Security Updates

Security is a never-ending battle, and each update Microsoft continues to add more features to help prevent malicious attacks. They have several new features that are worth going over for the Fall Creators Update.

Windows Defender Exploit Guard

The Enhanced Mitigation Experience Toolkit has been replaced with Windows Defender Exploit Guard features, and the EMET is no longer supported on Windows 10 v1709. Windows Defender Exploit Guard is a new set of Host Intrusion Prevention features which can be used to reduce the attack surface of Windows 10. It’s designed for an enterprise environment, and completely customizable through Group Policy.

It offers four general feature sets, which are exploit protection, attack surface reduction rules, network protection, and controlled folder access. For a full rundown on all of these new features, be sure to check out docs.microsoft.com which has all of the details and proper settings.

Windows Defender Application Guard

Application Guard is designed for Microsoft Edge to isolate untrusted sites, which are going to be a huge concern for any IT department. Internet Explorer did have some features to help in these scenarios, but Application Guard takes it to a whole new level by actually opening untrusted sites in an isolated Hyper-V enabled container, completely cut off from the host operating system. Any malicious code on the site would not be able to access the host OS, at least not easily, which offers a significant amount of protection over just blocking scripts and flash. The ability to do this through policy, and have only allowed trusted sites to run out of the container, is very powerful and is a strong reason to consider Edge for the enterprise.

Ransomware Protection

One specific feature to call out in Exploit Guard is the controlled folder access, which is a mitigation for ransomware. Ransomware has become a huge problem, and having malicious software encrypt your hard drive can put a damper on anyone’s day. Controlled folder access works by locking down folders to only authorized apps have access to the files. Luckily, controlled folder access is available to all in Windows 10, without needing any Group Policy to set it up.

You can enable controlled folder access right in the Security Center for Windows 10, and customize which folders you want it enabled for.

The idea behind controlled folders is pretty simple. Folders can’t get encrypted if the process doesn’t have access to them. Sometimes simple is the best.

Gaming Updates Closing Thoughts
Comments Locked

95 Comments

View All Comments

  • blackmagnum - Friday, November 10, 2017 - link

    Free is free, right? Microsoft, keep them coming a the timely manner and I just might turn on Full Diagnostic data for you.
  • ddriver - Friday, November 10, 2017 - link

    I like how you think that turning it off somehow keeps your data safer ;)
  • "Bullwinkle J Moose" - Friday, November 10, 2017 - link

    Speaking of keeping your data safer......
    Here is a juicy quote>

    "One thing you still can’t do is actually view the site certificate. The information provided by Edge is very basic, with no option to open the certificate in the more advanced Windows certificate tools to check the trust chain"

    Also irrelevant to the "Improved" security claim
    Microsoft still lets most "trusted" software through the Firewall by default as long as they have a "Valid" certificate

    Yes, Microsoft lets malicious copies of CCleaner, VLC and pretty much all the other "trusted" applications who have been in the news lately because they had "Valid" certificates for compromised installers (Directly from the manufacturer B.T.W.)

    Microsoft should block ALL applications by default (both sending and receiving) including ALL Windows components and telemetry "IF" they were concerned about end user security, but they are not

    Microsoft now has all the telemetry they need to improve their products for older hardware so why won't they turn it off?

    Because it's a Spyware Platform!

    You can't really spy on EVERYONE if you close all the backdoors.....DUH!

    and sending encrypted messages won't help you if the NSA is watching you type the message!
    Double DUH!
  • 5080 - Friday, November 10, 2017 - link

    I hope you don't use any Intel CPU's if you're that concerned about spy ware in your system. The Intel Management Engine or ME is spying on you even of your system is powered down.Google is working on a solution to kill the MINIX based ME, but they haven't figured out how to do it yet without disabling some of the CPU's features.
    People don't really care about the collection of telemetry data, if they would really care than no one would buy any more cell phones, Chromebooks or Windows PC's. It has become a part of how we consume and use this devices.
  • "Bullwinkle J Moose" - Friday, November 10, 2017 - link

    Oh you are so wrong 5080
    The Intel Management Engine is disabled and has never been used on ANY of my computers
    There is even an app you can download and check whether or not it is enabled

    Never EVER installed the ME software either

    I could see this problem coming 10 years ago!
  • 5080 - Friday, November 10, 2017 - link

    Intel constantly "optimized" ME on their CPU's. Who knows, when they can activate this without user consent. The disturbing part is that the option is there.
  • linuxgeex - Saturday, November 11, 2017 - link

    Actually, unless you specifically purchased a mobo with Coreboot, you have an active ME and you just don't know it.
  • negusp - Saturday, November 11, 2017 - link

    Lol yeah he's a retard. Any recent Intel CPU needs a couple BIOS pages wiped to have the ME disabled.
  • shabby - Friday, November 10, 2017 - link

    Could of swore that needed an intel network card to fully function.
  • "Bullwinkle J Moose" - Friday, November 10, 2017 - link

    Correct Shabby
    I think Steve Gibson covered that in a Security Now video

Log in

Don't have an account? Sign up now