Configure Windows Defender Network protection in Windows 10 - gHacks Tech News

Configure Windows Defender Network protection in Windows 10

Network Protection is a new security feature of Windows Defender that Microsoft introduced in the Fall Creators Update for its Windows 10 operating system.

It extends Windows Defender SmartScreen by blocking outbound (HTTP and HTTPS) traffic connecting to resources that have a low reputation.

The feature is part of Windows Defender Exploit Guard, and it requires that Windows Defender is turned on, and that the security program's real-time protection feature is enabled as well.

Tip: check out our previews guides on Controlled Folder Access, Exploit Protection and Attack Surface Reduction for a complete overview of the new security features.

Windows Defender Network protection

System administrators and users may configure the Network protection feature of Windows Defender using policies, PowerShell or MDM CSPs.

Group Policy

network protection group policy

You can use the Group Policy to enable the Network protection feature on Windows 10 Fall Creators Update (or newer) PCs.

Note: The Group Policy Editor is not available on Home editions of Windows 10.

  1. Tap on the Windows-key, type gpedit.msc and hit the Enter-key to load the Group Policy Editor.
  2. Navigate to Computer Configuration > Administrative Templates > Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Network protection.
  3. Load "Prevent users and apps from accessing dangerous websites" with a double-click.
  4. Set the policy to enabled, and assign it one of the available modes:
    1. Block -- Malicious IP addresses and domains are blocked.
    2. Disabled (default) -- The feature is not active.
    3. Audit Mode -- This records blocked events but won't block the events.

Using PowerShell

You may use the PowerShell instead to manage the Network protection feature. The following commands are available:

  • Set-MpPreference -EnableNetworkProtection Enabled
  • Set-MpPreference -EnableNetworkProtection AuditMode
  • Set-MpPreference -EnableNetworkProtection Disabled

You need to open an elevated PowerShell prompt to run these commands:

  1. Tap on the Windows-key, type PowerShell, hold down the Shift-key and the Ctrl-key, and select PowerShell from the results to open a PowerShell interface with administrative privileges.

Network protection events

Events are recorded when the feature is enabled. Microsoft published a resource package that includes custom views for Event Viewer to make things easier for administrators.

  1. Download the Exploit Guard Evaluation Package from Microsoft.
  2. Extract the package to the local system.
  3. It contains custom XML views for all Exploit Guard events. You need the file np-events.xml for the custom network protection event view.
  4. Tap on the Windows-key, type Event Viewer, and select the entry that is returned by search.
  5. Select Action > Import Custom View.
  6. Load np-events.xml and select ok to add the view to the Event Viewer.

The following events are written to the log when the security feature is enabled on Windows 10 machines:

  • Event 1125 -- Audit-mode events.
  • Event 1126 -- Block-mode events.
  • Event 5007 -- Settings modification events

Resources

Summary
Configure Windows Defender Network protection in Windows 10
Article Name
Configure Windows Defender Network protection in Windows 10
Description
Network Protection is a new security feature of Windows Defender that Microsoft introduced in the Fall Creators Update for its Windows 10 operating system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. LUL said on October 26, 2017 at 8:42 am
    Reply

    Best way to configure it is to uninstall it and install some good antivirus product.

    1. PanamaVet said on October 26, 2017 at 6:11 pm
      Reply

      In fact, earlier this year a FoxPro developer working to make FoxPro more secure discovered A/V software injecting vulnerabilities into FoxPro.

      Vulnerabilities have been discovered this year in major A/V products. Installing them creates vulnerabilities on
      your machine.

      Assumptions about A/V software should be discarded. They don’t quarantine themselves.

      Telling people to install vulnerabilities to catch other vulnerabilities is bad advice.

      The developer’s recommendation? The A/V should be built into the O/S. His choice based on what he was observing was Defender running in Windows 10.

      The Windows Creators update is focusing on leveraging this advantage to our benefit.

      1. www.com said on October 30, 2017 at 2:41 am
        Reply

        That’s pretty good M$ spin for their weak-ass Defender. And yes, I’ve used Defender in the past. It hardly ever detects anything after using it for a year.

    2. CHEF-KOCH said on October 26, 2017 at 9:32 pm
      Reply

      I call bull, MS never needed any AV because since I don’t know how many years exactly you can restrict everything better with GPO/secpol/AS/.. all given by MS and it works without any external software. Why people trust other company’s when they using a OS which they distrust is beyond me. If you distrust the OS then switch it, if you need another spying product to protect against ‘OS spying’ then the entire point becomes useless.

      None of the integrated MS mechanism are weak and most are easy to configure. Besides the thing that nothing is anymore about destroying you files like in the 90’s it’s more to obtain your private data which simply requires a good firewall and some brain.

  2. TelV said on October 26, 2017 at 11:27 am
    Reply

    It’s a pity that the additional protection measures aren’t available in other versions of Windows which are still supported such as Windows 7 and 8.1

    1. RedImpala said on October 26, 2017 at 5:05 pm
      Reply

      Protection you say?
      If anything it’s more like 10% protection and 90% users data collection.

  3. patrick said on October 26, 2017 at 9:46 pm
    Reply

    I prefer Heimdal Pro for network protection. Antivirus is blind to the malware that’s on the web today.

  4. exrelayman said on October 27, 2017 at 6:26 am
    Reply

    Heh- I thought more protection sounded good and used the powershell commands of this article and the controlled folder access article. Could no longer save any documents I created. Could not make any change to any existing document. Could not scan with my canon printer. Took a while and some hair pulling before I figured out these ‘protections’ were killing me. All is fixed now. Thanks ever so much for including the ‘disable’ command in your articles.

    You have some very skilled readers and then you have some like me!

  5. jasray said on October 28, 2017 at 1:21 am
    Reply

    “Best way to configure it is to uninstall it and install some good antivirus product.”

    Poor pauper–doesn’t realize he’s receiving sage advice in making some software more effective.

  6. coakl said on November 1, 2017 at 12:42 am
    Reply

    AdBlock Plus and Ublock Origin will provide FAR, FAR more protection than these half-baked Microsoft efforts.
    And using a non-Microsoft web browser, too.

    These are the #1 and #2 security measures you NEVER see mentioned by MS.

  7. Erit said on December 3, 2017 at 11:04 am
    Reply

    I installed ADMX of windows 10 1709 and these policies are not existing over there

  8. Arcionquad said on May 7, 2018 at 1:43 am
    Reply

    Easy and done. Thanks, Martin.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.