開啟網路保護Turn on network protection

適用於:Applies to:

提示

想要體驗 Defender for Endpoint?Want to experience Defender for Endpoint? 注册免費試用版。Sign up for a free trial.

網路保護 可協助防止員工使用任何應用程式存取可能會在網際網路上主控網路釣魚詐騙、入侵和其他惡意內容的危險網域。Network protection helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. 您可以在測試環境中 審核網路保護 ,以查看在啟用之前將封鎖哪些應用程式。You can audit network protection in a test environment to view which apps would be blocked before you enable it.

深入瞭解網路篩選設定選項Learn more about network filtering configuration options

檢查是否已啟用網路保護Check if network protection is enabled

使用登錄編輯程式檢查是否已在本機裝置上啟用網路保護。Check if network protection has been enabled on a local device by using Registry editor.

  1. 選取工作列中的 [ 開始 ] 按鈕,然後輸入 regedit 開啟登錄編輯程式Select the Start button in the task bar and type regedit to open Registry editor

  2. 選擇側邊功能表中的 [ HKEY_LOCAL_MACHINEChoose HKEY_LOCAL_MACHINE from the side menu

  3. 透過嵌套功能表流覽至 軟體 > Microsoft > Windows Defender > Windows Defender 利用防護 > 網路保護Navigate through the nested menus to SOFTWARE > Microsoft > Windows Defender > Windows Defender Exploit Guard > Network Protection

  4. 選取 [ EnableNetworkProtection ],以查看裝置上目前的網路保護狀態。Select EnableNetworkProtection to see the current state of network protection on the device

    • 0或 關閉0, or Off
    • 1或 開啟1, or On
    • 2或 審計 模式2, or Audit mode

    networkprotection

啟用網路保護Enable network protection

使用下列任何一種方法來啟用網路保護:Enable network protection by using any of these methods:

PowerShellPowerShell

  1. 在 [開始] 功能表中輸入 powershell ,以滑鼠右鍵按一下 Windows PowerShell 並選取 [以 系統管理員身分執行]Type powershell in the Start menu, right-click Windows PowerShell and select Run as administrator

  2. 輸入下列 Cmdlet:Enter the following cmdlet:

    Set-MpPreference -EnableNetworkProtection Enabled
    
  3. 選用:使用下列 Cmdlet 在稽核模式中啟用此功能:Optional: Enable the feature in audit mode using the following cmdlet:

    Set-MpPreference -EnableNetworkProtection AuditMode
    

    使用 Disabled 代替 AuditModeEnabled 關閉功能。Use Disabled instead of AuditMode or Enabled to turn off the feature.

行動裝置管理 (MDM)Mobile device management (MDM)

使用 /Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection configuration service PROVIDER (CSP) 以啟用或停用網路保護或啟用稽核模式。Use the ./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection configuration service provider (CSP) to enable or disable network protection or enable audit mode.

Microsoft 端點管理員 (以前的 Intune) Microsoft Endpoint Manager (formerly Intune)

  1. 登入 Microsoft 端點管理員系統管理中心 (https://endpoint.microsoft.com)Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com)

  2. 建立或編輯 endpoint protection 設定檔Create or edit an endpoint protection configuration profile

  3. 在設定檔流程中的 [設定 設定] 底下,移至 Microsoft Defender 惡意探索防護 > 網路篩選 > 網路保護 > 啟用僅限審核Under Configuration Settings in the profile flow, go to Microsoft Defender Exploit Guard > Network filtering > Network protection > Enable or Audit only

群組原則Group Policy

使用下列程式可在已加入網域的電腦或獨立電腦上啟用網路保護。Use the following procedure to enable network protection on domain-joined computers or on a standalone computer.

  1. 在單機電腦上,移至 [ 開始 ],然後輸入並選取 [ 編輯群組原則]。On a standalone computer, go to Start and then type and select Edit group policy.

    -Or-

    在已加入網域的群組原則管理電腦上,開啟 群組原則管理主控台,以滑鼠右鍵按一下您要設定的群組原則物件,然後選取 [ 編輯]。On a domain-joined Group Policy management computer, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select Edit.

  2. [群組原則管理編輯器] 中,移至 [電腦設定] 然後選取 [系統管理範本]In the Group Policy Management Editor, go to Computer configuration and select Administrative templates.

  3. 展開樹狀目錄,以 Windows 元件 > Microsoft Defender 防毒軟體 > Windows Defender 利用防護 > 網路保護Expand the tree to Windows components > Microsoft Defender Antivirus > Windows Defender Exploit Guard > Network protection.

注意

在舊版的 Windows 中,群組原則路徑可以說「Windows Defender 防毒軟體」,而不是「Microsoft Defender 防毒軟體」。On older versions of Windows, the group policy path may say "Windows Defender Antivirus" instead of "Microsoft Defender Antivirus."

  1. 按兩下 [ 防止使用者和應用程式存取危險的網站 ] 設定,並將此選項設定為 [ 啟用]。Double-click the Prevent users and apps from accessing dangerous websites setting and set the option to Enabled. 在 [選項] 區段中,您必須指定下列其中一個選項:In the options section, you must specify one of the following options:
    • 封鎖 -使用者無法存取惡意的 IP 位址和網域Block - Users can't access malicious IP addresses and domains
    • 停用 (預設) -網路保護功能將無法運作。Disable (Default) - The Network protection feature won't work. 使用者不會被封鎖存取惡意網域Users won't be blocked from accessing malicious domains
    • 稽核模式-如果使用者要走訪惡意的 IP 位址或網域,將會在 Windows 事件記錄檔中記錄事件。Audit Mode - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log. 不過,使用者不會被封鎖訪問位址。However, the user won't be blocked from visiting the address.

重要

若要完全啟用網路保護,您必須將群組原則選項設定為 [ 啟用 ],然後在 [選項] 下拉式功能表中選取 [ 封鎖 ]。To fully enable network protection, you must set the Group Policy option to Enabled and also select Block in the options drop-down menu.

使用登錄編輯程式確認已在本機電腦上啟用網路保護:Confirm network protection is enabled on a local computer by using Registry editor:

  1. 選取 [ 啟動 ] 並輸入 Regedit 以開啟 登錄編輯程式Select Start and type regedit to open Registry Editor.

  2. 流覽至 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtectionNavigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtection

  3. 選取 EnableNetworkProtection 並確認值:Select EnableNetworkProtection and confirm the value:

    • 0 = 關閉0=Off
    • 1 = 開啟1=On
    • 2 = 審計2=Audit

另請參閱See also