Exclude exploit events from exploit prevention

If you use role-based administration:

  • You must have the Policy setting - exploit prevention right to configure an exploit prevention policy.
  • You can't edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

  • When you exclude an exploit event, only the specific exploit will be excluded, not the complete application.
  • If an exploit event is part of an application that has already been excluded, you do not need to exclude the exploit event.

You can exclude exploit events from exploit prevention. You can also protect previously excluded exploit events.

To exclude exploit events:

  1. Check which exploit prevention policy is used by the group(s) of computers you want to configure.

    See Check which policies a group uses.

  2. In the Policies pane, double-click Exploit prevention. Then double-click the policy you want to change.
  3. In the Exploit Exclusions tab of the Exploit Prevention Policy dialog box, select the exploit events you want to exclude in the Detected exploit events list and click Exclude.
    This moves the selected exploit events to the Excluded exploit events list.
  4. To protect exploit events that are currently excluded from checking, go to the Excluded exploit events list, select the events and click Include.
  5. Click OK.