The Windows 10 Fall Creators Update Feature Focus
by Brett Howse on November 10, 2017 8:00 AM ESTSecurity Updates
Security is a never-ending battle, and each update Microsoft continues to add more features to help prevent malicious attacks. They have several new features that are worth going over for the Fall Creators Update.
Windows Defender Exploit Guard
The Enhanced Mitigation Experience Toolkit has been replaced with Windows Defender Exploit Guard features, and the EMET is no longer supported on Windows 10 v1709. Windows Defender Exploit Guard is a new set of Host Intrusion Prevention features which can be used to reduce the attack surface of Windows 10. It’s designed for an enterprise environment, and completely customizable through Group Policy.
It offers four general feature sets, which are exploit protection, attack surface reduction rules, network protection, and controlled folder access. For a full rundown on all of these new features, be sure to check out docs.microsoft.com which has all of the details and proper settings.
Windows Defender Application Guard
Application Guard is designed for Microsoft Edge to isolate untrusted sites, which are going to be a huge concern for any IT department. Internet Explorer did have some features to help in these scenarios, but Application Guard takes it to a whole new level by actually opening untrusted sites in an isolated Hyper-V enabled container, completely cut off from the host operating system. Any malicious code on the site would not be able to access the host OS, at least not easily, which offers a significant amount of protection over just blocking scripts and flash. The ability to do this through policy, and have only allowed trusted sites to run out of the container, is very powerful and is a strong reason to consider Edge for the enterprise.
Ransomware Protection
One specific feature to call out in Exploit Guard is the controlled folder access, which is a mitigation for ransomware. Ransomware has become a huge problem, and having malicious software encrypt your hard drive can put a damper on anyone’s day. Controlled folder access works by locking down folders to only authorized apps have access to the files. Luckily, controlled folder access is available to all in Windows 10, without needing any Group Policy to set it up.
You can enable controlled folder access right in the Security Center for Windows 10, and customize which folders you want it enabled for.
The idea behind controlled folders is pretty simple. Folders can’t get encrypted if the process doesn’t have access to them. Sometimes simple is the best.
Facebook
Twitter
RSS
95 Comments
View All Comments
prophet001 - Monday, November 13, 2017 - link
Oh that's rich. Google trying to shut off another manufacturer's spyware.rofl
pjcamp - Monday, November 13, 2017 - link
How the hell do you spy on a machine with the power off?BurntMyBacon - Wednesday, November 15, 2017 - link
I think that was referring to a system with power connected, but in the "power off" state. The Intel Management Engine would still draw some power, so it wouldn't really be considered fully powered off. It just hasn't initialized the boot code from UEFI / BIOS / Etc. If I recall correctly, the Intel Management Engine doesn't require boot code to bring it up, but it can be reconfigured by the boot code. This is where coreboot could become useful if you want to disable the engine.Shiitaki - Tuesday, December 5, 2017 - link
It's not that hard to bypass the ME engine, just add an external network card.Ratman6161 - Friday, November 10, 2017 - link
"Microsoft should block ALL applications by default "People love to make sweeping comments like that without thinking through the consequences. Block ALL? Sure. So what does your average home user do then? With everything blocked you have to give them some mechanism to unblock the things they need or want. Unfortunately 99.99% will have no idea....and will click "yes" or "OK" or whatever. OR they won't have any clue what to do and will only know they wanted something and it doesn't work. Then the people who can't figure out how to get to their google docs etc will be on here flaming about the Microsoft Conspiracy to prevent them from using third party products.
Hurr Durr - Saturday, November 11, 2017 - link
This psycho was running around comments not long ago screaming how he "hack-proofed" WinXP and "challenged hackers and various intelligence services around the world" to crack it. Make your conclusions.Bullwinkle-J-Moose - Saturday, December 23, 2017 - link
Which Psycho is that Hurr Durr?I recall running around claiming that they couldn't "wreck" my box but I never said they couldn't "hack" my box
I would NEVER use XP for banking or passwords because even a read only system can be "hacked" but not permanently wrecked
This box is for testing the best of the best malware on the planet and it has often been "hacked"
However, a simple reboot restores it to pristine and fully functional condition by wiping away any malware, so stop trolling with your fake news
Samus - Sunday, November 12, 2017 - link
I trust Microsoft diagnostic submissions a hell of a lot more than amazon, Facebook, or google. As a whole I trust Microsoft and Apple over just about any other tech company because they are the only two that have business models not revolving around ad revenue. That’s partially why Bing failed...it didn’t invade your privacy enough.ddriver - Monday, November 13, 2017 - link
LOL and WOW, how dumb are you. Their business model revolves around milking people in every possible way they can as hard as they can. What an idiocy it is to assume they go though the effort to create an OS that is spyware at its core and they will not monetize on the acquired information just because they have other sources of revenue.prophet001 - Monday, November 13, 2017 - link
They did this in the wake of the sheeple devouring Google's and Apple's creations and paradigms.If you can't beat em, join me.
Microsoft was one of the last bastions of personal privacy in an OS but ya'll told them, through your adoption practices, "hey it's cool. take my stuff" and so they did.