Understanding Defender Device, Exploit, and Credential Guard and Application Control

Four similarly named Windows 10 Defender components can cause confusion about exactly what protections each provides. The four components are Defender Device Guard, Exploit Guard, Credential Guard, and Application Control.

Defender Device Guard

Defender Device Guard was a Windows 10 feature designed to harden a computer system against malware by focusing on preventing malicious code from running. Starting with Windows 10 version 1709, Windows Device Guard was split into separate features:

• Windows Defender Exploit Guard
• Windows Defender Application Control.

Defender Exploit Guard

Defender Exploit Guard is made up of four components designed to harden a device against attacks:

Attack Surface Reduction (ASR) uses rules to block the execution of programs and scripts in Office applications or e-mail that attempt to perform actions that may be normal but are frequently used to initiate malware.

Network Protection expands the scope of Windows Defender SmartScreen to block all outbound HTTP and HTTPS traffic to low-reputation sources (based on the domain or hostname). Windows Defender SmartScreen provides warnings to users of Web pages or downloads exhibiting suspicious behavior and sites on a dynamic list of reported phishing and malicious software sites.