Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
38 lines (32 sloc) 2.84 KB
title ms.reviewer description keywords search.product search.appverid ms.mktglfcycl ms.sitesec ms.pagetype author ms.localizationpriority manager audience ms.collection ms.topic
Overview of attack surface reduction
Learn about the attack surface reduction capability in Microsoft Defender ATP
eADQiWindows 10XVcnh

Overview of attack surface reduction

Applies to:

Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in your organization from new and emerging threats.

Capability Description
Hardware-based isolation Protects and maintains the integrity of the system as it starts and while it's running, and validates system integrity through local and remote attestation. In addition, container isolation for Microsoft Edge helps protect host operating system from malicious websites.
Application control Moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run.
Exploit protection Applies exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV)
Network protection Extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV.
Controlled folder access Helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV.
Attack surface reduction reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware. Requires Windows Defender AV.
Network firewall Host-based, two-way network traffic filtering that blocks unauthorized network traffic flowing into or out of the local device.
You can’t perform that action at this time.