Windows Defender Network Protection feature in Windows 10

Unlike other cosmetic changes introduced in Windows 10 v1709, Firewall & Network Protection has been the focus of attention. Network Protection, as you are aware helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access malicious domains that may be hosting phishing scams or exploits on the Internet and expands the scope of SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources. Let us take a look at the Network Protection feature which is a part of Exploit Guard feature in Windows Defender.

Network Protection feature in Windows Defender

Network protection windows defender

Network Protection is part of Windows Defender Exploit Guard which helps in offering protection against multiple host intrusion incidents. It has some unique built-in prevention capabilities that allow it to manage and minimize the attacks.

In the event where Network protection blocks a connection, a notification is displayed for your view in the Action Center, waiting for the action to be taken against it. If necessary, you can modify the notification with your company details and contact information. Also, you can switch to audit mode to evaluate how Network protection would impact your organization if it were enabled.

Currently, you can enable Network Protection feature in Windows 10 using-

  1. Group Policy
  2. PowerShell

You can use the following PowerShell command to enable or disable Network Protection on your computer:

To enable Network Protection, run:

Set-MpPreference -EnableNetworkProtection Enabled

To enable the feature in audit mode use the following cmdlet:

Set-MpPreference -EnableNetworkProtection AuditMode

To disable Network Protection, run:

Set-MpPreference -EnableNetworkProtection Disabled

You can review Network Protection events in Windows Event Viewer when Network Protection blocks (or audits) access to a malicious IP or domain. To do this, you will have to make use of the Exploit Guard Evaluation Package which you can download from Microsoft and extract the file np-events.xml to a readily accessible location on the system.

For full details, you may visit

Posted by on , in Category Security with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 9 =