How to Enable or Disable Windows Defender Exploit Protection Settings in Windows 10
Starting with Windows 10 build 16232, you can now audit, configure, and manage Windows system and application exploit mitigation settings (EMET EOL) right from the Windows Security app.
Exploit protection is built into Windows 10 to help protect your device against attacks. Out of the box, your device is already set up with the protection settings that work best for most people.
Exploit protection is part of Windows Defender Exploit Guard. Exploit protection helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file as a backup and that you can deploy to other machines. When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the System settings and Program settings sections - either section will export all settings.
For more information, see also:
This tutorial will show you how to enable or disable the ability to change Exploit protection settings in Windows Security in Windows 10.
You must be signed in as an administrator to enable or disable Exploit protection settings.
CONTENTS:
- Option One: Enable or Disable Windows Defender Exploit Protection Settings in Local Group Policy Editor
- Option Two: Enable or Disable Windows Defender Exploit Protection Settings using a REG file
EXAMPLE: Exploit protection settings disabled (grayed out) in Windows Defender Security Center
OPTION ONE
Enable or Disable Windows Defender Exploit Protection Settings in Local Group Policy Editor
The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.
All editions can use Option TWO below.
1. Open the
Local Group Policy Editor.
2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
Computer Configuration\Administrative Templates\Windows components\Windows Defender Security Center\App and browser protection
3. In the right pane of
App and browser protection in Local Group Policy Editor, double click/tap on the
Prevent users from modifying settings policy to edit it. (see screenshot above)
4. Do
step 5 (enable) or
step 6 (disable) below for what you would like to do.
5. To Enable Windows Defender Exploit Protection Settings
A) Select (dot)
Not Configured or
Disabled, click/tap on
OK, and go to
step 7 below. (see screenshot below)
Not Configured[/B]
is the default setting.
6. To Disable Windows Defender Exploit Protection Settings
A) Select (dot)
Enabled, click/tap on
OK, and go to
step 7 below. (see screenshot below)
7. Close the Local Group Policy Editor.
OPTION TWO
Enable or Disable Windows Defender Exploit Protection Settings using a REG file
The downloadable .reg files below will modify the DWORD value in the registry key below.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection
DisallowExploitProtectionOverride DWORD
(delete) = Enable
1 = Disable
1. Do
step 2 (enable) or
step 3 (disable) below for what you would like to do.
2. To Enable Windows Defender Exploit Protection Settings
This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to
step 4 below.
Enable_changing_Exploit_protection_settings.reg
Download
3. To Disable Windows Defender Exploit Protection Settings
A) Click/tap on the Download button below to download the file below, and go to
step 4 below.
Disable_changing_Exploit_protection_settings.reg
Download
4. Save the .reg file to your desktop.
5. Double click/tap on the downloaded .reg file to merge it.
6. When prompted, click/tap on
Run,
Yes (
UAC),
Yes, and
OK to approve the merge.
7. Restart the computer to apply.
8. You can now delete the downloaded .reg file if you like.
That's it,
Shawn