Unlike other cosmetic changes introduced in Windows, Firewall & Network Protection has been the focus of attention. Network Protection, as you are aware helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access malicious domains that may be hosting phishing scams or exploits on the Internet and expands the scope of SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources. Let us take a look at the Network Protection feature which is a part of Exploit Guard feature in Windows Defender.
Network Protection feature in Windows Defender
Network Protection is part of Windows Defender Exploit Guard which helps in offering protection against multiple host intrusion incidents. It has some unique built-in prevention capabilities that allow it to manage and minimize the attacks.
In the event where Network protection blocks a connection, a notification is displayed for your view in the Action Center, waiting for the action to be taken against it. If necessary, you can modify the notification with your company details and contact information. Also, you can switch to audit mode to evaluate how Network protection would impact your organization if it were enabled.
Currently, you can enable Network Protection feature in Windows 10 using-
- Group Policy
You can use the following PowerShell command to enable or disable Network Protection on your computer:
To enable Network Protection, run:
Set-MpPreference -EnableNetworkProtection Enabled
To enable the feature in audit mode use the following cmdlet:
Set-MpPreference -EnableNetworkProtection AuditMode
To disable Network Protection, run:
Set-MpPreference -EnableNetworkProtection Disabled
You can review Network Protection events in Windows Event Viewer when Network Protection blocks (or audits) access to a malicious IP or domain. To do this, you will have to make use of the Exploit Guard Evaluation Package which you can download from Microsoft and extract the file np-events.xml to a readily accessible location on the system.
How do I know if network protection is enabled?
To know if Network protection is enabled or not, you can open Windows Security itself. You can search for windows security in the Taskbar search box and click on the individual search result to open the app. Then, switch to the Firewall & network protection tab on the left side. If it says Firewall is on, network protection is enabled on your computer.
Should I turn on firewall and network protection?
Yes, it is recommended to turn on Firewall & network protection feature in Windows Security. This option is included in the Windows Security on Windows 11 as well as Windows 10. To turn it on, open Windows Security and go to the Firewall & network protection tab. Then, click on the Domain network and toggle the Microsoft Defender Firewall button. Next, you need to do the same for the Private network and Public network.
For full details, you may visit docs.microsoft.com.