbe6 fixed loc priority
2018-06-27 16:58:05 -07:00

100 lines
4.4 KiB
Markdown
Raw Blame History

---
title: Use Network protection to help prevent connections to bad sites
description: Protect your network by preventing users from accessing known malicious and suspicious network addresses
keywords: Network protection, exploits, malicious website, ip, domain, domains
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 05/30/2018
---
# Protect your network with Windows Defender Exploit Guard
**Applies to:**
- Windows 10, version 1709 or higher
- Windows Server 2016
**Audience**
- Enterprise security administrators
**Manageability available with**
- Group Policy
- PowerShell
- Configuration service providers for mobile device management
Supported in Windows 10 Enterprise, Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
>[!TIP]
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
When Network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Network protection would impact your organization if it were enabled.
## Requirements
Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
Windows 10 version | Windows Defender Antivirus
- | -
Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
## Review Network protection events in Windows Event Viewer
You can review the Windows event log to see events that are created when Network protection blocks (or audits) access to a malicious IP or domain:
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *np-events.xml* to an easily accessible location on the machine.
1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
2. On the left panel, under **Actions**, click **Import custom view...**
![Antimation of the import custom view option](images/events-import.gif)
3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
4. Click **OK**.
5. This will create a custom view that filters to only show the following events related to Network protection:
Event ID | Description
-|-
5007 | Event when settings are changed
1125 | Event when Network protection fires in Audit-mode
1126 | Event when Network protection fires in Block-mode
## In this section
Topic | Description
---|---
[Evaluate Network protection](evaluate-network-protection.md) | Undertake a quick scenario that demonstrate how the feature works, and what events would typically be created.
[Enable Network protection](enable-network-protection.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage the Network protection feature in your network.
Reference in New Issue View Git Blame Copy Permalink