Turn exploit prevention on or off

If you use role-based administration:

  • You must have the Policy setting - exploit prevention right to configure an exploit prevention policy.
  • You can't edit a policy if it is applied outside your active sub-estate.
For more information, see Managing roles and sub-estates.
Note By default, exploit prevention is turned on and all exploit prevention options are turned on.

To turn exploit prevention on or off:

  1. Check which exploit prevention policy is used by the group(s) of computers you want to configure.
  2. In the Policies pane, double-click Exploit prevention. Then double-click the policy you want to change.
  3. In the Protection Settings tab of the Exploit Prevention Policy dialog box, select or clear the Enable exploit prevention check box.
  4. Select or clear the Protect document files from ransomware (CryptoGuard) check box.

    You can also choose whether to protect against remotely run ransomware (only on 64-bit endpoints).

  5. Select or clear the Disk and boot record protection (WipeGuard) check box.
  6. Select or clear the Protect critical functions in web browsers (Safe Browsing) check box.
  7. Select or clear the Mitigate exploits in vulnerable applications check box.

    You can also choose the types of applications you want to protect against exploitation, for example Microsoft Office applications.

  8. Select or clear the Prevent process hollowing attacks check box.
  9. Select or clear the Prevent DLLs loading from untrusted folders check box.
  10. Select or clear the CPU branch tracing check box.
  11. Click OK.

You can exclude applications from exploit prevention. Note that they will still be protected by CryptoGuard and Safe Browsing, if these options are selected. See Exclude applications from exploit prevention.

You can also exclude exploit events from exploit prevention. See Exclude exploit events from exploit prevention.