Windows 10: Windows Defender Exploit Guard-Network Protection
Applies to:
Windows Server 2019
Windows 10 1809
Windows 10 1803
Windows 10 1709
Windows Defender (WD) Exploit Guard (EG) – Network Protection (NP) extends the malware and social engineering (e.g. Phishing attacks) protection offered by Windows Defender SmartScreen (WD Smartscreen) in Microsoft Edge browser and Microsoft Internet Explorer; Covers 3rd party browsers such as Google Chrome, Mozilla Firefox and other applications to cover network traffic and connectivity (URL and/or IP address reputation) on your Windows 10 and Windows Server 2019 based systems.
In a shorter word, it extends (WD Smartscreen) to 3rd party apps.
Windows Defender Exploit Guard: Network Protection, do I need Windows Defender Antivirus (WD AV)?
The answer is yes, you need WD AV to be enabled.
[What is Windows Defender Exploit Guard – Network Protection?]
Protect your network
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard
Windows Defender Exploit Guard
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard
[So why Windows Defender Exploit Guard: Network Protection?]
Tackling phishing with signal-sharing and machine learning
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/tackling-phishing-with-signal-sharing-and-machine-learning/
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware
https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/
Building Zero Trust networks with Microsoft 365
https://cloudblogs.microsoft.com/microsoftsecure/2018/06/14/building-zero-trust-networks-with-microsoft-365/
A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/10/a-worthy-upgrade-next-gen-security-on-windows-10-proves-resilient-against-ransomware-outbreaks-in-2017/
Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses
https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/
[Test / Deploy WD Exploit Guard: Network Protection]
Enable network protection
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection
Confirm pre-requisites
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np#confirm-pre-requisites
Note: Make sure that you are running the latest:
- WD AV Platform update
- WD AV Engine update
- WD AV definition update
Allow the following URL's through proxy or firewall:
- ars.smartscreen.microsoft.com
- unitedstates.smartscreen-prod.microsoft.com
- smartscreen-sn3p.smartscreen.microsoft.com
Reference:
Windows Defender Smartscreen reporting and notifications
/en-us/windows/privacy/manage-windows-1809-endpoints#windows-defender
Use audit mode to test the rule
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np#use-audit-mode-to-test-the-rule
Testing network protection feature
https://demo.wd.microsoft.com/Page/NP
List of 'attack surface reduction' events such as for WD EG NP:
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard#list-of-attack-surface-reduction-events
Use 'custom views' to review in 'Event Viewer' to review WD EG NP:
XML for network protection events
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard#xml-for-network-protection-events
Report a false positive or false negative
/en-us/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np#report-a-false-positive-or-false-negative
Thanks,
Yong
P.S. Related blog posts:
Windows 10/Windows Server 2016/Windows Server 2019 Antivirus (AV)
https://blogs.technet.microsoft.com/yongrhee/2019/02/21/windows-10-windows-server-2016-windows-server-2019-antivirus-av/
Windows 10: Windows Defender Exploit Guard-Exploit Protection
https://blogs.technet.microsoft.com/yongrhee/2019/02/21/windows-10-windows-defender-exploit-guard-exploit-protection/
Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules
https://blogs.technet.microsoft.com/yongrhee/2019/02/24/windows-10-windows-defender-exploit-guard-attack-surface-reduction-rules/