Just a couple of days ago, Microsoft announced the comeback of the Enhanced Mitigation Experience Toolkit (EMET for short). Also, new vulnerability mitigations are being introduced to Windows in a new feature dubbed Windows Defender Exploit Guard. In short, the company said that “next generation security [is] coming to Windows 10 Fall Creators Update”.
Built-In Rules and Policies Introduced to Windows Defender Exploit Guard
According to Microsoft, Exploit Guard uses intelligence from the Microsoft Intelligent Security Graph (ISG) and has a rich set of intrusion rules and policies to guard organizations against advanced malware and zero-day exploits. “The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective,” Microsoft said.
Windows Defender Application Guard is developed with the idea to quarantine malware from the corporate network. Windows Defender Device Guard, incorporated with Defender Advanced Threat Protection enables the automated management of the safe application lists.
Controlled Folder Access in Windows Defender
In addition to the above, Windows 10 built 16232 also improves the way ransomware is stopped from encrypting files on systems. “If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt,” Microsoft says.
This controlled folder access in Defender can be turned on in a simple manner. Once this is done, the feature will audits the changes apps make to files in specified protected folders.
In other words, users can add additional folders to the list of protected folders, but they won’t be able to alter the default list, which includes folders such as Documents, Pictures, Movies, and Desktop. “Adding other folders to Controlled folder access can be handy, for example, if you don’t store files in the default Windows libraries or you’ve changed the location of the libraries away from the defaults,” Microsoft clarifies.
Users can also add network shares and mapped drives to the protected folders list, but environment variables and wildcards will not be supported for now.
It is not yet known how successful this new feature will be, particularly in cases when ransomware finds a way to get a whitelisted app to circumvent this protection and sneaks in, researchers say.