ABOUT BENCH FORUMS PODCAST LOGIN REGISTER
PC Components
Smartphones & tablets
Systems
ENTERPRISE & IT
GUIDES
DEALS

The Windows 10 Fall Creators Update Feature Focus

 by Brett Howse on November 10, 2017 8:00 AM EST
95 Comments | Add A Comment
95 Comments

Security Updates

Security is a never-ending battle, and each update Microsoft continues to add more features to help prevent malicious attacks. They have several new features that are worth going over for the Fall Creators Update.

Windows Defender Exploit Guard

The Enhanced Mitigation Experience Toolkit has been replaced with Windows Defender Exploit Guard features, and the EMET is no longer supported on Windows 10 v1709. Windows Defender Exploit Guard is a new set of Host Intrusion Prevention features which can be used to reduce the attack surface of Windows 10. It’s designed for an enterprise environment, and completely customizable through Group Policy.

It offers four general feature sets, which are exploit protection, attack surface reduction rules, network protection, and controlled folder access. For a full rundown on all of these new features, be sure to check out docs.microsoft.com which has all of the details and proper settings.

Windows Defender Application Guard

Application Guard is designed for Microsoft Edge to isolate untrusted sites, which are going to be a huge concern for any IT department. Internet Explorer did have some features to help in these scenarios, but Application Guard takes it to a whole new level by actually opening untrusted sites in an isolated Hyper-V enabled container, completely cut off from the host operating system. Any malicious code on the site would not be able to access the host OS, at least not easily, which offers a significant amount of protection over just blocking scripts and flash. The ability to do this through policy, and have only allowed trusted sites to run out of the container, is very powerful and is a strong reason to consider Edge for the enterprise.

Ransomware Protection

One specific feature to call out in Exploit Guard is the controlled folder access, which is a mitigation for ransomware. Ransomware has become a huge problem, and having malicious software encrypt your hard drive can put a damper on anyone’s day. Controlled folder access works by locking down folders to only authorized apps have access to the files. Luckily, controlled folder access is available to all in Windows 10, without needing any Group Policy to set it up.

You can enable controlled folder access right in the Security Center for Windows 10, and customize which folders you want it enabled for.

The idea behind controlled folders is pretty simple. Folders can’t get encrypted if the process doesn’t have access to them. Sometimes simple is the best.

Gaming Updates Closing Thoughts
PRINT THIS ARTICLE
Comments Locked

95 Comments

View All Comments

  • ddrіver - Sunday, November 12, 2017 - link

    Oh, and don't get me started on the whole "other big OS makers collect everything about you at all times" or "other big OS makers don't bother to push hardware vendors to support phone hardware more than 2-3 years so you only get 1 or 2 years of major updates". M$ is the real problem here.

  • BurntMyBacon - Wednesday, November 15, 2017 - link

    @ddriver: "Oh, and don't get me started on the whole "other big OS makers collect everything about you at all times" or "other big OS makers don't bother to push hardware vendors to support phone hardware more than 2-3 years so you only get 1 or 2 years of major updates"."

    You want me to brush aside grievances from other vendors to make Microsoft look worse by lack of comparison? I REFUSE!!! Phones and tablets may be consumption devices that you are better off leaving anything sensitive far away from, but they've been pushed as computer replacements, they've been developed for as computer replacements, and much of the market uses them as computer replacements. People email on their phones, send sensitive messages on their phones, use their phones to facilitate payments, and even bank on their phones. You can either call out people for doing things the are not educated enough to know they shouldn't do on their phones, or you can call out the vendors for creating and environment designed to cater to these practices while siphoning data in the background. Not everyone can be a security expert and the average consumer has a difficult enough time with malicious entities sending bad emails, texts, and links through their messenger/social app of choice. They shouldn't have to consider companies like Google, Microsoft, and Apple as malicious entities.

    @ddriver: "M$ is the real problem here."

    No. If Microsoft fixed everything, it would not affect the issues you stated above with other vendors. Microsoft's actions are problematic for sure and they should not be excused just because vendor X, Y, and Z are worse. However, Microsoft's actions are a symptom of a larger problem created by the anti-privacy features built into iOS and Android devices when smartphones were rising in popularity and perpetuated by the lack of concern over these privacy invading features by the worldwide market. If enough people wholesale dropped these platforms (read: Significant loss of profits) for a less invasive platform despite the extra costs and inconveniences involved, then they would fix some of these problems. Unfortunately, not enough people seem to care.

  • cwolf78 - Friday, November 10, 2017 - link

    Funny how there are a ton of comparison benchmarks including on this very site that completely refute your anecdotal claims.

  • Mo3tasm - Friday, November 10, 2017 - link

    You can benchmark how you want, but the "perceived" difference can't be benchmarked.

  • mr_tawan - Saturday, November 11, 2017 - link

    perception sometime is truth, some other time is illusion.

  • "Bullwinkle J Moose" - Friday, November 10, 2017 - link

    "slower than Win7 or even Win8.1"
    ----------------------------------------------
    That depends.....
    Bootup and shutdown speed is markedly faster but doing anything with your data is markedly slower

  • "Bullwinkle J Moose" - Friday, November 10, 2017 - link

    I just again tested Windows 8.1 boot time at 14 seconds (that is normal)
    Win 10 Full Crapper Edition booted to the same PC with the same SSD in 5.3 seconds

  • ddriver - Friday, November 10, 2017 - link

    Who cares about boot up speed, I boot up once every few months. Even a regular user doesn't boot up nowhere nearly enough to make a difference, when it craps over your entire usage.

  • "Bullwinkle J Moose" - Friday, November 10, 2017 - link

    Regular users, sure, but I measure it and care because I have been known to boot several different operating systems from this machine in a single day

    BIOS is set so that there is no primary boot device, which means that I can swap drives (or thumb drives) while the computer is rebooting and it will boot to whatever is currently plugged in instead of fumbling in the BIOS to change the boot order

    Makes testing something new quick and easy, whether its in XP, Linux, Win 7, Win 8 or any Edition of Spyware Platform 10

  • "Bullwinkle J Moose" - Friday, November 10, 2017 - link

    I also keep all the bootable SSD's on an external SATA to ESATA+USB Power cable so when I switch from SSD to thumb drive during a reboot, all I need to do is unplug the USB power to the SSD boot drive and plug in a thumb drive during reboot
Copyright © 2024. All rights reserved.
BENCH
TOPICS
FOLLOW
ABOUT

Log in

Don't have an account? Sign up now