Network Inspector

| Posted on by



Network Inspector Recently new feature called Network Inspector keeps popping up and running and leaves messages in my AVG, lots of them some days, yet will scan internet faster than before always saying its ok but something feels off about it. The Network Inspector includes several tools to learn more about what’s going on in the network around you. Find devices on your local subnet with the HTTP inspector (which has advanced modes for SSL/TLS certificate information). Learn what radios are on with the Radio tool.

Inspector

Network Inspector App

-->

Applies to:

Tip

Want to experience Defender for Endpoint? Sign up for a free trial.

Network protection helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can audit network protection in a test environment to view which apps would be blocked before you enable it.

Inspector

Check if network protection is enabled

Check if network protection has been enabled on a local device by using Registry editor.

  1. Select the Start button in the task bar and type regedit to open Registry editor

  2. Choose HKEY_LOCAL_MACHINE from the side menu

  3. Navigate through the nested menus to SOFTWARE > Policies > Microsoft > Windows Defender > Windows Defender Exploit Guard > Network Protection

  4. Select EnableNetworkProtection to see the current state of network protection on the device

    • 0, or Off
    • 1, or On
    • 2, or Audit mode

Enable network protection

Enable network protection by using any of these methods:

Network

PowerShell

Network Inspector

  1. Type powershell in the Start menu, right-click Windows PowerShell and select Run as administrator

  2. Enter the following cmdlet:

  3. Optional: Enable the feature in audit mode using the following cmdlet:

    Use Disabled instead of AuditMode or Enabled to turn off the feature.

Mobile device management (MDM)

Use the ./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection configuration service provider (CSP) to enable or disable network protection or enable audit mode.

Microsoft Endpoint Manager (formerly Intune)

  1. Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com)

  2. Create or edit an endpoint protection configuration profile

  3. Under Configuration Settings in the profile flow, go to Microsoft Defender Exploit Guard > Network filtering > Network protection > Enable or Audit only

Group Policy

Use the following procedure to enable network protection on domain-joined computers or on a standalone computer.

  1. On a standalone computer, go to Start and then type and select Edit group policy.

    -Or-

    On a domain-joined Group Policy management computer, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select Edit.

  2. In the Group Policy Management Editor, go to Computer configuration and select Administrative templates.

  3. Expand the tree to Windows components > Microsoft Defender Antivirus > Windows Defender Exploit Guard > Network protection.

Note

On older versions of Windows, the group policy path may say 'Windows Defender Antivirus' instead of 'Microsoft Defender Antivirus.'

  1. Double-click the Prevent users and apps from accessing dangerous websites setting and set the option to Enabled. In the options section, you must specify one of the following options:
    • Block - Users can't access malicious IP addresses and domains
    • Disable (Default) - The Network protection feature won't work. Users won't be blocked from accessing malicious domains
    • Audit Mode - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log. However, the user won't be blocked from visiting the address.

Important

To fully enable network protection, you must set the Group Policy option to Enabled and also select Block in the options drop-down menu.

Confirm network protection is enabled on a local computer by using Registry editor:

Home Inspector Network

  1. Select Start and type regedit to open Registry Editor.

  2. Navigate to HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderPolicy ManagerEnableNetworkProtection

  3. Select EnableNetworkProtection and confirm the value:

    • 0=Off
    • 1=On
    • 2=Audit

See also

The Network Monitor shows you all the network requests Firefox makes (for example, when it loads a page, or due to XMLHttpRequests), how long each request takes, and details of each request.

Opening the Network Monitor

There are a few different ways to open the Network Monitor:

  • Press Ctrl + Shift + E ( Command + Option + E on a Mac).
  • Select 'Network' from the Web Developer menu, (which is a submenu of the Tools menu on OS X and Linux).
  • Click the wrench icon (), which is in the main toolbar or under the Hamburger menu (), then select 'Network'.

The Network Monitor will appear at the bottom of the browser window. When it first opens, the Network Monitor does not show request information. The just opened tool looks like this:

Either action causes the Network Monitor to begin monitoring network activity. Once the tool is monitoring network requests, the display looks like this:

When it is actively monitoring activity, the Network Monitor records network requests any time the Toolbox is open, even if the Network Monitor itself is not selected. This means you can start debugging a page in, for example, the Web Console, then switch to the Network Monitor to see network activity without having to reload the page.

Inspector network services

UI overview

The UI is divided into four main pieces:

  • The main screen contains the toolbar, the network request list, and the network request details pane:
  • The performance analysis view is a separate screen:

Working with the network monitor

The following articles cover different aspects of using the network monitor: