The Exploit protection settings allow the user or the IT admin to enhance the security of the system and prevent it from malware. However, not everyone should fiddle with these settings, hence, the administrator should prevent users from modifying Exploit Protection settings in Windows Security. In this post, we will see how to do the same.
The Exploit protection functionality helps users protect their computers from malware that uses various security exploits to invade their computers. It works well to protect a user’s PC. Windows 11/10 allows users to add or remove an app from the Exploit protection settings in Windows Security.
Let’s assume that you are handing over your computer to your friend or kid for a couple of days, and you do not want to allow them to change any settings. You have two options. First, you can hide the App & browser control window. Second, you can disable Exploit protection settings individually.
Prevent users from modifying Exploit protection settings via GPEDIT
To prevent users from modifying Exploit protection settings in Windows 10, follow these steps-
- Press Win+R.
- Type gpedit.msc and hit the Enter button.
- Go to App and browser protection in Computer Configuration.
- Double-click on the Prevent users from modifying settings.
- Select the Enabled option.
- Click on Apply and OK.
Let’s learn more about these steps in detail.
At first, press the Win+R button to open the Run prompt. Type gpedit.msc and press the Enter button to open Local Group Policy Editor. After that, navigate to this path-
Computer Configuration > Administrative Templates > Windows Components > Windows Security > App and browser protection
Here you will see a setting called Prevent users from modifying settings. Double-click on it and select the Enabled option.
At last, click on Apply and OK buttons, respectively.
You can do the same with Registry Editor as well. If you are planning to Registry Editor, it is recommended to backup all Registry files and create a System Restore point.
Block users from adding or removing apps in Exploit protection settings via REGEDIT
To block users from adding or removing apps in Exploit protection settings, follow these steps-
- Press Win+R.
- Type regedit and hit the Enter button.
- Click the Yes button.
- Navigate to Windows Defender Security Center in HKLM.
- Right-click on it > New > Key.
- Name it as App and Browser protection.
- Right-click on it > New > DWORD (32-bit) Value.
- Name it as DisallowExploitProtectionOverride.
- Double-click on it to set the Value data as 1.
- Click OK to save the change.
Let’s delve into these steps in detail.
At first, press Win+R, type regedit, and press the Enter button. Click on the Yes button in the UAC popup window. After that, navigate to the following path-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center
Right-click on Windows Defender Security Center > New > Key and name it as App and Browser protection. After that, right-click on App and Browser protection > New > DWORD (32-bit) Value and name it as DisallowExploitProtectionOverride.
Double-click on it to set the Value data as 1.
Click the OK button to save the change.
I hope this guide helps.
How do I disable exploit protection in Windows?
To turn off Exploit Protection we can use the Windows Security application. So, open the app from the Start Menu, go to App & browser control, scroll down, and click on Exploit protection settings from the Exploit protection section. Now, you can configure or disable Exploit protection.
Also Read: Enable & use Controlled Folder Access in Windows.
