Rediģēt

Kopīgot, izmantojot


Network protection demonstrations

Applies to:

Network Protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.

Scenario requirements and setup

  • Windows 11 or Windows 10 version 1709 build 16273 or newer.
  • Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2 with the new unified MDE Client.
  • macOS
  • Linux
  • Microsoft Defender Antivirus

Windows

PowerShell command

Set-MpPreference -EnableNetworkProtection Enabled

Rule states

State Mode Numeric value
Disabled = Off 0
Enabled = Block mode 1
Audit = Audit mode 2

Verify configuration

Get-MpPreference

Scenario

  1. Turn on Network Protection using powershell command:

    Set-MpPreference -EnableNetworkProtection Enabled
    
  2. Using the browser of your choice (not Microsoft Edge*), navigate to the Network Protection website test. Microsoft Edge has other security measures in place to protect from this vulnerability (SmartScreen).

Expected results

Navigation to the website should be blocked and you should see a Connection blocked notification.

Clean-up

Set-MpPreference -EnableNetworkProtection Disabled

macOS/Linux

To configure the Network Protection enforcement level, run the following command from the Terminal:

mdatp config network-protection enforcement-level --value [enforcement-level]

For example, to configure network protection to run in blocking mode, execute the following command:

mdatp config network-protection enforcement-level --value block

To confirm that network protection has been started successfully, run the following command from the Terminal, and verify that it prints "started":

mdatp health --field network_protection_status

To test Network Protection on macOS/Linux

  1. Using the browser of your choice (not Microsoft Edge*), navigate to the Network Protection website test. Microsoft Edge has other security measures in place to protect from this vulnerability (SmartScreen).
  2. or from terminal
curl -o ~/Downloads/smartscreentestratings2.net https://smartscreentestratings2.net/ 

Expected results

Navigation to the website should be blocked and you should see a Connection blocked notification.

Clean-up

mdatp config network-protection enforcement-level --value audit

See also

Network Protection

Microsoft Defender for Endpoint - demonstration scenarios

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.