Windows 10: Enable or Disable Windows Defender Exploit Protection Settings

How to: Enable or Disable Windows Defender Exploit Protection Settings

How to Enable or Disable Windows Defender Exploit Protection Settings in Windows 10


Starting with Windows Security app.

Exploit protection is built into Windows 10 to help protect your device against attacks. Out of the box, your device is already set up with the protection settings that work best for most people.

Exploit protection is part of Windows Defender Exploit Guard. Exploit protection helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.

You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file as a backup and that you can deploy to other machines. When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the System settings and Program settings sections - either section will export all settings.

For more information, see also:

• Use Windows Defender Exploit Guard to protect your network | Microsoft Docs
• Apply mitigations to help prevent attacks through vulnerabilities | Microsoft Docs
• Enable or disable specific mitigations used by Exploit protection | Microsoft Docs
• Deploy Exploit protection mitigations across your organization | Microsoft Docs

This tutorial will show you how to enable or disable the ability to change Exploit protection settings in Windows Security in Windows 10.

*Warning You must be signed in as an administrator to enable or disable Exploit protection settings.


CONTENTS:

• Option One: Enable or Disable Windows Defender Exploit Protection Settings in Local Group Policy Editor
• Option Two: Enable or Disable Windows Defender Exploit Protection Settings using a REG file

EXAMPLE: Exploit protection settings disabled (grayed out) in Windows Defender Security Center











OPTION ONE [/i] Enable or Disable Windows Defender Exploit Protection Settings in Local Group Policy Editor

*note The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

All editions can use Option TWO below.
1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
*Arrow Computer Configuration\Administrative Templates\Windows components\Windows Defender Security Center\App and browser protection




3. In the right pane of App and browser protection in Local Group Policy Editor, double click/tap on the Prevent users from modifying settings policy to edit it. (see screenshot above)

4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.


5. To Enable Windows Defender Exploit Protection Settings
A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

*note Not Configured[/B] is the default setting.

6. To Disable Windows Defender Exploit Protection Settings
A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)




7. Close the Local Group Policy Editor.





OPTION TWO [/i] Enable or Disable Windows Defender Exploit Protection Settings using a REG file

*note The downloadable .reg files below will modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection

DisallowExploitProtectionOverride DWORD

(delete) = Enable
1 = Disable

1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


2. To Enable Windows Defender Exploit Protection Settings
*note This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Enable_changing_Exploit_protection_settings.reg

Download

3. To Disable Windows Defender Exploit Protection Settings
A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Disable_changing_Exploit_protection_settings.reg

Download
4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. Restart the computer to apply.

8. You can now delete the downloaded .reg file if you like.

That's it,
Shawn


Related Tutorials

• How to Open Windows Defender Security Center in Windows 10
• How to Change Windows Defender Exploit Protection Settings in Windows 10
• How to Export and Import Windows Defender Exploit Protection Settings in Windows 10
• How to Enable or Disable Windows Defender Exploit Guard Network Protection in Windows 10
• Hide or Show App and Browser Control in Windows Defender Security Center in Windows 10

:)

 

Exploit Protection Settings

The Exploit Protection settings are preconfigured; and home users should generally just leave them alone:



The Use default configuration for each of the mitigation settings indicates our recommendation for a base level of protection for everyday usage for home users. Enterprise deployments should consider the protection required for
their individual needs and may need to modify configuration away from the defaults.



https://docs.microsoft.com/en-us/wi...er-exploit-guard/customize-exploit-protection



Apply mitigations to help prevent attacks through vulnerabilities



The preconfigured applications have been optimized by Microsoft – and adding customizations for other apps requires both a rationale and an understanding of the potential consequences, since haphazardly changing the default settings for an app can
easily render it dysfunctional.



It’s ironic that these application mitigations are exposed in the Windows Defender Security Center interface, while the safe and simple Windows Defender configuration options are only available via the PowerShell Set-MpPreference command line:



Set-MpPreference (defender)



The Set-MpPreference cmdlet now also includes the parameters for Attack Surface Reduction and Block at First Sight:



Windows Defender Detection rate

 

Windows Defender Exploit Protection problem

@roy111, the screenshots in Brink's tutorial show all the Exploit protection settings in English, that should help you navigate the "Italian" ones...
Change Windows Defender Exploit Protection Settings in Windows 10

This lists all the settings and describes what each one does.
https://docs.microsoft.com/en-us/win...oit-protection

 

Exploit Protection Settings

Open Windows Defender Security Center and click on
App & browser control and there find Exploit protection settings
and you could change settings for Exploit protection from there.

 

Does Windows Defender Exploit Protection log anywhere?


Does this document helps?

*Arrow docs.microsoft.com | list-of-all-windows-defender-exploit-guard-events

and docs.microsoft.com | evaluate-exploit-protection

 

Need exclusion for Defender Exploit Guard Network Protection

I have a configuration where the Defender Exploit Guard Network Protection needs to be enabled. Recently an MS update must have changed what triggers this protection and I now have 2 custom applications
that no longer launch properly.

An acceptable solution is to add exclusions for the offending applications.

I have been trying to add an exclusion for these application but without any luck. The only way to get the applications to work is to disable the feature through gpedit. Here the option:

"Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites"

These are standalone Win10Pro machines running version 1803. I've tried the following:

1) Using gpedit, adding the application exe and path to

"Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Exclusions\Path Exclusions"

2) Using Defender Security Center - App&browser Control - Exploit protection settings - Program Settings

Adding each application and then disabling ALL system options.

I'm kinda stuck at the moment and I'm hoping I'm missing something.

Thanks,

Dave