New
#30
I just created a Custom View for Event Viewer to see exactly which .exe or .dll was blocked so one can find it easier, as notification area truncates the "offending" processes address.
For those that want to create it themselves; it's event 5007 in Defender logs
Controlled Access Events.zip
- Just download,
- right click,
- open properties,
- unblock,
- extract it,
- open Event Viewer,
- and import it.
Last edited by Cliff S; 27 Nov 2017 at 07:29. Reason: Made an error the first time I uploaded.
Great Cliff S
MS has some xml files ready to download on their site:
docs.microsoft.com | event-views-exploit-guard#list-of-all-windows-defender-exploit-guard-events
Warning! XML file for exploit protection events (ep-events.xml) is wrong (just a copy of network protection events). Manually copy it from site above.
Is there any chance that a function like Allow/Block will be implemented soon or later?
I found it very difficult to allow apps to access Protected Folders. I can't find LibreOffice exe file, how can I add it?
Also I noticed that added allowed apps still prompt a denial access warning.
I'm so confused I disabled that feature for the time.
If you set up that custom view in Event viewer (that Cliff S posted), you can copy marked text - just like in the picture from Cliff. When allowing app to access Protected folders, click to "Add an allowed app" and paste that in file path and name. (Ctrl+C and Ctrl+v work fine))
Also navigating to shortcut and selecting it works for me
@Andre Ten
Much appreciated.
Just realized that this thread is a tutorials thread. I think I have to explain my post in reply to @Brink post #4.
I wanted to know if windows Defender exploit mitigation feature will eventually became more user friendly for people like me, quite hopeless navigating OS features.
I guess I posted in the wrong place and apologize.