New Windows 10 Security Features: The Anti-ransomware Edition
Microsoft released information about security updates to Windows 10 they will be rolling out in 1709, Fall Creators Edition. Microsoft continues their Cloud push by enhancing Windows as a service and announcing they will make twice a year updates to their operating system. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer must wait for a new operating system to deploy new security features. Windows 10 1709: The anti-ransomware edition is really focusing on the impacts of ransomware.
Here is what has been announced as the new security features and options in Windows 10 version 1709, also known as the Fall Creators Edition. The Windows Defender Exploit Guard helps defend and block against attacks. The four features of Exploit Guard include:
- Exploit Protection: controlled via group policy or PowerShell and does not require Windows Defender to be your primary antivirus. An additional cloud-based logging service called Windows Defender Advanced Threat Protection is an optional feature. It provides forensic tracking evidence of threats and attacks and can be used to better track and investigate Exploit Guard events.
- Attack Surface Reduction tools: a new set of tools that block primarily Office, Java, and other zero-day-type attacks. You will receive Windows E5 license and Advanced Windows Threat Protection, as well as cloud-based alerting system when these rules are triggered. This is one of the three Windows Defender Exploit Guard features that will not work with third-party antivirus deployed. You must use Windows Defender to enable this protection.
- Network Protection: designed to protect your computer and your network from domains that may host phishing scams, exploits, and other malicious content on the internet. It is enabled by either group policy or PowerShell. This is one of the three Windows Defender Exploit Guard features that will not work with third-party antivirus deployed. You must use Windows Defender to enable this protection.
- Controlled Folder Access: designed to prevent and defend from typical ransomware attacks. It can be enabled using Windows Defender Security Center app via Group Policy, PowerShell or configuration service providers for mobile device management. The program defaults to protecting certain files, but the administrator can also add folders they deem need additional protection. All applications that access any executable file use the Windows Defender Antivirus interface to determine if the application is safe. If the application is malicious, it is blocked from making changes to files in protected folders. This feature will not work with third-party antivirus deployed. You must use Windows Defender to enable this protection.
The Windows Defender Exploit Guard is just one of many changes Microsoft is introducing us to in Windows 10 1709. It is important that your organization is taking the time and educating yourselves on all the changes that are being rolled out, as many of these new features require you to act. Much of this anti-ransomware protection needs your organization to be proactive and make changes to it that best suits your business. They are providing the tools you need, but you need to use them for them to be beneficial to your business. If you need help understanding the changes or need help rolling out these changes in your organization, give 2W Tech a call today. We are Tier I Certified Microsoft Cloud partner and can help you with your journey in the cloud.
7 Steps to a Holistic Security Strategy
Interested in reading this article? Click the button below to download this asset.