If you want to configure Windows Defender Exploit Guard in Windows 11 or Windows 10, here is how you can do that. No matter whether you want to turn on System settings or Program settings in Windows Security, you can do both with the help of the Exploit Guard. Here is everything you need to know about this security feature that comes with Windows Security.
Windows Defender Exploit Guard runs all the security benefits necessary to keep intrusion threats at bay. A characteristic feature of this tool is ‘Exploit Protection’. It automatically applies to many exploit mitigation techniques. This capability can be tested inside the Windows Defender Security Center under App & browser control > Exploit protection. By accessing the Exploit protection settings, you can control system-wide settings and program-specific overrides. Let us learn how to configure, and manage Windows systems and application exploit mitigations using Windows Defender Exploit Guard (WDEG).
Windows Defender Exploit Guard (WDEG)
Exploit Guard can be found in the Security Analytics dashboard of the Windows Defender ATP console. Its primary function is to enable enterprises to view how the feature is configured across their device and to drive compliance with recommendations based on best practice security configurations.
You can configure Windows Exploit Guard for,
All the Windows Defender Exploit Guard components can be readily managed by
- Group Policy (GP)
- System Center Configuration Manager (SCCM)
- Mobile Device Management (MDM) such as Microsoft Intune.
These components can run in both Audit and Block modes. If any instance of malicious behavior is observed, when Block mode is enabled, Windows Defender Exploit Guard automatically blocks the event from occurring in real-time.
By default, Block events for Attack Surface Reduction, Controlled folder access, and Network Protection instantly display a toast notification in real-time as well as an event log that can be centrally viewed by security operations personnel in the Windows Defender Advanced Threat Protection (WD ATP) console.
The Audit Mode detects the possibility of an occurrence of an event if it would have occurred and conveys that information to the event log and WD ATP console. This helps enterprises customers to evaluate how a rule or feature within Windows Defender Exploit Guard would perform in their enterprise which in turn helps in the decision-making process of determining whether exclusions are required to set up.
Configure Windows Defender Exploit Guard for mitigations
While only a few mitigations can be applied at the operating system level. All mitigations can be configured for individual apps.
As always, you can set value for each of the mitigations to either on/off, or to their default value.
The default values are always specified in brackets at the ‘Use default’ option for each mitigation. In the screenshot provided below, the default for Data Execution Prevention is “On”.
By and large, the use of default configuration for each of the mitigation settings is advised for offering a base level of protection, especially for daily usage by home users. For Enterprise deployments, it is advisable to consider the protection features suitable to individual needs.
The best part about using Windows Defender Exploit Guard is that you can take advantage of its settings even if you’re running third-party antivirus.
How do I enable exploit protection in Windows 11?
To enable exploit protection in Windows 11, you need to open Windows Security first. Then, switch to the App & browser control section on the left-hand side. After that, click on the Exploit protection settings option. Here you can find two options called System settings and Program settings. You need to expand each drop-down menu and choose the Use default (On) option.
How do I disable exploit protection in Windows 11?
To disable the exploit protection in Windows 11, you need to open the same path as above. That said, open Windows Security and go to App & browser control > Exploit protection settings. Then, expand the drop-down menu and choose the Off by default option.