Going into 2018, ransomware remains one of the most serious threats to data, for both businesses and individuals. By far the most important thing that anyone can do to protect themselves against ransomware is to perform frequent data backups. Backup restoration is the only reliable method for recovering from a ransomware attack. Even at that, recovery depends on implementing the backups in such a way as to prevent the ransomware from being able to attack your backup target.

In spite of the critical role that backups play in the fight against ransomware, backups should be the last line of defense, not the first. It is far better to prevent a ransomware attack from occurring in the first place than to have to recover from an attack that has occurred. Thankfully the Fall Creator Update for Windows 10 includes a new Windows Defender Exploit Guard feature that is designed to reduce the potential for ransomware related data loss.

Windows Defender Exploit Guard consists of four ransomware and intrusion prevention components, based on Microsoft’s Intelligent Security Graph. These components include Attack Surface Reduction, Network Protection, Controlled Folder Access, and Exploit Protection.

Attack Surface Reduction

The Attack Surface Reduction feature is designed to protect organizations against attacks from Microsoft Office macros, E-mail attachments, and malicious scripts. Although Microsoft Office macros are commonly disabled, macros do have a number of legitimate use cases. Macros are often used for example, to automate activities within spreadsheets. Rather than forcing users to completely abandon Office macros, Attack Surface Reduction seeks to curb potentially malicious macro behaviors. For example, it can prevent an Office application from launching processes or injecting code into an existing process. Similarly, the Attack Surface Reduction Feature blocks code execution for E-mail attachments, and blocks JavaScript and VBScript from executing a payload that has been downloaded from the Internet.

Download Banner

Network Protection

Microsoft has long used Windows Defender SmartScreen as a tool for protecting the Edge browser against malicious Websites. If a user clicks on a link to a known malicious Website, the Edge browser will intercept the request and prevent access to the site.

As helpful as Windows Defender SmartScreen may be however, it only protects the Edge browser. The feature does nothing to prevent other processes from accessing known malicious sites from outside of the browser. In the Windows 10 Fall Creator Update however, Microsoft has taken the screening capabilities that exist in Windows Defender SmartScreen and applied them to the network stack. This means that all outbound requests can now be vetted, regardless of whether or not those requests came from the Edge browser.

Controlled Folder Access

The Controlled Folder Access feature may be the Windows Defender Exploit Guard feature that is best equipped to prevent Ransomware damage. When a user contracts a ransomware infection, the ransomware runs under the user’s security context, meaning that ransomware can access anything that the user can access. This puts all of the user’s data at risk.

Controlled Folder Access does not seek to take away the user’s permission to access their own documents, but rather places restrictions on how those documents can be accessed. The Controlled Folder Access feature allows administrators to create a list of trusted applications. Once this list is in place, users are only able to access their data through a trusted application. If a malicious executable, script, DLL file, etc. tries to modify a piece of data, Windows will block the attempt.

Exploit Prevention

The last component that makes up Windows Defender Exploit Guard is called Exploit Prevention. Exploit Prevention is designed to replace the Enhanced Mitigation Experience Toolkit. If you are not familiar with this toolkit, it is a free toolkit provided by Microsoft that allows Windows security to be fine tuned through a single pane of glass interface.

Those who had previously installed this toolkit will find that it is automatically uninstalled. Furthermore, whereas the Enhanced Mitigation Experience Toolkit was an optional component, the Exploit Protection feature is installed automatically.


Fall Creator Update. Even so, Windows Defender Exploit Guard does not provide completely comprehensive protection against ransomware. Although Windows Defender Exploit Guard might decrease your odds of becoming victimized by ransomware, it does not negate the need for a good backup solution. If you would like to know more about Windows Defender Exploit Guard, you can find detailed information at:

Experience modern data protection with this latest Vembu BDR Suite v.3.8.0 FREE edition. Try the 30 days free trial here: https://www.vembu.com/vembu-bdr-suite-download/

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Like what you read? Rate us