This article is a part of a series. The previous article can be found here:
All the Guards – Part 6 (Application Guard)
In this article I’m going to focus on the next component, which is:
The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviours commonly used in malware attacks, while enabling enterprises to balance their security risk and productivity requirements.
These four components are:
The four components of Windows Defender Exploit Guard are:
- Attack Surface Reduction (ASR): A set of controls that enterprises can enable to prevent malware from getting on the machine by blocking Office-, script-, and email-based threats
- Network protection: Protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP through Windows Defender SmartScreen
- Controlled folder access: Protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders
- Exploit protection: A set of exploit mitigations (replacing EMET) that can be easily configured to protect your system and applications
More details can be found here:
Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware
Typically you use Microsoft Endpoint Manager to:
Create and deploy Exploit Guard policy
but there are other methods as I have detailed here for
Attack Surface Reduction (ASR)
Windows Defender Exploit Guard is one of the best ways that you can minimise the risk of malware infection on Windows 10 devices and as such, should be enabled across all such devices in your fleet.
The next article will look at:
CIAOPS 
3 thoughts on “All the Guards–Part 7”