1
00:00:00,740 --> 00:00:04,280
We'll start with exploit protection, and going further,

2
00:00:04,280 --> 00:00:06,740
I want to define what an exploit is.

3
00:00:06,740 --> 00:00:10,630
Look in the corner of my sides when I need to provide an attribution,

4
00:00:10,630 --> 00:00:12,240
that's where I'll put it.

5
00:00:12,240 --> 00:00:16,180
An exploit is a software tool designed to take advantage of

6
00:00:16,180 --> 00:00:20,260
a vulnerability in a computer system, typically for malicious purposes,

7
00:00:20,260 --> 00:00:23,500
such as installing malware or malicious software.

8
00:00:23,500 --> 00:00:26,560
Now, let's not split hairs arguing over tool.

9
00:00:26,560 --> 00:00:27,950
That's not really the point.

10
00:00:27,950 --> 00:00:32,040
The exploit could be a script, it could be a binary application,

11
00:00:32,040 --> 00:00:36,110
it's just the idea is if your Windows Server has an

12
00:00:36,110 --> 00:00:38,810
unpatched vulnerability or weakness,

13
00:00:38,810 --> 00:00:41,810
the idea is eventually somebody is going to see that and

14
00:00:41,810 --> 00:00:45,870
develop some software that's the exploit that can open

15
00:00:45,870 --> 00:00:48,570
that door a little bit wider, or in some cases,

16
00:00:48,570 --> 00:00:51,560
a great deal wider, again for malicious purposes.

17
00:00:51,560 --> 00:00:52,470
So obviously,

18
00:00:52,470 --> 00:00:56,010
we want to keep our Windows Server production systems as

19
00:00:56,010 --> 00:01:00,130
secure as possible to prevent against these exploits and to

20
00:01:00,130 --> 00:01:03,540
close any vulnerability holes.

21
00:01:03,540 --> 00:01:04,160
Now, of course,

22
00:01:04,160 --> 00:01:07,950
we're not Windows engineers at Microsoft so we don't

23
00:01:07,950 --> 00:01:10,220
have access to Windows source code.

24
00:01:10,220 --> 00:01:13,670
Windows is not an open source operating system,

25
00:01:13,670 --> 00:01:18,800
so it's on us as hybrid cloud administrators to take advantage of well,

26
00:01:18,800 --> 00:01:22,720
tools that can help remediate some of these problems.

27
00:01:22,720 --> 00:01:25,340
Now, Windows Defender Exploit Guard,

28
00:01:25,340 --> 00:01:28,730
it replaces what Microsoft used to call EMET,

29
00:01:28,730 --> 00:01:31,630
the Enhanced Mitigation Experience Toolkit,

30
00:01:31,630 --> 00:01:35,980
and what Exploit Guard is, it's built into Windows Server and Windows Client.

31
00:01:35,980 --> 00:01:40,200
It's a host‑based intrusion prevention solution that uses

32
00:01:40,200 --> 00:01:43,840
Microsoft's Intelligent Security Graph, or ISG.

33
00:01:43,840 --> 00:01:49,120
This is Microsoft's artificial intelligence backend where based on machine

34
00:01:49,120 --> 00:01:52,690
learning models that Microsoft trains up I'm sure every day,

35
00:01:52,690 --> 00:01:56,350
the engine there is able to look at traffic on your system,

36
00:01:56,350 --> 00:01:59,840
particularly looking at the state of your hardware and the interaction

37
00:01:59,840 --> 00:02:03,620
of hardware and software on your system and make a prediction whether

38
00:02:03,620 --> 00:02:06,540
you may be subject to an attack right now.

39
00:02:06,540 --> 00:02:11,060
So what Exploit Guard unlocks is it gives you some additional attack,

40
00:02:11,060 --> 00:02:13,320
surface reduction, or ASR,

41
00:02:13,320 --> 00:02:18,590
for Windows concerning a handful of what Microsoft is identified is the

42
00:02:18,590 --> 00:02:22,340
most common hardware‑based malware attack vectors.

43
00:02:22,340 --> 00:02:23,730
Now, for the AC‑801,

44
00:02:23,730 --> 00:02:27,540
you don't need to know details about every single mitigation.

45
00:02:27,540 --> 00:02:32,670
Just know that Exploit Guard has a preselected collection of

46
00:02:32,670 --> 00:02:36,030
mitigations that if you need to disable them,

47
00:02:36,030 --> 00:02:36,770
you can,

48
00:02:36,770 --> 00:02:42,360
but they're meant to provide protection of your system at the hardware level.

49
00:02:42,360 --> 00:02:43,050
Alright.

50
00:02:43,050 --> 00:02:43,980
And specifically,

51
00:02:43,980 --> 00:02:48,360
you configure Exploit Guard either on a host‑by‑host basis using the

52
00:02:48,360 --> 00:02:55,000
security app or centrally you can use Group Policy. Again, that's a theme that we'll see throughout this course.