4.3 KiB
title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.technology, ms.topic
| title | description | author | manager | ms.author | ms.date | ms.localizationpriority | ms.prod | ms.technology | ms.topic |
|---|---|---|---|---|---|---|---|---|---|
| ExploitGuard Policy CSP | Learn more about the ExploitGuard Area in Policy CSP | vinaypamnani-msft | aaroncz | vinpa | 12/30/2022 | medium | windows-client | itpro-manage | reference |
Policy CSP - ExploitGuard
ExploitProtectionSettings
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings
Specify a common set of Microsoft Defender Exploit Guard system and application mitigation settings that can be applied to all endpoints that have this GP setting configured.
There are some prerequisites before you can enable this setting:
- Manually configure a device's system and application mitigation settings using the Set-ProcessMitigation PowerShell cmdlet, the ConvertTo-ProcessMitigationPolicy PowerShell cmdlet, or directly in Windows Security.
- Generate an XML file with the settings from the device by running the Get-ProcessMitigation PowerShell cmdlet or using the Export button at the bottom of the Exploit Protection area in Windows Security.
- Place the generated XML file in a shared or local path.
Note: Endpoints that have this GP setting set to Enabled must be able to access the XML file, otherwise the settings will not be applied.
Enabled Specify the location of the XML file in the Options section. You can use a local (or mapped) path, a UNC path, or a URL, such as the following:
- C:\MitigationSettings\Config.XML
- \Server\Share\Config.xml
- https://localhost:8080/Config.xml
The settings in the XML file will be applied to the endpoint.
Disabled Common settings will not be applied, and the locally configured settings will be used instead.
Not configured Same as Disabled.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Group policy mapping:
| Name | Value |
|---|---|
| Name | ExploitProtection_Name |
| Friendly Name | Use a common set of exploit protection settings |
| Element Name | Type the location (local path, UNC path, or URL) of the mitigation settings configuration XML file |
| Location | Computer Configuration |
| Path | Windows Components > Microsoft Defender Exploit Guard > Exploit Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection |
| ADMX File Name | ExploitGuard.admx |