Do You Have Windows 10?
In one of the latest builds of Windows 10 (16232) Microsoft is trying to fight back against cyber-criminals with a few new features to their Windows Defender Anti-Virus. Microsoft has introduced Exploit Protection, Application Guard, and Controlled Folder Access.
Controlled Folder Access was designed to help in the fight against ransomware infections that may try to encrypt your personal files. Controlled Folder Access will monitor changes that applications make to folders that you’ve added to the protected folders list and, if the Application attempting to make the change is not white-listed, the user will be shown a notification about the attempt – the user will be given the opportunity to add applications that should be trusted to allow them access. You can also add additional folders to the list of protected folders, but you cannot alter the default list, which includes folders such as your Desktop, Documents, Pictures, and Movies. If you’ve changed the location of these default libraries you will need to add them to the protected folders list. In principle this should greatly impede a malware’s ability to encrypt user data, in practice, however, we’ll have to wait and see. If ransomware can get a trusted application, say Microsoft Office, to do its dirty work for it, this protection will likely be circumvented.
Windows Defender Application Guard (WDAG) brings a much-needed improvement to its system with the addition of Data Persistence. Application Guard, the new system for running the Edge browser in a special virtual machine, will now be able to save session information such as Favorites, cookies and saved passwords while keeping it in this virtual environment, making it much more user friendly and add to the browsing experience while helping protect users from browser-based flaws and attacks. This new addition to WDAG, enabled by group-policy, will allow users to keep the normal browsing experience that we are all used to while being safer online.
Exploit Protection is the only new feature that does not require Windows Defender Antivirus to work, administrators can activate Exploit Protection through the Windows Defender Security Center and start taking advantage of its features. While Exploit Protection is still a work in progress and Microsoft has not updated much of its documentation outlining its capabilities, Microsoft had this to say about it:
“By integrating the power of EMET along with new vulnerability mitigations, Exploit Guard includes prevention capabilities that help make vulnerabilities dramatically more difficult to exploit. In addition, Exploit Guard delivers a new class of capabilities for intrusion prevention. Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organizations’ from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective.”
As providers start taking the security threat more seriously, don’t you think it’s time you started taking your organizations security more seriously as well? Contacting Thrive today is your best next step to protecting your company and its assets.