Windows 10: Enable Windows Defender Exploit Guard Network Protection in Windows 10

How to: Enable Windows Defender Exploit Guard Network Protection in Windows 10

How to Enable or Disable Windows Defender Exploit Guard Network Protection in Windows 10


Network protection is a feature that is part of version 1709[/b]. It helps to prevent users from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.

If you enable Network Protection and it blocks a connection, a notification will be displayed from the Action Center.

You can also use audit mode to evaluate how Network Protection would impact your organization if it were enabled.

For more information, see also:

• Use Network protection to help prevent connections to bad sites | Microsoft Docs
• Conduct a demo to see how Network protection works | Microsoft Docs
• Turn Network protection on | Microsoft Docs

This tutorial will show you how to enable or disable Windows Defender Exploit Guard Network Protection for all users in Windows 10.

*Warning You must be signed in as an administrator to enable or disable Network Protection.

*tip You can test Network Protection by visiting the fake malicious domain below provided by Microsoft.

*Arrow SmartScreen Test


CONTENTS:

• Option One: Enable or Disable Windows Defender Exploit Guard Network Protection in Local Group Policy Editor
• Option Two: Enable or Disable Windows Defender Exploit Guard Network Protection using a REG file
• Option Three: Enable or Disable Windows Defender Exploit Guard Network Protection in PowerShell

EXAMPLE: Connection blocked by network protection









OPTION ONE [/i] Enable or Disable Windows Defender Exploit Guard Network Protection in Local Group Policy Editor

*note The Local Group Policy Editor is only available in the Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions.

All editions can use Option Two or Option Three below.

1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
*Arrow Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Network protection




3. In the right pane of Network protection in Local Group Policy Editor, double click/tap on the Prevent users and apps from accessing dangerous websites policy to edit it. (see screenshot above)

4. Do step 5 (enable), step 6 (audit mode), or step 7 (disable) below for what you would like to do.


5. To Enable Windows Defender Exploit Guard Network Protection
A) Select (dot) Enabled, select Block in the Options drop menu, click/tap on OK, and go to step 8 below. (see screenshot below)

6. To Enable Windows Defender Exploit Guard Network Protection using Audit Mode Only
A) Select (dot) Enabled, select Audit Mode in the Options drop menu, click/tap on OK, and go to step 8 below. (see screenshot below)

7. To Disable Windows Defender Exploit Guard Network Protection
A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 8 below. (see screenshot below)

*note Not Configured[/B] is the default setting.




8. When finished, close the Local Group Policy Editor.





OPTION TWO [/i] Enable or Disable Windows Defender Exploit Guard Network Protection using a REG file

*note The downloadable .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection

EnableNetworkProtection DWORD

(delete) = Disable
1 = Enable
2 = Audit Mode

1. Do step 2 (enable), step 2 (audit mode), or step 4 (disable) below for what you would like to do.


2. To Enable Windows Defender Exploit Guard Network Protection
A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Enable_Windows_Defender_Network_Protection.reg

Download

3. To Enable Windows Defender Exploit Guard Network Protection using Audit Mode Only
A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Enable_Windows_Defender_Network_Protection_Audit_Mode.reg

Download

4. To Disable Windows Defender Exploit Guard Network Protection
*note This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Disable_Windows_Defender_Network_Protection.reg

Download
5. Save the .reg file to your desktop.

6. Double click/tap on the downloaded .reg file to merge it.

7. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8. Restart the computer to apply.

9. You can now delete the downloaded .reg file if you like.





OPTION THREE [/i] Enable or Disable Windows Defender Exploit Guard Network Protection in PowerShell
1. Open an elevated PowerShell.

2. Copy and paste the command below you want to use into the elevated PowerShell, and press Enter. (see screenshots below)
(Enable Windows Defender Exploit Guard Network Protection)
*Arrow Set-MpPreference -EnableNetworkProtection Enabled





OR

(Enable Windows Defender Exploit Guard Network Protection using Audit Mode Only)
*Arrow Set-MpPreference -EnableNetworkProtection AuditMode





OR

(Disable Windows Defender Exploit Guard Network Protection - DEFAULT)
*Arrow Set-MpPreference -EnableNetworkProtection Disabled




3. Close the elevated PowerShell.

4. Restart the computer to apply.

That's it,
Shawn


Related Tutorials

• How to Change Windows Defender Exploit Protection Settings in Windows 10
• Hide or Show App and Browser Control in Windows Defender Security Center in Windows 10
• How to Enable or Disable Windows Defender Exploit Protection Settings in Windows 10

:)

 

network protection, a feature in windows defender exploit guard, doesn't work right

In case it still isn’t clear; the Windows IT Pro Center documentation gets cited in discussions of the Windows Defender Exploit Guard features because it’s the most comprehensive documentation for all of these next-gen features, including the Network
Protection feature. That shouldn’t be taken to imply that any of these technologies are limited to enterprise environments, or that the topic is limited to security administrators. If you’re looking for the simplified documentation, it's right here:

Enable Windows Defender Exploit Guard Network Protection in Windows 10

And yes, I can personally guarantee that no Enterprise Security Administrator would ever be caught dead downloading Brink’s
Enable_Windows_Defender_Network_Protection.reg file. That file is for Windows 10 Home users who are afraid of the PowerShell command line.

 

Need exclusion for Defender Exploit Guard Network Protection

I have a configuration where the Defender Exploit Guard Network Protection needs to be enabled. Recently an MS update must have changed what triggers this protection and I now have 2 custom applications
that no longer launch properly.

An acceptable solution is to add exclusions for the offending applications.

I have been trying to add an exclusion for these application but without any luck. The only way to get the applications to work is to disable the feature through gpedit. Here the option:

"Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites"

These are standalone Win10Pro machines running version 1803. I've tried the following:

1) Using gpedit, adding the application exe and path to

"Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Exclusions\Path Exclusions"

2) Using Defender Security Center - App&browser Control - Exploit protection settings - Program Settings

Adding each application and then disabling ALL system options.

I'm kinda stuck at the moment and I'm hoping I'm missing something.

Thanks,

Dave

 

Bug? In Windows Defender Exploit Guard.

If we assume that this is just a glitch, then you might be able to reset the Exploit protection defaults by exporting the settings from an unaffected PC (with default settings) and then importing those settings on the affected machines. This looks
to be the backup/restore tool for the Exploit protection settings:

https://docs.microsoft.com/en-us/wi...ard/import-export-exploit-protection-emet-xml

Export and Import Exploit Protection Settings in Windows 10

 

Does Windows Defender Exploit Protection log anywhere?


Does this document helps?

*Arrow docs.microsoft.com | list-of-all-windows-defender-exploit-guard-events

and docs.microsoft.com | evaluate-exploit-protection

 

Need exclusion for Defender Exploit Guard Network Protection

I have a configuration where the Defender Exploit Guard Network Protection needs to be enabled. Recently an MS update must have changed what triggers this protection and I now have 2 custom applications that no longer launch properly.

An acceptable solution is to add exclusions for the offending applications.

I have been trying to add an exclusion for these application but without any luck. The only way to get the applications to work is to disable the feature through gpedit. Here the option:

"Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites"

These are standalone Win10Pro machines running version 1803. I've tried the following:

1) Using gpedit, adding the application exe and path to
"Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Exclusions\Path Exclusions"

2) Using Defender Security Center - App&browser Control - Exploit protection settings - Program Settings
Adding each application and then disabling ALL system options.

I'm kinda stuck at the moment and I'm hoping I'm missing something.

Thanks,
Dave