How do you enable network protection in Windows 10 and 11?
Windows is reasonably secure by itself, but the internet is full of malicious websites and downloads. In addition to SmartScreen (which mainly works in Edge), there is a more powerful, lesser-known security layer: Network Protection. This feature checks all internet traffic from all apps and processes and blocks known dangerous websites and files at the system level.
-
Check if Network Protection is available
Before you adjust anything, you need to see if your system supports Network Protection. To do this, open the Windows settings, go to System and then to Info and check under Windows specifications which edition you are using. Only Windows 10 Pro or Enterprise and Windows 11 Pro or Enterprise support this feature -
Open PowerShell with administrator rights
To enable Network Protection, administrator rights are required. Right-click on the Start button and choose Terminal (administrator) or, depending on your Windows version, Windows PowerShell (administrator). Confirm the User Account Control notification so that the terminal window opens with customized rights. -
Check status
In the opened terminal window, you can now check whether Network Protection is already active. Enter the command Get-MpPreference | Select-Object EnableNetworkProtection and see which value is returned:
– 0: Network protection is disabled
– 1: The function is active
– 2: Audit mode where only logging occurs
If you get an error message with that command, it helps to restart the Windows Defender antivirus services or take a look here. -
Enable network protection
If Network Protection is still off, it can be turned on by executing the command Set-MpPreference -EnableNetworkProtection Enabled. Windows does not show a confirmation here. By re-executing the control command from the previous step, you can check that the value has changed to one and that Network Protection is now active. -
Open Group Policy
You have enabled Network Protection, but the correct behavior is not yet set. To do this, the Group Policy must be opened. Open the Start menu, type gpedit and choose Group Policy edit. In the editor, go to Local Group Policy, then to Computer Configuration, then to Administrative Templates, Windows Components, Microsoft Defender Antivirus, Microsoft Defender Exploit Guard and finally to Network Security. -
Test audit mode
In the Network Protection section, open the setting Prevent users and apps from accessing dangerous websites. Enable that setting. It is wise to first Select Audit Mode. In this mode, no websites are blocked, but suspicious or malicious network connections are recorded in the Event Log. This makes it possible to check whether certain applications would have problems before they are effectively blocked. -
Check for problems via the Event Log
Let the system run for some time while Network Security is in audit mode. During this period, open the event log via the Start menu and check for notifications from Microsoft Defender and network connections. If applications continue to work normally, you can switch to full protection. -
Network protection blocking
If audit mode does not cause problems, the same group policy setting can be reopened and adjusted to Block. This blocks dangerous websites and network connections for every application on the system.