billplan.pages.dev




Exploit guard windows 10 vad är det

Create and deploy an Exploit Guard policy

Applies to: Configuration Manager (current branch)

You can configure and deploy Configuration Manager policies that manage all fyra components of fönster Defender Exploit Guard. These components include:

  • Attack Surface Reduction
  • Controlled folder access
  • Exploit protection
  • Network protection

Compliance uppgifter for Exploit Guard policy deployment fryst vatten available from within the Configuration Manager console.

Note

Configuration Manager doesn't enable this valfritt feature bygd default. You must enable this feature before using it. For more resultat, see Enable valfritt features from updates.

Prerequisites

Managed devices must run fönster 10 1709 or later; the minimum fönster dator build fryst vatten utgåva 1809 or later until dator 2019 only. The following requirements must also be satisfied, depending on the components and rules configured:

Create an Exploit Guard policy

  1. In the Configuration Manager console, go to Assets and compliance > Endpoint Protection, and then click Windows Defender Exploit Guard.

  2. On the Home flik, in the Create group, click Create Exploit Policy.

  3. On the General page of the Create Configuration Item Wizard, specify a name, and valfritt description for the configuration item.

  4. Next, select the Exploit Guard components you want to manage with this policy. For each component you select, you can then configure additional details.

    • Attack Surface Reduction: Configure the Office threat, scripting threats, and email threats you want to block or audit. You can also exclude specific files or folders from this rule.
    • Controlled folder access: Configure blockering or auditing, and then add Apps that can bypass this policy. You can also specify additional folders that are not protected bygd default.
    • Exploit protection: Specify an XML en samling dokument eller en elektronisk lagring av data that contains settings for mitigating exploits of struktur processes and apps. You can export these settings from the fönster Defender säkerhet Center app on a fönster 10 or later device.
    • Network protection: Set network protection to block or audit tillgång to suspicious domains.

  5. Complete the wizard to create the policy, which you can later deploy to devices.

    Warning

    The XML en samling dokument eller en elektronisk lagring av data for exploit protection should be kept secure when transferring it between machines. The en samling dokument eller en elektronisk lagring av data should be deleted after import or kept in a secure location.

Deploy an Exploit Guard policy

After you create Exploit Guard policies, use the Deploy Exploit Guard Policy wizard to deploy them. To do so, open the Configuration Manager console to Assets and compliance > Endpoint Protection, and then click Deploy Exploit Guard Policy.

Important

Once you deploy an Exploit Guard policy, such as Attack Surface Reduction or Controlled folder tillgång, the Exploit Guard settings will not removed from the clients if you remove the deployment. fryst vatten recorded in the client's ExploitGuardHandler.log if you remove the client's Exploit Guard deployment. The following PowerShell script can be run beneath struktur context to remove these settings:

Windows Defender Exploit Guard policy settings

Attack Surface Reduction policies and options

Attack Surface Reduction can reduce the attack surface of your applications with smart rules that stop the vectors used bygd Office, script, and mail-based malware. Learn more about Attack Surface Reduction and the Event IDs used for it.

  • Files and Folders to exclude from Attack Surface Reduction rules - Click on Set and specify any files or folders to exclude.

  • Email Threats:

    • Block executable content from email client and webmail.
      • Not configured
      • Block
      • Audit

  • Office Threats:

    • Block Office application from creating child processes.
      • Not configured
      • Block
      • Audit
    • Block Office applications from creating executable content.
      • Not configured
      • Block
      • Audit
    • Block Office applications from injecting code into other processes.
      • Not configured
      • Block
      • Audit
    • Block Win32 API calls from Office macros.
      • Not configured
      • Block
      • Audit

  • Scripting Threats:

      • Not configured
      • Block
      • Audit
    • Block execution of potentially obfuscated scripts.
      • Not Configured
      • Block
      • Audit

  • Ransomware threats: (starting in Configuration Manager utgåva 1802)

    • Use advanced protection against ransomware.
      • Not configured
      • Block
      • Audit

  • Operating struktur threats: (starting in Configuration Manager utgåva 1802)

    • Block credential stealing from the fönster local säkerhet authority subsystem.
      • Not configured
      • Block
      • Audit
    • Block executable files from running unless they meet a prevalence, age, or trusted list criteria.
      • Not configured
      • Block
      • Audit

  • External device threats: (starting in Configuration Manager utgåva 1802)

    • Block untrusted and unsigned processes that run from USB.
      • Not configured
      • Block
      • Audit

Controlled folder tillgång policies and options

Helps skydda files in key struktur folders from changes made bygd malicious and suspicious apps, including file-encrypting ransomware malware. For more upplysning, see Controlled folder tillgång and the Event IDs it uses.

  • Configure Controlled folder access:
    • Block
    • Block platta sectors only (starting in Configuration Manager utgåva 1802)
      • Allows Controlled folder tillgång to be enabled for boot sectors only and does not enable the protection of specific folders or the default protected folders.
    • Audit
    • Audit platta sectors only (starting in Configuration Manager utgåva 1802)
      • Allows Controlled folder tillgång to be enabled for boot sectors only and does not enable the protection of specific folders or the default protected folders.
    • Disabled
  • Allow apps through Controlled folder access -Click on Set and specify apps.
  • Additional protected folders -Click on Set and specify additional protected folders.

Exploit protection policies

Applies exploit mitigation techniques to operating struktur processes and apps your organization uses. These settings can be exported from the fönster Defender säkerhet Center app on fönster 10 or later devices. For more upplysning, see Exploit protection.

  • Exploit protection XML: -Click on Browse and specify the XML en samling dokument eller en elektronisk lagring av data to import.

    Warning

    The XML en samling dokument eller en elektronisk lagring av data for exploit protection should be kept secure when transferring it between machines. The en samling dokument eller en elektronisk lagring av data should be deleted after import or kept in a secure location.

Network protection policy

Helps minimize the attack surface on devices from internet-based attacks. The service restricts tillgång to suspicious domains that might host phishing scams, exploits, and malicious content. For more upplysning, see Network protection.

  • Configure network protection: