Forum Discussion
Newbie question about IPS
Hi I am looking at Microsoft Defender for Endpoint but cannot find anything that actually says that it provides IPS or IDS protection.
Plus is it also possible to run this system in an on-Prem only mode which is isolated with no internet access?
Thanks
Hi Bozzie-UK67,
Our attack surface reduction rules are the foundation of our host intrusion and prevention system (HIPS).
This blog may provide more insight: What’s new in Windows Defender ATP | Microsoft Security Blog as well as our public documentation: Migrating from a third-party HIPS to ASR rules | Microsoft Docs. This reference is specifically for prerequisites and troubleshooting ASR rules: Troubleshoot problems with Network protection | Microsoft Docs
To answer your last question about running on on-prem with no internet access, most ASR rules require Cloud protection to be enabled.Please let me know if this helps answer your question.
- JayronnMicrosoft
Hi Bozzie-UK67,
Our attack surface reduction rules are the foundation of our host intrusion and prevention system (HIPS).
This blog may provide more insight: What’s new in Windows Defender ATP | Microsoft Security Blog as well as our public documentation: Migrating from a third-party HIPS to ASR rules | Microsoft Docs. This reference is specifically for prerequisites and troubleshooting ASR rules: Troubleshoot problems with Network protection | Microsoft Docs
To answer your last question about running on on-prem with no internet access, most ASR rules require Cloud protection to be enabled.Please let me know if this helps answer your question.
- Bozzie-UK67Copper Contributor
HIJayronn
Thanks for coming back to me. I saw the write up's and the cloud based solution parts but surely I thought or assumed that there may be a solution available that is standalone with no internet access. Obviously i was wrong.
As this would be for a secure standalone network this solution is not an option so will have to stick with McAfee.
Alas not everything can have access to the internet.
Thanks again for your reply.