In this article, you will learn how to deploy exploit protection to your environment, exploit protection helps protect devices from malware that uses exploits to spread and infect.
You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices at once.
Exploit protection can be applied at either the operating system level or at the individual app level.
Step 1. Setting up the Exploit Protection
You need to configure the exploit protection setting on a dedicated device to export a configuration file.
- Go to the Windows Settings and select update and security,
- Open app & browser control from Windows Security and then select exploit protection setting
- You can customize exploit protection settings for your system setting, you can configure the setting by using turn on or turn off
- You can customize exploit protection settings for your program. If you want to customize the program settings add program or edit existing program
Step 2. Export a Configuration File
At the bottom of the Exploit protection section, select Export settings. Choose the location and name of the XML file where you want the configuration to be saved.
PowerShell command to export a configuration file (Run as Administrator)
“Get-ProcessMitigation -RegistryConfigFilePath C:\Exploit_Production\Exploitsettings.xml”
Step 3. Deploy an exploit production configuration file
You can use Group Policy to deploy the configuration you've created to multiple devices in your network.
- Open Group Policy Management (GPO) from your windows server
- Create and link a New GPO
- Right-click the Group Policy Object you want to configure and Edit.
Expand the tree to Windows components > Microsoft Defender Exploit Guard > Exploit protection.
- Enable the Setting and then enter the location and file name of the Exploit protection configuration file that you want to use,
C:\Exploit_Production\Exploitsettings.xml
Select OK and Deploy the updated GPO as you normally do.