Enable or Disable Windows Defender Exploit Protection Settings  

    Enable or Disable Windows Defender Exploit Protection Settings

    Enable or Disable Windows Defender Exploit Protection Settings

    How to Enable or Disable Windows Defender Exploit Protection Settings in Windows 10
    Published by Category: Security System
    27 Jan 2019
    Designer Media Ltd


    How to Enable or Disable Windows Defender Exploit Protection Settings in Windows 10


    Starting with Windows 10 build 16232, you can now audit, configure, and manage Windows system and application exploit mitigation settings (EMET EOL) right from the Windows Security app.

    Exploit protection is built into Windows 10 to help protect your device against attacks. Out of the box, your device is already set up with the protection settings that work best for most people.

    Exploit protection is part of Windows Defender Exploit Guard. Exploit protection helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.

    You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file as a backup and that you can deploy to other machines. When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the System settings and Program settings sections - either section will export all settings.

    For more information, see also:

    This tutorial will show you how to enable or disable the ability to change Exploit protection settings in Windows Security in Windows 10.

    You must be signed in as an administrator to enable or disable Exploit protection settings.


     CONTENTS:

    • Option One: Enable or Disable Windows Defender Exploit Protection Settings in Local Group Policy Editor
    • Option Two: Enable or Disable Windows Defender Exploit Protection Settings using a REG file


    EXAMPLE: Exploit protection settings disabled (grayed out) in Windows Defender Security Center
    Enable or Disable Windows Defender Exploit Protection Settings-exploit_protection_settings-1.jpg Enable or Disable Windows Defender Exploit Protection Settings-exploit_protection_settings-2.jpg






    OPTION ONE

    Enable or Disable Windows Defender Exploit Protection Settings in Local Group Policy Editor



    The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option TWO below.

    1. Open the Local Group Policy Editor.

    2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

    Computer Configuration\Administrative Templates\Windows components\Windows Defender Security Center\App and browser protection

    Enable or Disable Windows Defender Exploit Protection Settings-exploit_protection_gpedit-1.jpg

    3. In the right pane of App and browser protection in Local Group Policy Editor, double click/tap on the Prevent users from modifying settings policy to edit it. (see screenshot above)

    4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.


     5. To Enable Windows Defender Exploit Protection Settings

    A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

    Not Configured[/B] is the default setting.


     6. To Disable Windows Defender Exploit Protection Settings

    A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)

    Enable or Disable Windows Defender Exploit Protection Settings-exploit_protection_gpedit-2.png

    7. Close the Local Group Policy Editor.






    OPTION TWO

    Enable or Disable Windows Defender Exploit Protection Settings using a REG file



    The downloadable .reg files below will modify the DWORD value in the registry key below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection

    DisallowExploitProtectionOverride DWORD

    (delete) = Enable
    1 = Disable

    1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


     2. To Enable Windows Defender Exploit Protection Settings

    This is the default setting.

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Enable_changing_Exploit_protection_settings.reg

    Download


     3. To Disable Windows Defender Exploit Protection Settings

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Disable_changing_Exploit_protection_settings.reg

    Download

    4. Save the .reg file to your desktop.

    5. Double click/tap on the downloaded .reg file to merge it.

    6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    7. Restart the computer to apply.

    8. You can now delete the downloaded .reg file if you like.


    That's it,
    Shawn



  1. TONPumper's Avatar
    Posts : 166
    Windows 10 Pro x64 20H2
       #1

    Does this actually turn off exploit protection or does it just prevent changes from being made? I just have all of my settings set to "Off." Is that the same thing?
      My Computer

  2. Brink's Avatar
    Posts : 56,987
    64-bit Windows 10 Pro for Workstations build 21376
    Thread Starter
       #2

    TONPumper said:
    Does this actually turn off exploit protection or does it just prevent changes from being made? I just have all of my settings set to "Off." Is that the same thing?
    Hello TON,

    It only prevents the current settings from being changed in the Windows Security app.
      My Computers

  3. TONPumper's Avatar
    Posts : 166
    Windows 10 Pro x64 20H2
       #3

    Brink said:
    Hello TON,

    It only prevents the current settings from being changed in the Windows Security app.
    Gotcha. Thank you!
      My Computer

  4. Brink's Avatar
    Posts : 56,987
    64-bit Windows 10 Pro for Workstations build 21376
    Thread Starter
       #4

    TONPumper said:
    Gotcha. Thank you!

    You're most welcome.
      My Computers


 

Tutorial Categories

Enable or Disable Windows Defender Exploit Protection Settings Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 04:03.
Find Us




Windows 10 Forums