--- title: Turn on Exploit protection to help mitigate against attacks keywords: exploit, mitigation, attacks, vulnerability description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic ms.date: 05/30/2018 --- # Enable Exploit protection **Applies to:** - Windows 10, version 1709 and later - Windows Server 2016 **Audience** - Enterprise security administrators **Manageability available with** - Windows Defender Security Center app - Group Policy - PowerShell Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in Exploit protection. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). ## Enable and audit Exploit protection You enable and configure each Exploit protection mitigation separately. Some mitigations apply to the entire operating system, while others can be targeted towards specific apps. The mitigations available in Exploit protection are enabled or configured to their default values automatically in Windows 10. However, you can customize the configuration to suit your organization and then deploy that configuration across your network. You can also set mitigations to audit mode. Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine. For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md). >[!WARNING] >Some security mitigation technologies may have compatibility issues with some applications. You should test Exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network. You can also convert an existing EMET configuration file (in XML format) and import it into Exploit protection. This is useful if you have been using EMET and have a customized series of policies and mitigations that you want to keep using. See the following topics for instructions on configuring Exploit protection mitigations and importing, exporting, and converting configurations: 1. [Configure the mitigations you want to enable or audit](customize-exploit-protection.md) 2. [Export the configuration to an XML file that you can use to deploy the configuration to multiple machines](import-export-exploit-protection-emet-xml.md). ## Related topics - [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) - [Evaluate Exploit protection](evaluate-exploit-protection.md) - [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) - [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)