This hidden Windows feature protects you from dangerous web malware

Windows is generally pretty safe, but the internet is a dangerous place full of malware that’ll infect your devices if you aren’t careful. One thing you can do to stay safe is to make sure you’re using the built-in antivirus features of Windows, which are better than nothing.

You probably already know about SmartScreen, which checks websites and downloads and alerts you of suspicious or malicious content. But with SmartScreen primarily integrated into Edge, its defensive capabilities are somewhat limited when you’re doing other stuff.

That’s why you also need to know about Network Protection, a Windows feature that’s integrated at the system level. It monitors network traffic across all apps and processes, checking all internet data against Microsoft’s reputation database for websites and files that are suspicious and malicious. It’s like SmartScreen but broader.

Do you have Network Protection?

By default, Network Protection is deactivated on Windows and there’s no settings page where you can easily turn it on, so you’ll need to use PowerShell with administrator rights. Also, Network Protection is only available if the following conditions are met:

You have the Pro or Enterprise versions of either Windows 10 or 11. It isn’t available in Windows 10 or 11 Home.

Microsoft Defender must be active on your system.

You must be logged into Windows with a Microsoft account.

You must be able to access websites via the internet.




Get Windows 11 Pro for cheap




Windows 11 Pro























If these four conditions are met, you can get started.

How to enable Network Protection

Start by right-clicking on the Start menu and selecting Terminal (Admin) to launch PowerShell with administrator rights.

Checking

Then, check the status of Network Protection by entering the following command: Get-MpPreference | Select-Object EnableNetworkProtection. You’ll see a response with the current status of Network Protection as either 0 (Disabled), 1 (Enabled), or 2 (Audit Mode). If you see 0, continue on.

Enabling

To enable Network Protection, enter the following command: Set-MpPreference -EnableNetworkProtection Enabled. You won’t receive any response. However, if you re-enter the previous command to check the status of Network Protection, it should now say 1.

Disabling

To disable Network Protection, enter the following command: Set-MpPreference -EnableNetworkProtection Disabled.

Other settings

When using Network Protection, some anonymized data will get transmitted back to Microsoft for various purposes. (It’s one of the many ways Windows collects data on you.) If you object to that, you can disable anonymous performance data with the following command: Set-Mp Preference -DisableNetworkProtectionPerfTelemetry $true

Configuring Network Protection

To configure Network Protection further, you’ll need to use the Group Policy Editor. Open the Start menu and type gpedit, then click on Edit group policy to launch the policy editor.

In the Group Policy Editor, you’ll find two settings relating to Network Protection by navigating in the left-side pane to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Network Protection.

The first setting is called “These settings control whether Network Protection is allowed to be configured into block or audit mode on Windows Server.” This one’s only relevant for Windows Server versions. Don’t know what that is? Then you can safely ignore it.

The other setting is called “Prevent users and apps from accessing dangerous websites.” Double-click the setting to edit it. At the top left, switch to Enabled. That’ll grant you access to three settings in the Options panel below: Disable (Default), Block, and Audit Mode.

In Audit Mode, access to dangerous websites isn’t prevented and Network Protection only generates Windows Event Log entries whenever it detects suspicious or malicious traffic. You have to set it to Block if you want to actually make dangerous websites inaccessible. Confirm by clicking Apply, then OK, then close the policy editor.

Warning: Network Protection can cause some apps to stop working correctly. If you’re worried about that, consider trying Audit Mode first and checking the Windows Event Log for messages about potentially failed connections. If everything looks good after a while, you can then switch to Block to actually enable the feature.

Further reading: Windows Security vs. Microsoft Defender, explained