If you’re on Windows 10 V1709 or later, you can configure exploit protection settings. By configuring these settings, you’ll be able to safeguard your system from malware that may use exploit to infect and spread across your device. You can explore all about exploit protection in this Microsoft documentation.
Microsoft has implemented the exploit protection settings right in to the Windows Security (earlier Windows Defender, Windows Defender Security Center) app. In this article, we’ll see how you can configure exploit settings in Windows Security app. Also, we’ll see how to completely enable/disable exploit protection feature on your system.
How To Configure Exploit Protection For Windows Security In Windows 10
Configure Exploit Protection Using Windows Security App
1. Open Windows Security app and click on App & browser control tile.
2. In the next screen, scroll down and look for Exploit protection section. Click on Exploit protection settings link.
3. Then in next screen, you can configure the settings as per your need. Leave a setting to default, if you’re unable to take decision for its configuration.
4. When you change these settings, you’ll receive UAC permission dialog. So provide permissions each time by clicking Yes and provide the credentials, if asked.
5. To configure exploit protection settings for specific app or program, click on Program settings. Then click ‘+‘ and select Choose exact file path, then browse for the program and add it to this list.
All the settings will be saved and applied automatically.
In case if you want to enable or disable exploit protection, you can do it via registry manipulation or by configuring relevant Group Policy setting.
Enable/Disable Exploit Protection Using Registry Editor/Group Policy
Registry Disclaimer: The further steps will involve registry manipulation. Making mistakes while manipulating registry could affect your system adversely. So be careful while editing registry entries and create a System Restore point first.
1. Press + R and put
regedit in Run dialog box to open Registry Editor (if you’re not familiar with Registry Editor, then click here). Click OK.
2. In left pane of Registry Editor window, navigate to following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection
3. Now in the right pane of App and Browser protection registry key, right click in blank space, select New > DWORD Value. Name the newly created registry DWORD (REG_DWORD) as
DisallowExploitProtectionOverride. Double click on this registry DWORD to modify its Value data:
4. Set the Value data to 1 to disable exploit protection and click OK. Close Registry Editor and reboot.
After restarting your system, users will no longer able to configure exploit protection.
DisallowExploitProtectionOverride registry DWORD, in case if you want to enable exploit protection again.