All the security benefits that are essential to keep any intrusion threats at bay are run by the Windows Defender Exploit Guard or WDEG. One of the features that this security tool has is the “Exploit Protection” which automatically applies to a lot of mitigation techniques. You can test this feature inside the Windows Defender Security Center under the App & browser control > Exploit protection. You can manage the system-wide settings as well as program-specific overrides when you access the Exploit Protection settings. This post will show you how to configure and manage Windows system and application exploit mitigations using the Windows Defender Exploit Guard (WDEG).
You can find the Exploit Guard under the Security Analytics dashboard of the Windows Defender ATP console. The primary function of this tool is to enable enterprises to view how the feature is configured over their device and to drive compliance with recommendations according to the best practice configurations.
Through Windows Exploit Guard, you can configure the following:
- Attack surface reduction
- Exploit Protection
- Network Protection
- Controlled Folder Access
There are three components that manages the Windows Defender Exploit Guard, namely:
- Group Policy or GP
- System Center Configuration Manager or SCCM
- Mobile Device Management or MDM like the Microsoft Intune
All of these components can be run in both the Block and Audit modes so if there are any instance of malicious behavior detected when Block mode is enabled, the Windows Defender Exploit Guard will automatically block the event from occurring in real-time. To put it simply, when Block mode is on, Windows Defender Exploit Guard will automatically block any kind of malicious activities in the system before it can start its attack.
Network Protection, Controlled folder access and Block events for Attack Surface Reduction, by default, will instantly display a real-time toast notification and an event log which can be viewed centrally by security operations personnel in the Windows Defender Advanced Threat Protection or WD ATP console.
The possibility of an occurrence of an event is detected by the Audit Mode if it would have occurred and convey that information to the event log and the Windows Defender Advanced Threat Protection console. This enables enterprise customers to assess how a rule or a feature within the Windows Defender Exploit Guard would function in their enterprise which as a result, contributed in the decision-making process in determining if the exclusions are required to set up or not.
Configure Windows Defender Exploit Guard for mitigations
All mitigations can be configured for individual apps while there are only a handful of mitigations which can be applied at the operating system level. You can also set a value for each of the mitigations whether you want it on or off or leave it on its default value.
At the “Use default” option for mitigation, the default values are always specified in brackets. And as you can see on the screenshot below, “On” is the default setting for Data Execution Prevention.
In general, the use of the default configuration for each one of the settings in mitigation is advised for offering a base level of protection especially for daily usage by home users. Moreover, it is also advised for Enterprise deployments to consider the protection features so that it can be suitable to individual needs.
For any PC system issues, such as corrupted registries or slow PC performance, you can try a one-click solution in the form of PC Cleaner Pro. This program is a useful tool that could repair corrupted registries and optimize your PC’s overall performance. Aside from that, it also cleans out your computer for any junk or corrupted files that help you eliminate any unwanted files from your system.
Perform a full system scan using PC Cleaner Pro. To do so, follow the instructions below.
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/pccleanerpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading PC Cleaner Pro. Installation will start automatically once download is done.
- Click OK to launch the program.
- Run the program and click the Click to Start Scanbutton to perform a full system scan
- After all the infections are identified, click FIX ALL.