Protect your Windows 10 devices from exploits and malware with the Windows Defender Exploit Guard profile. Workspace ONE UEM uses these settings to protect your devices from exploits, reduce attack surfaces, control folder access, and protect your network connections.

Windows Defender Exploit Guard

Various malware and exploits use vulnerabilities in your Windows 10 devices to gain access to your network and devices. Workspace ONE UEM uses the Windows Defender Exploit Guard profile to protect your devices from these bad actors. The profile uses the Windows Defender Exploit Guard settings native to Windows 10. The profile contains four different methods of protection. These methods cover different vulnerabilities and attack vectors.

Exploit Protection

Exploit protection automatically applies exploit mitigations to both the operating system and apps. These mitigations also work with third-party antivirus and Windows Defender antivirus. In the Windows Defender Exploit Guard profile, you configure these settings by uploading a configuration XML file. This file must be created using the Windows Security App or PowerShell.

Attack Surface Reduction

Attack surface reduction rules help prevent the typical actions malware use to infect devices. These rules target actions such as:
  • Executable files and scripts used in Office apps or web mail that try to download or run files
  • Obfuscated or otherwise suspicious scripts
  • Actions that apps do not usually use

Attack surface reduction rules require Windows Defender Real Time Protection enabled.

Controlled Folder Access

Controlled folder access helps protect your valuable data from malicious apps and threats including ransomware. When enabled, Windows Defender Antivirus reviews all apps (.EXE, .SCR, .DLL, and so on). Windows Defender then determines if the app is malicious or safe. If the app is marked as malicious or suspicious, then Windows prevents the app from changing files in protected folders.

Protected folders include common system folders. You can add you own folders to Controlled Folder Access. Most known and trusted apps can access protected folders. If you want an internal or unknown app to access protected folders, you must add the app file path when creating the profile.

Controlled folder access requires Windows Defender Real Time Protection enabled.

Network Protection

Network protection helps protect users and data from phishing scams and malicious websites. These settings prevent users from using any app to access dangerous domains that might host phishing attacks, exploits, or malware.

Network protection requires Windows Defender Real Time Protection enabled.

Additional Information

For more information on the specific exploit protections and settings configured, see https://docs.microsoft.com/en-us/sccm/protect/deploy-use/create-deploy-exploit-guard-policy.