Windows 10: Windows Defender Exploit Protection problem

Hi guys,

For some strange reason my System settings tab is not there in my Exploit Protection settings, only Program settings is visible. Any suggestions on what is happening?

:)

 

Bug? In Windows Defender Exploit Guard.

If we assume that this is just a glitch, then you might be able to reset the Exploit protection defaults by exporting the settings from an unaffected PC (with default settings) and then importing those settings on the affected machines. This looks
to be the backup/restore tool for the Exploit protection settings:

Deploy Exploit protection mitigations across your organization

Export and Import Exploit Protection Settings in Windows 10

 

I want to infect my PC

Hi Rob

You most likely are aware but for the benefit of all readers let me provide more rather than less information.

Windows Defender Exploit Guard
(introduced in Windows 10 Fall Creators Update) includes four components of new intrusion prevention capabilities designed to lock down a system against various attack vectors and block behaviors commonly used in malware attacks before any
damage can be done.

• Exploit protection consists of exploit mitigations which
  can be configured to protect the system and applications whenever suspicious or malicious exploit-like behavior is detected.
  
• Controlled folder access protects common system folders
  and personal data from ransomware by blocking untrusted processes from accessing and tampering (encrypting) sensitive files contained in these protected folders.
  
• Attack Surface Reduction (ASR) is comprised of
  a set of rules which helps prevent exploit-seeking malware by blocking Office, script and email-based threats.
• Network protection protects against web-based threats
  by blocking any outbound process attempting to connect with untrusted hosts/IP/domains with low-reputation utilizing
  
  Windows Defender SmartScreen.

Windows Defender EG is intended to replace Microsoft’s EMET which was confusing to novice users and allowed hackers to bypass because the mitigations were not durable and often caused operating system and application stability issues as explained

here. Microsoft advises that Windows Defender EG features all work best with

Windows Defender Advanced Threat Protection which provides detailed reporting into Windows Defender EG events and blocks.

As noted in the link I provided above, some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can hamper the effectiveness of

Return-oriented programming (ROP), and other exploit checks.

Fabian Wosar of Emsisoft has said multiple anti-exploit programs can result in the system becoming even more vulnerable than if only one anti-exploit application is running. In some cases multiple tools can cause interference
with each other and program crashes.

As such, users need to know and understand the protection features of any third-party anti-exploit/anti-ransomware program they are considering to use alongside Windows Defender EG..

 

That's strange! What version of Windows are you running? Current version is 1709(OS build 16299.309 as of Mar.13,2018
Also what version of Defender do you have? The latest definition of Defender 1.263.562.0

 

It's probably more pertinent to ask what processor you have. None of my machines have the System tab either. I'm guessing that older CPUs don't support all the functions required. Support for virtualisation (which mine don't have) would seem to be a key one...

https://docs.microsoft.com/en-us/win...r-device-guard

 

Windows version 1709 os build 16299.309 cpu intel i7 4790k

I remember when Exploit Protection was first introduced onto my pc via the Windows updates process that I had the System settings tab because I turned everything off for fear of conflict with Malwarebytes Anti Exploit, but I've since heard that Malwarebytes Anti Exploit works with Windows Exploit Protection if Microsoft's default settings are used. It was when I went to re-enable the WEP default settings that I noticed that the System settings had vanished.

 

Well, that should be new enough. It's possible that virtualization has been turned off in the bios, worth checking.

https://docs-old.fedoraproject.org/e...s_in_BIOS.html

 

Okay, cheers Bree.*Smile

 

Thanks Ita1. Link to Tweet: Mark Wodrich on Twitter:

 

I've had a closer look at this....
...and you know what? It is there, hiding in plain sight!

The 'Use strict CFG' and the others in your screenshot are the System settings page! What's missing it the correct text for the tab labels and other parts of the screen. Looks like a pointer used to index the table of text strings for the app is out by about three places.

It shouldn't say 'Program settings' at the top, that's supposed to be the label for the second tab, which instead has the text 'Use default (<On/Off>)' - just click on it and you'll find the programs! The first tab should be labelled 'System settings' but instead says 'On by default'. The Title at the top should actually say 'Exploit protection'.

Compare what you see with the screenshots in the tutorial and you'll see what I mean, everything is there - it's just that everything has got the wrong name.
Change Windows Defender Exploit Protection Settings in Windows 10

(you really couldn't make this stuff up)

I'm not risking changing anything until I can trust that it's correctly labelled - who knows what I might actually be turning on/off?

 

the only way is to resort to powershell, however it is unacceptable that in a month a fix has not been produced since this bug makes an entire module unusable

 

*Ditto

The Windows Defender Security Center is the UI for Defender and named as the 'Windows Defender antimalware platform' in the updates. These updates are not part of the cumulative updates. They are quite separate and AIUI maintained by the Microsoft Windows Defender Team.

https://support.microsoft.com/help/4...lware-platform

I know that at least one member of the Microsoft Windows Defender Team has registered here on TenForums, @jyim89. He is also active under the same name on the Microsoft Community forum, should you wish to make your feelings known. *Smile
https://answers.microsoft.com/en-us/...e-89b0ee9f6206

 

Thanks @Bree, i was struggling trying to understand the meaning of many phrases in Exploit protection settings, they are in "Italian" but they does not make sense;

Please @jyim89 if you can and/or care ask to whom it may concern to have it translated from someone who can actually write in Italian*cry; that is not Italian, it looks like and automatic translation was used.

Kind regards.

 

@roy111, the screenshots in Brink's tutorial show all the Exploit protection settings in English, that should help you navigate the "Italian" ones...
Change Windows Defender Exploit Protection Settings in Windows 10

This lists all the settings and describes what each one does.
https://docs.microsoft.com/en-us/win...oit-protection