I've been wondering if there is anyone who can enable and evaluate "network protection" function, which is 1 of a few features in windows defender exploit guard.
# you can find more about expoit guard here
Following link below, I enabled netowrk protection using powerShell and try accessing the test URL written in the page, using both chrome and powershell, hoping those access would be blocked, but nothing was blocked and I could access test URL with no issue on both scenario(chrome/powreshell).
# testing network protection feature
I would like to know if this is some bug in exploit guard or if I miss configure something.
Please let me know if anyone can evaluate that network protection works well, which mean it blocks access to test URL or any malicious URL when using chrome or firefox, any browser other than IE/edge.
If network protection doesn't work right, then it cannot block access from malware inside your PC, including downloader/infoStealer, to malicious URL like C&C or malware distribution site.
Only blocking access to those malicious URL via edge/IE is obviously not enough considering the current threat landscape, where malicious file attached on mail the most well used attack vector.
# Following is my test log for this feature using powerShell, just for your reference.
-------- ----------- ------- -------------
Win32NT 10.0.16299.0 Microsoft Windows NT 10.0.16299.0
PS C:\> (Get-MpPreference).EnableNetworkProtection
PS C:\> (New-Object System.Net.WebClient).DownloadString("https://smartscreentestratings2.net/")
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<link href="/resources/style/style.css" type="text/css" rel="stylesheet" />
<p>This is a test page for SmartScreen.</p>
Thank you for your support.