Prevent users from making changes to exploit protection

1fc3446e-9d66-4c41-b2d1-cf562e07f2a9

Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps. It's good practice that these settings are forced via GPO/registry and users are disallowed to make changes.

https://www.stigviewer.com/stig/windows_10/2018-04-06/finding/V-77025

Remediation

There are several ways to disallow users to change settings in Exploit Protection: https://www.ghacks.net/2017/10/25/configure-windows-defender-exploit-guard-in-windows-10/



stig-medium-desktop
security-desktop
compliance-desktop
security-desktop
nist800-171