Microsoft Windows Defender Exploit Guard (EG) is an anti-malware software that provides intrusion protection for users with the Windows 10 operating system (OS). Exploit Guard is available as a part of Windows Defender Security Center and can protect machines against multiple attack types. For example, Exploit Guard provides memory safeguards which protect against attacks that manipulate built-in memory. Other intrusion protection methods used by Exploit Guard include reducing application attack surfaces, preventing malware from accessing folders and protecting networks from malware.
Exploit Guard settings can be changed through the Windows Defender Security Center app or Windows PowerShell. The Windows Defender Advanced Threat Protector (ATP) management console can also be used to manage Exploit Guard. The ATP management console can provide detailed reports on Exploit Guards such as activity alerts against suspicious traffic.
Features of Windows Defender Exploit Guard
Microsoft states there are four main features of Windows Defender Exploit Guard. Those features are:
- Exploit mitigation- This works to protect applications. Exploit Guard will work with Windows Defender Antivirus (AV) and third-party anti-virus software to help reduce the severity of possible exploits.
- Attack surface reduction- This focuses on minimizing the attack surface of an application. For example, this can help stop Office, mail and script-based malware (this also requires Windows Defender AV).
- Network protection- This focuses on covering network traffic on organizations devices by extending malware protection from Windows Defender SmartScreen in Microsoft Edge (this also requires Windows Defender AV).
- Controlled folder access- This protects files in system folders from malicious applications (this also requires Windows Defender AV).
However, attack surface reduction rules and network protection are not provided for Windows 10 Home and Professional editions but are in Windows 10 ES and E5. Windows Defender Exploit Guard (EG) can also enable an audit mode to provide users with basic event logs.
Advantages and disadvantages of Windows Defender Exploit Guard
Advantages provided by Exploit Guard include:
- It is lightweight and does not use up a lot of system resources.
- It is free with Windows 10.
- It requires little user input.
- It is similar to the retired Enhanced Mitigation Experience Toolkit (EMET), meaning experienced users in EMET will notice the same features in Exploit Guard.
Some disadvantages to using Exploit Guard include:
- Some features require additional Windows software to run.
- Attack surface reduction rules and network protection are not provided for Windows 10 Home and Professional editions.
- Logging can be slow.