--- title: Turn on the protected folders feature in Windows 10 keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, enable, turn on, use description: Learn how to protect your important files by enabling Controlled Folder Access search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: medium author: iaanw ms.author: iawilt --- # Import, export, and deploy Exploit Protection configurations **Applies to:** - Windows 10 Insider Preview **Audience** - Enterprise security administrators **Manageability available with** - Windows Defender Security Center app - Group Policy - PowerShell - Configuration service providers for mobile device management ### Managing exploit protection through Group Policy 1. Launch Group Policy Management Console (gpmc.msc) and from within and existing or new GPO navigate to **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Exploit Guard\Exploit Protection** and open the policy named *Use a common set of exploit protection settings*. 2. Enable the setting as seen below and point to an accessible location for the client machines to the recently created XML. 3. Apply the new GP to targeted machines by direction OU membership, Security Group or WMI filter. - Manually configure a device's system and application mitigation settings using the *Set-ProcessMitigation* PowerShell cmdlet, the *ConvertTo-ProcessMitigationPolicy* PowerShell cmdlet, or directly in the Windows Defender Security Center > > Note: Endpoints that have this GP setting set to **Enabled** must be able to access the XML file, otherwise the settings will not be applied. - Generate an XML file with the settings from the device by running the *Get-ProcessMitigation* PowerShell cmdlet or using the **Export** button at the bottom of the **Exploit Protection** area in the Windows Defender Security Center. - Place the generated XML file in a shared or local path. ### Converting and Applying an EMET config: 1. Export the existing EMET configuration. This can be done from the "Export" button in the GUI, or by running the command: **emet_conf.exe –export emetConfig.xml** 2. In an elevated PowerShell window, convert the exported configuration with: **ConvertTo-ProcessMitigationPolicy -EMETFilePath emetConfig.xml -OutputFilePath win10Config.xml** 3. Note that this may give you some warnings, but these should be safe to ignore. 4. Apply the new configuration: from an elevated PowerShell window run **Set-ProcessMitigation -RegistryConfigFilePath win10Config.xml ** 5. From here you can check or edit the settings in the new interface in the Windows Defender Security Center or with **Get-ProcessMitigation** (this command by itself will output the entire current state of the mitigations to the shell), and **Set-ProcessMitigation** respectively. #### Group policy The Exploit Protection feature can be configured with the following Group Policy details: - Location: \Microsoft\Windows Defender Exploit Guard\Exploit Protection - Name: Use a common set of Exploit Protection settings - Values: **Enabled**: Specify the location of the XML file in the Options section. You can use a local (or mapped) path, a UNC path, or a URL, such as the following: -- C:\MitigationSettings\Config.XML -- \\Server\Share\Config.xml -- https://localhost:8080/Config.xml The settings in the XML file will be applied to the endpoint. **Disabled:** Common settings will not be applied, and the locally configured settings will be used instead. **Not configured:** Same as **Disabled**. ### Export system-level mitigations ### Import system-level mitigations **Use the Windows Defender Security app to import system-level mitigations:** **Use Group Policy to import and deploy system-level mitigations:** ## Related topics - [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) - [Evaluate Exploit Protection](evaluate-exploit-protection.md) - [Enable Exploit Protection](enable-exploit-protection.md) - [Configure and audit Exploit Protection mitigations](customize-exploit-protection.md)