none
Possibility of resetting windows defender exploit protection program list! RRS feed

  • Question

  • Recently I was asked by a friend if it was possible to reset windows defender exploit protection list of programs. Is it possible to reset all windows defender exploit protection settings?
    Wednesday, March 20, 2019 9:29 PM

Answers

  • Excelent! So I should do this for about 1000 times if there are near 1000 executable files?!
    I am looking for an automated, more forward way to reset the whole settings for all the programs not just for one.

    You have to write a PowerShell script that get the exploit protection settings for each program and then delete each of them using the Set-ProcessMitigation cmdlet with the -Disable parameter.

    Bye.


    Luigi Bruno
    MCP, MOS, MTA, MCTS, MCSA, MCSE

    • Edited by Luigi BrunoMVP Thursday, March 21, 2019 1:26 AM
    • Marked as answer by Client_Zero Sunday, September 22, 2019 5:11 AM
    Thursday, March 21, 2019 1:25 AM

All replies

  • Hi Client_Zero.

    The exploit protection settings list for program can be reset via the Windows Defender GUI: open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender, click the App & browser control tile (or the app icon on the left menu bar) and then click Exploit protection settings at the bottom of the screen; go to the Program settings section and choose the app, then click Remove (you have to do it for each app to reset the list).

    You can also so that via PowerShell by using the Set-ProcessMitigation cmdlet.

    Bye.


    Luigi Bruno
    MCP, MOS, MTA, MCTS, MCSA, MCSE

    Wednesday, March 20, 2019 10:09 PM
  • Excelent! So I should do this for about 1000 times if there are near 1000 executable files?!
    I am looking for an automated, more forward way to reset the whole settings for all the programs not just for one.
    • Edited by Client_Zero Wednesday, March 20, 2019 10:28 PM
    Wednesday, March 20, 2019 10:27 PM
  • Excelent! So I should do this for about 1000 times if there are near 1000 executable files?!
    I am looking for an automated, more forward way to reset the whole settings for all the programs not just for one.

    You have to write a PowerShell script that get the exploit protection settings for each program and then delete each of them using the Set-ProcessMitigation cmdlet with the -Disable parameter.

    Bye.


    Luigi Bruno
    MCP, MOS, MTA, MCTS, MCSA, MCSE

    • Edited by Luigi BrunoMVP Thursday, March 21, 2019 1:26 AM
    • Marked as answer by Client_Zero Sunday, September 22, 2019 5:11 AM
    Thursday, March 21, 2019 1:25 AM
  • Try to export a clean exploit protection configuration file from another PC, then import it to the target PC, detailed information here:

    Import, export, and deploy exploit protection configurations

    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 21, 2019 1:42 AM
    Moderator