In its early days, Microsoft Windows Defender, a lightweight, antimalware tool built into Windows, faced some stigma from IT professionals who didn’t think it brought anything special to the table.
The doubters did not believe that Windows Defender features could detect a lot of the malware it was exposed to.
Over the years, however, from its initial release with Windows XP to the current iteration in Windows 10, Microsoft has added key Windows Defender features that have made it a quality antimalware product that can protect against threats such as spyware, adware and viruses.
Exploit Guard provides intrusion protection for Windows 10 by protecting machines against multiple types of attacks. For example, Exploit Guard provides memory safeguards that can protect against attacks that manipulate built-in memory. Exploit Guard can also protect applications by controlling folder access to prevent any forced changes from unknown sources.
IT can use Exploit Guard with Windows Defender Advanced Threat Protection (ATP), another of the Windows Defender features, to provide reports that detail any Exploit Guard events. An Exploit Guard event is anything the tool logs as a potential security threat. To change the Exploit Guard settings, IT can use the Windows Defender Security Center app or Windows PowerShell.
IT can manage Exploit Guard using the ATP management console, which is a window that shows activity alerts, suspicious activities and more. The management console may require an additional server and database to hold monitoring data, as well as threat and exploit information.
Application Guard is another of the targeted Windows Defender features that protects enterprise users from malware attacks that occur through internet browsers. Application Guard isolates tabs users open in Internet Explorer or Microsoft Edge by opening the website in a Hyper-V container.
If a user opens a malicious website, Application Guard prevents the attack payload from spreading to the machine or the organization’s network. In addition, an enterprise administrator can define what websites Application Guard trusts and does not trust.
IT can manage Application Guard using the System Center Configuration Manager console or Microsoft Intune on enterprise desktops. Similar to Exploit Guard, Application Guard may require an additional server and database to hold monitoring data and the threat information.
Advanced Threat Protection
Windows Defender ATP, a behavior-based service designed to accurately detect advanced threats, rounds out the Windows Defender features.
Agentless sensors in ATP gather behavior data from devices and endpoints, store that data, and create visuals in dashboards that display security alerts, automated investigation statistics, at-risk machines and more. The information on the dashboard allows IT to better detect, investigate and respond to malware threats.
ATP features dashboards that allow IT to view alerts, health updates, status updates and more. User timelines enable IT to analyze a user’s activity to discern any security threats. ATP also provides Microsoft Secure Score — visible in the dashboard — which allows IT to quickly view the security status of multiple machines at once.