Turn exploit prevention on or off

If you use role-based administration:

You must have the Policy setting - exploit prevention right to configure an exploit prevention policy.
You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

Note: By default, exploit prevention is turned on and all exploit prevention options are turned on.

To turn exploit prevention on or off:

Check which exploit prevention policy is used by the group(s) of computers you want to configure.
See Check which policies a group uses.
In the Policies pane, double-click Exploit prevention. Then double-click the policy you want to change.
In the Protection Settings tab of the Exploit Prevention Policy dialog box, select or clear the Enable exploit prevention check box.
Select or clear the Protect document files from ransomware (Cryptoguard) check box.
You can also choose whether to protect against remotely run ransomware (only on 64-bit endpoints).
Select or clear the Protect critical functions in web browsers (Safe Browsing) check box.
Select or clear the Mitigate exploits in vulnerable applications check box.
You can also choose the types of applications you want to protect against exploitation, for example Microsoft Office applications.
Select or clear the Prevent process hollowing attacks check box.
Select or clear the Prevent DLLs from loading from untrusted folders check box.
Select or clear the CPU branch tracing check box.
Click OK.

You can exclude applications from exploit prevention. Note that they will still be protected by CryptoGuard and Safe Browsing, if these options are selected. See Exclude applications from exploit prevention.