network protection, a feature in windows defender exploit guard, doesn't work right

  • Thread starter Thread starter soulstew
  • Start date Start date
S

soulstew

Hi folks,


I've been wondering if there is anyone who can enable and evaluate "network protection" function, which is 1 of a few features in windows defender exploit guard.


============

# you can find more about expoit guard here

Use Network protection to help prevent connections to bad sites

============


Following link below, I enabled netowrk protection using powerShell and try accessing the test URL written in the page, using both chrome and powershell, hoping those access would be blocked, but nothing was blocked and I could access test URL with no issue on both scenario(chrome/powreshell).


============

# testing network protection feature

Network Protection - Windows Defender Testground

============


I would like to know if this is some bug in exploit guard or if I miss configure something.


Please let me know if anyone can evaluate that network protection works well, which mean it blocks access to test URL or any malicious URL when using chrome or firefox, any browser other than IE/edge.


If network protection doesn't work right, then it cannot block access from malware inside your PC, including downloader/infoStealer, to malicious URL like C&C or malware distribution site.


Only blocking access to those malicious URL via edge/IE is obviously not enough considering the current threat landscape, where malicious file attached on mail the most well used attack vector.


==============

# Following is my test log for this feature using powerShell, just for your reference.

PS C:\> [System.Environment]::OSVersion
Platform ServicePack Version VersionString
-------- ----------- ------- -------------
Win32NT 10.0.16299.0 Microsoft Windows NT 10.0.16299.0
PS C:\>
PS C:\>
PS C:\>
PS C:\>
PS C:\> (Get-MpPreference).EnableNetworkProtection
1

PS C:\>
PS C:\>
PS C:\> (New-Object System.Net.WebClient).DownloadString("SmartScreen Test")
<!DOCTYPE html>
<html lang="en">
<head>
<title>SmartScreen Test</title>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<link href="/resources/style/style.css" type="text/css" rel="stylesheet" />
</head>
<body>

<h1>SmartScreen Test</h1>
<p>This is a test page for SmartScreen.</p>
</body>
</html>

==============


Thank you for your support.

Continue reading...
 
Back
Top