On Tuesday the 17th October, Microsoft started to rollout the ‘Fall Creators Update’ of Windows 10. This second major update in 2017 has some interesting new security features. Microsoft was so generous to give Windows 10 Home users also the added protection of the new Exploit Guard and Controlled folder access. The only catch is that they are built into Windows Defender.
Before commenting on the go-to-market strategy of Microsoft, lets first unwrap this present. The Exploit Guard is re-incarnation of Microsoft’s EMET which could be optionally installed as extra exploit mitigation. The new feature is enabled by default. So, average users now benefit of this extra exploit protection feature while power uses still have the option to add programs and extra protections.
To access the Exploit Guard, open Windows Defender Security Center, click on the ‘App and browser control’ icon, scroll downward and you find the settings link of the Exploit Guard. Before we tell something about tweaking this exploit protection: we first have to explicitly mention our disclaimer: don’t try this at home. A new feature which we found interesting is the option to block start of child programs by the program monitored by Exploit Guard.
The other interesting new feature ‘Controlled folder access’ is off by default. Microsoft probably wants to collect more telemetry data, before they enable it. This new feature is developed to help protect Windows 10 users against ransomware. You can enable this new feature by opening the Windows Defender Security Center, click on the Virus and threat protection icon and look for the click on the Virus and threat protection settings. Scroll down until you see the ‘Controlled folder access’ and enable it.
By default, the standard user folders like Documents, Pictures, and Movies are protected against ransomware attacks. Most power users have their data on separate partitions, so for this protection to be effective these folders have to be added to the ‘Controlled folder access’. Don’t try this at home when you are not a power user with sufficient knowledge about security.
Advanced features like exploit and ransomware protection are often part of the paid version of antivirus products. By offering this as part of the free Windows Defender, it will be interesting to see how other antivirus software vendors will react on these new features. In the past free antivirus products have pushed innovation of their paid siblings.