4.4 KiB
title, description, keywords, search.product, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, ms.author, ms.date, ms.reviewer, manager
| title | description | keywords | search.product | ms.pagetype | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.localizationpriority | author | ms.author | ms.date | ms.reviewer | manager |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Use network protection to help prevent connections to bad sites | Protect your network by preventing users from accessing known malicious and suspicious network addresses | Network protection, exploits, malicious website, ip, domain, domains | eADQiWindows 10XVcnh | security | w10 | manage | library | security | medium | levinec | ellevin | 04/30/2019 | dansimp |
Protect your network
Applies to:
Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
It expands the scope of Windows Defender SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
Network protection is supported beginning with Windows 10, version 1709.
Tip
You can visit the Windows Defender Testground website at demo.wd.microsoft.com to confirm the feature is working and see how it works.
Network protection works best with Microsoft Defender Advanced Threat Protection, which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual alert investigation scenarios.
When network protection blocks a connection, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
You can also use audit mode to evaluate how Network protection would impact your organization if it were enabled.
Requirements
Network protection requires Windows 10 Pro, Enterprise E3, E5 and Windows Defender AV real-time protection.
Windows 10 version | Windows Defender Antivirus
- | - Windows 10 version 1709 or later | Windows Defender AV real-time protection and cloud-delivered protection must be enabled
Review network protection events in the Microsoft Defender ATP Security Center
Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
You can query Microsoft Defender ATP data by using Advanced hunting. If you're using audit mode, you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
Review network protection events in Windows Event Viewer
You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain:
-
Click OK.
-
This will create a custom view that filters to only show the following events related to network protection:
Event ID Description 5007 Event when settings are changed 1125 Event when network protection fires in audit mode 1126 Event when network protection fires in block mode Related topics
| Topic | Description |
|---|---|
| Evaluate network protection | Undertake a quick scenario that demonstrate how the feature works, and what events would typically be created. |
| Enable network protection | Use Group Policy, PowerShell, or MDM CSPs to enable and manage network protection in your network. |