Endpoint Protection

Working with Exploit Protection to protect devices from being exploited

by

This week is all about Exploit Protection. An often overlooked security feature that is available in the Windows Security app, screaming for more awareness. Exploit Protection was originally introduced as one of the four main components of Windows Defender Exploit Guard (Exploit Guard). Exploit Guard itself was introduced as a major update to Microsoft Defender Antivirus, in Windows 10 version 1709, and was the successor of Enhance Mitigation Experience Toolkit (EMET). Actually, the Exploit Protection component contains the actual replacement functionality of EMET, and more. Nowadays Exploit Protection is part of the App & browser control section in the Windows Security app, but many configuration paths still refer to Exploit Guard. In this post I’ll start with an introduction about Exploit protection, followed with the …

Read more

Merging Endpoint Protection Policies in ConfigMgr 2012

by

This week I want to devote a small post to merging Endpoint Protection policies in ConfigMgr 2012 SP1 (which is currently still in BETA). Since ConfigMgr 2012 SP1 there are two different ways/ types of merging Endpoint Protection policies. In short we can define two sides: Server-side merge – On the server-side there is now the console option to merge multiple policies into one policy. In this case, when two settings conflict, the most secure setting is applied. Also settings like exclusion lists are really merged together. Client-side merge – On the client-side there is now the automatic behavior to merge multiple polices into the client settings. In this case, when two settings conflict, the highest priority option is used. Also settings like exclusion lists …

Read more