The Windows 10 Fall Creators Update Feature Focus
by Brett Howse on November 10, 2017 8:00 AM ESTSecurity Updates
Security is a never-ending battle, and each update Microsoft continues to add more features to help prevent malicious attacks. They have several new features that are worth going over for the Fall Creators Update.
Windows Defender Exploit Guard
The Enhanced Mitigation Experience Toolkit has been replaced with Windows Defender Exploit Guard features, and the EMET is no longer supported on Windows 10 v1709. Windows Defender Exploit Guard is a new set of Host Intrusion Prevention features which can be used to reduce the attack surface of Windows 10. It’s designed for an enterprise environment, and completely customizable through Group Policy.
It offers four general feature sets, which are exploit protection, attack surface reduction rules, network protection, and controlled folder access. For a full rundown on all of these new features, be sure to check out docs.microsoft.com which has all of the details and proper settings.
Windows Defender Application Guard
Application Guard is designed for Microsoft Edge to isolate untrusted sites, which are going to be a huge concern for any IT department. Internet Explorer did have some features to help in these scenarios, but Application Guard takes it to a whole new level by actually opening untrusted sites in an isolated Hyper-V enabled container, completely cut off from the host operating system. Any malicious code on the site would not be able to access the host OS, at least not easily, which offers a significant amount of protection over just blocking scripts and flash. The ability to do this through policy, and have only allowed trusted sites to run out of the container, is very powerful and is a strong reason to consider Edge for the enterprise.
Ransomware Protection
One specific feature to call out in Exploit Guard is the controlled folder access, which is a mitigation for ransomware. Ransomware has become a huge problem, and having malicious software encrypt your hard drive can put a damper on anyone’s day. Controlled folder access works by locking down folders to only authorized apps have access to the files. Luckily, controlled folder access is available to all in Windows 10, without needing any Group Policy to set it up.
You can enable controlled folder access right in the Security Center for Windows 10, and customize which folders you want it enabled for.
The idea behind controlled folders is pretty simple. Folders can’t get encrypted if the process doesn’t have access to them. Sometimes simple is the best.
Facebook
Twitter
RSS
95 Comments
View All Comments
ddriver - Friday, November 10, 2017 - link
Oh wow, I bet those 10 seconds you save are a life changer.inighthawki - Friday, November 10, 2017 - link
Oh come on. He's booting into several different OSs a day. That's at least a full minute.ddriver - Friday, November 10, 2017 - link
Yeah, and they are all windoze 10, which saves that much time :)I was talking about the boot time difference relative to w7, not the overall boot time.
I usually run at least 2-3 OS in the same time, it is much faster and far more usable when you use virtual machines rather than booting one OS at a time. You get to use them in parallel and also avoid the mobo post time. The only downside is you need plenty of ram.
ddrіver - Sunday, November 12, 2017 - link
Well, not actually every few months but easily every couple of days.ddriver - Friday, November 10, 2017 - link
Windoze 10 is a great OS, I just has an amazing experience with it the other day with its latest and greatest iteration.A laptop was behaving weirdly, so I decided to do some checkups, beginning with a disk check.
Clicking to run the disk check, I was told that there is no need to run it because the disk is OK.
I insisted to run it nonetheless, and to automatically fix errors.
About 1 second in the check, I was told that the error check cannot continue because the drive contains errors, and to run it again after I fix the errors.
Great functionality, I have to admit. It's like ordering pizza and they tell you they can't deliver you pizza because you have no pizza, and to call back again when you have the pizza.
And what stunning graphics design, for example the settings dialogs are literally just a white background with 3 columns of text. It is like looking at HTML without the CSS styling applied. Just pathetic and hideous.
And in an all-too-typical for m$ fashion, they are more invested into introducing even more useless bloatware.
ddrіver - Sunday, November 12, 2017 - link
Then again I haven't actually done any troubleshooting without Google for so long... Google 1, M$ 0.And they could make those Windoze 10 menus with gold and glitter and they'd still suck. Because they're M$.
ddriver - Monday, November 13, 2017 - link
LOL, I have a copy-troll now.ddrіver - Monday, November 13, 2017 - link
Mispost.jardows2 - Friday, November 10, 2017 - link
Protected folder option - great! Going to be checking this out and enabling on all my computers. I wonder how it works with network mapped drives? Will this folder have to be selected as a protected folder on all PC's that have write access?peevee - Friday, November 10, 2017 - link
Brett, where are multiple Linux flavors?