18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'

Information

This policy setting controls Microsoft Defender Exploit Guard network protection.

The recommended state for this setting is: Enabled: Block.

Rationale:

This setting can help prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet.

Impact:

Users and applications will not be able to access dangerous domains.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: Block:

Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 10 Release 1709 Administrative Templates (or newer).

Default Value:

Disabled. (Users and applications will not be blocked from connecting to dangerous domains.)

See Also

https://workbench.cisecurity.org/files/4286

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SC-7(3), 800-53|SC-7(4), 800-53|SI-16, CSCv7|7.4, CSCv7|8.3

Plugin: Windows

Control ID: 095b36b2fabc6597c4e32ceb0d4f47969d961f0011061358e81c1096855d0c73