Scribd
Upload
39 views

MD101

This document discusses the four components of Windows Defender Exploit Guard: Attack Surface Reduction rules, Network protection, Controlled folder access, and Exploit protection. It provides information on how to configure each component using Group Policy, PowerShell, or Microsoft Intune for device management and protection.

Uploaded by

mloga86
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views

MD101

This document discusses the four components of Windows Defender Exploit Guard: Attack Surface Reduction rules, Network protection, Controlled folder access, and Exploit protection. It provides information on how to configure each component using Group Policy, PowerShell, or Microsoft Intune for device management and protection.

Uploaded by

mloga86
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Filename: microsoft-md101-3-3-2-windows-defender-exploit-guard-pt2

Show Name: Managing Modern Desktops (MD-101)


Topic Name: Manage and Protect Devices
Episode Name: Windows Defender Exploit Guard Pt 2
Description: Windows Defender Exploit Guard is a new set of intrusion prevention capabilities built in to Windows 10. In this episode, you will learn about the four components of Exploit
Guard and how to configure them using Group Policy and PowerShell.

Windows Defender Exploit Guard Pt 2

Attack surface reduction rules

Reduce the attack surface of your applications with intelligent rules that stop
the vectors used by Office-, script- and mail-based malware
Requires Windows Defender AV
Real-time protection must be enabled
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules

Configure using Group Policy

Computer Configuration > Administrative templates > Windows components >


Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction
Disable = 0
Block (enable ASR rule) = 1
Audit = 2

Configure using PowerShell

Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled

Configure using Intune

Device configuration > Profiles > Endpoint Protection

Network protection

Extends the malware and social engineering protection offered by Windows


Defender SmartScreen in Microsoft Edge to cover network traffic and
connectivity on your organization's devices
Requires Windows Defender AV
Real-time protection must be enabled
Group Policy

Configure using Group Policy

Computer Configuration > Administrative templates > Windows components >


Windows Defender Antivirus > Windows Defender Exploit Guard > Network protection

Configure using PowerShell

Get-MpPreference
Set-MpPreference -EnableNetworkProtection Enabled

Configure using Intune

Device configuration > Profiles > Endpoint Protection

Controlled folder access

Protect files in key system folders from changes made by malicious and suspicious apps
Requires Windows Defender AV
Real-time protection must be enabled

Configure using Group Policy

Computer Configuration > Administrative templates > Windows components >


Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access

Configure using PowerShell

Get-MpPreference
Set-MpPreference -EnableControlledFolderAccess Enabled

Configure using Intune

Device configuration > Profiles > Endpoint Protection

You might also like