Microsoft has learned a lot about Windows Security in the past years. Hence, Windows 10 is considered as relatively secure directly after the installation, provided all the latest patches have been installed immediately. However, a dedicated protection against malware and Trojans was missing in the system till now. Microsoft has already integrated it in the autumn of last year, but it is not activated by default. With this post we are going to cover New Windows 10 security features, you will learn how you can activate this feature and how you can enable the myriad of security functions in Windows 10.
New Windows 10 security features to Secure your PC
1.New protection for ransomware
For a long time now, cyber-criminals have been relying on malware-trojans or ransomware as their primary means of attack. This special malware encrypts important files and documents on the PC of the victim and then demands ransom for recovery of data. With Creators Update, Microsoft has introduced what’s called the “Controlled folder access“.
This function allows you to protect important folders, so you can ensure that only approved programs will have access to those files.
To activate it, go to “Start | Settings | Update and Security | Windows Security | Virus and Threat protection” and click on “Ransomware protection” there.
Set the switch to “On” for “Controlled Folder Access“. By clicking on “Protected folders“, you will now see which folders are protected immediately against unauthorized access.
By default, they are all Windows folders containing important files. But if you want to, you can add more directories to the list by clicking on “Add protected folders”.
After that, click on the small arrow on the top left and then on “Allow app through Controlled folder access” in order to extend the list of programs that are allowed to access your protected folders.
Microsoft did not reveal which programs are already on this list, but it would mostly be applications that have been certified by the company. Additional programs that you use and that are allowed to access the protected folders can be added by clicking on “Add permitted apps“.
Alternatively, you can also use the PowerShell for these tasks. You can add a “Folder” with the command “Add-MpPreference-Contr olledFolderAccessProtectedFolders “.
You can add a specific application with
“Add-MpPreference – ControlledFolderAccessAllowedApplications“. In this case, you will have to specify the full path in each case.
2.Activate Windows Defender Exploit Guard
With Windows Defender Exploit Guard, Microsoft has introduced another protection mechanism in Windows 10, one that was implemented late last year.
The Exploit Guard uses technologies like memory scrambling against exploits that do not have existing patches or signatures from antivirus providers as of yet. However, this security measure was initially not available to users of Windows 10 Home.
Meanwhile, Microsoft has rectified this restrictive policy and released the Exploit Guard to the larger user base of Windows 10 Home users as well.
You will find it under “Start | Settings | Update and Security | Windows Security“. There, click on “Open Windows Defender Security Center” and then on “App and Browser Control“.
Scroll a bit downwards and click on “Settings for Exploit protection” in order to activate the various settings like “Flow Control Settings” and “Data Execution Protection”.
Here you are able to customize the System and Program settings on Exploit protection.
3. Activate Windows Defender Application Guard
There is a function for protected web browsing for Windows 10, but it is available to Windows 10 Pro or Enterprise for Microsoft users. The Windows Defender Application Guard is similar to the browser in the box (cybersecurity.rohde-schwarz.com/en/products/secureendpoint/browser-box), which is free by the way.
This App Guard allows the Edge browser to start in a protected virtual instance,
from which dangerous files and scripts cannot escape. It works only on PCs that support hardware virtualisation and have a minimum of 8 GB RAM.
To activate the Windows Defender Application Guard, type “Windows Features” in the Windows search field and then click on “Activate or deactivate Windows Features“. Set a checkmark for “Windows Defender Application Guard” and restart your PC thereafter.
Then, click on the three dots on the top right in Edge and select “New Application Guard window”.
How to Use Windows Defender Application Guard
- Open Edge and click on the menu in the top right corner
- Click on “New Application Guard window” as shown below
3. One Splash screen will apper like below image
4. The new instance of Edge will open with Windows Defender Application Guard enabled