Windows 10: Windows Defender Exploit Guard-Network Protection



Applies to:
Windows Server 2019
Windows 10 1809
Windows 10 1803
Windows 10 1709


Windows Defender (WD) Exploit Guard (EG) – Network Protection (NP) extends the malware and social engineering (e.g. Phishing attacks) protection offered by Windows Defender SmartScreen (WD Smartscreen) in Microsoft Edge browser and Microsoft Internet Explorer; Covers 3rd party browsers such as Google Chrome, Mozilla Firefox and other applications to cover network traffic and connectivity (URL and/or IP address reputation) on your Windows 10 and Windows Server 2019 based systems.

In a shorter word, it extends (WD Smartscreen) to 3rd party apps.


Windows Defender Exploit Guard: Network Protection, do I need Windows Defender Antivirus (WD AV)?

The answer is yes, you need WD AV to be enabled.


[What is Windows Defender Exploit Guard – Network Protection?]

Protect your network

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard



Windows Defender Exploit Guard

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard



[So why Windows Defender Exploit Guard: Network Protection?]

Tackling phishing with signal-sharing and machine learning

https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/tackling-phishing-with-signal-sharing-and-machine-learning/


Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/


Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware

https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/


Building Zero Trust networks with Microsoft 365

https://cloudblogs.microsoft.com/microsoftsecure/2018/06/14/building-zero-trust-networks-with-microsoft-365/


A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/10/a-worthy-upgrade-next-gen-security-on-windows-10-proves-resilient-against-ransomware-outbreaks-in-2017/


Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/


[Test / Deploy WD Exploit Guard: Network Protection]

Enable network protection

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection


Confirm pre-requisites

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np#confirm-pre-requisites
     Note:  Make sure that you are running the latest:

  1. WD AV Platform update
  2. WD AV Engine update
  3. WD AV definition update



Allow the following URL's through proxy or firewall:

  1. ars.smartscreen.microsoft.com
  2. unitedstates.smartscreen-prod.microsoft.com
  3. smartscreen-sn3p.smartscreen.microsoft.com

Reference:

Windows Defender Smartscreen reporting and notifications
https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints#windows-defender


Use audit mode to test the rule

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np#use-audit-mode-to-test-the-rule



Testing network protection feature

https://demo.wd.microsoft.com/Page/NP



List of 'attack surface reduction' events such as for WD EG NP:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard#list-of-attack-surface-reduction-events



Use 'custom views' to review in 'Event Viewer' to review WD EG NP:

XML for network protection events

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard#xml-for-network-protection-events


Report a false positive or false negative

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np#report-a-false-positive-or-false-negative

Thanks,

Yong

P.S.  Related blog posts:
Windows 10/Windows Server 2016/Windows Server 2019 Antivirus (AV)
https://blogs.technet.microsoft.com/yongrhee/2019/02/21/windows-10-windows-server-2016-windows-server-2019-antivirus-av/

Windows 10: Windows Defender Exploit Guard-Exploit Protection
https://blogs.technet.microsoft.com/yongrhee/2019/02/21/windows-10-windows-defender-exploit-guard-exploit-protection/

Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules

https://blogs.technet.microsoft.com/yongrhee/2019/02/24/windows-10-windows-defender-exploit-guard-attack-surface-reduction-rules/


Skip to main content