Windows 10 incorporates security improvements in its new updates in view of the thousands or millions of latent threats that currently exist and may lead to problems of privacy and information availability . Windows 10 incorporates into its utility Windows Security the Protection against viruses and threats which has been developed to help analyze the general system for threats in the device or in its files..
Now, with the update of Redstone 5 of Windows 10 which will be available at the end of 2018, the security center adds a new function called “Block suspicious behaviors†which is disabled by default but that plays a vital role if we wish Add more protection to the system.
What is the suspicious behavior blocking feature in Windows 10
It is a special attack surface reduction technology for Windows defend which is added in this new edition of Windows 10 through the Windows 10 Security option.
As the name implies, it has as a key objective the blocking of those actions that the system considers suspicious and this is achieved thanks to various system security rules, these rules are responsible for disabling the features that are used by malware in order to of raising the security levels of the system in general..
Rules included
Some of the rules that are included with this function are:
- Block executable content from both email clients and web mail
- Block Office applications do not proceed with executable content
- Block Office applications do not create secondary processes
- Block JavaScript or VBScript content which are conducive to launch executable content inside which malware may exist.
- Block Office applications that can be used as code injection into other processes
- Block the execution of potentially dangerous scripts
- Locks the Lock Credential that can be stolen from the Windows local security authority subsystem (lsass.exe)
- Block Win32 API calls from Office macros
- Block untrusted and unsigned processes that are executed from removable media
Companies are able to define what rules will be used through group policy, but end user teams will have all the rules by default. These rules basically block the execution of executable files such as .exe, .dll or .scr and script files such as PowerShell .ps, VisualBasic .vbs or JavaScript .js which over time have seen that they are a source of vulnerabilities of equipment security.
This function is within the security section of Windows 10 which includes Exploit Protection, Network Protection and Controlled Access to Folders..
To keep up, remember to subscribe to our YouTube channel! SUBSCRIBE
Activate the blocking function of suspicious behavior in Windows 10
Step 1
For this, we must access the security of Windows 10 using one of the following options:
- In the path "Start / Settings / Update and security" and there go to the "Windows Security" section.
- In the Windows 10 search box enter “security†and select the utility
Step 2
Once we access, we go to the section "Antivirus and threat protection":
Step 3
We click on the "Manage settings" line in the "Anti-virus configuration and threat protection" section and we can see that by default the function "Block suspicious behavior" is disabled:
Step 4
Simply press on the switch and accept the UAC so that this function is active:
It's that simple we have the opportunity to add more security to Windows 10.
