Windows 10 1909 Drops Exploit Protection From Security Baseline

LASER_oneXM · Nov 23, 2019

Microsoft released the final version of its security configuration baseline settings for Windows 10 Version 1909 and Windows Server Version 1909, and also announced the removal of Exploit Protection settings and explicit enforcement of 30-day account password expiration for domain-joined devices.

Windows 10's security baseline enables enterprise security administrators to use Microsoft-recommended Group Policy Object (GPO) baselines for boosting the overall security posture of a system and reduce its overall attack surface.

"A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact," as Microsoft explains on its documentation website. "These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers."

Andy Ful · Nov 23, 2019

Some Exploit protection settings were simply too restrictive for daily work in Enterprises. Administrators can still use Exploit Protection settings when adjusted to their needs.

South Park · Nov 23, 2019

There's a very helpful post about this at Ask Woody: https://www.askwoody.com/forums/top...-windows-defender-exploit-guard/#post-2009573

Basically, Microsoft is only removing a few presets for ASR for Enterprise users, but "Exploit Protection" (EMET replacement) for Home users isn't changing. I find it confusing that Microsoft uses similar names for different things.

shmu26 · Nov 24, 2019

When ever happened to the pre-set ASR that was supposed to filter down to home/pro editions of Windows 10? I remember about a year or a year and half ago, they were talking about this. It was supposed to be something like a one-click ConfigureDefender config.

Andy Ful · Nov 24, 2019

Here is the working link to the article that was commented on some forums:

Another key Win10 security feature bites the dust: Say goodbye to Windows Defender Exploit Guard @ AskWoody

This guy does not understand that he cannot generalize personal experience with Exploit Guard. Furthermore, he messed up the Exploit protection with ASR rules.
Additionally, some guys on a few forums have misunderstood his post, because they did not know what is the security baseline for Windows.

WD Exploit Guard includes:

Attack Surface Reduction
Controlled folder access
Exploit protection
Network protection

The security baseline is simply a collection of Group Policies, recommended by Microsoft to Enterprises. Exploit protection is the continuation of EMET (anti-exploit mitigations). The mitigations in the security baseline were applied to several applications like OneDrive, Web Browsers, Adobe Reader, etc.
There were complaints related to compatibility issues after applying anti-exploit mitigations via the security baseline policies, so Microsoft simply removed these policies form the security baseline for Windows 1909. Of course, the mitigations can still be applied by administrators for any application via WD Security Center (also in Windows Home) or PowerShell cmdlet.

Edit.
ConfigureDefender does not include Exploit protection settings. It can configure some other Exploit Guard features, like ASR rules, Controlled Folder Access, and Network protection.

Venustus · Nov 24, 2019

Andy Ful said:
Here is the working link to the article that was commented on some forums:
https://www.askwoody.com/2019/anoth...ay-goodbye-to-windows-defender-exploit-guard/

404 error on that link.??

TairikuOkami · Nov 24, 2019

venustus said:
404 error on that link.??

EDIT: It seems, that MT changes "w i n 1 0" to "Windows 10" automatically, even in the code?

Code:

https://www.askwoody.com/2019/another-key-win10-security-feature-bites-the-dust-say-goodbye-to-windows-defender-exploit-guard/

g4nu5 · Nov 24, 2019

thnx for share

plat · Nov 24, 2019

Tried the link, this is what I got. Is it possible the content was pulled?

I follow the Defender thread at Wilders; here is a Microsoft rep refuting the content out of hand.

Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Another key Win10 security feature bites the dust: Say goodbye to Windows Defender Exploit Guard...

www.wilderssecurity.com

EDIT--meh, content's still there, I just accessed it from Wilders. Sorry about that.

Andy Ful · Nov 24, 2019

venustus said:
404 error on that link.??

Malware Tips website automatically changes 'w i n 10' to 'Windows 10' (as TairikuOkami already noticed), so you have got an error.
I replaced the full link with a shortened version. It works on my web browser, but I am not sure if it will work generally.

Another key Win10 security feature bites the dust: Say goodbye to Windows Defender Exploit Guard @ AskWoody

oldschool · Nov 24, 2019

@AskWoody's article was a joke. Clickbait as usual.

ForgottenSeer 823865 · Nov 24, 2019

I guess people don't understand what the word "baseline" means...
By the way, I should create AskUmbra site, would be better than all those AskMeButImNoobs one.

oldschool · Nov 24, 2019

Umbra said:
people don't understand what the word "baseline" means..

It's what they have in tennis, of course! Right?

Venustus · Nov 25, 2019

Another key Win10 security feature bites the dust: Say goodbye to Windows Defender Exploit Guard @ AskWoody

Umbra said:
AskUmbra

I like the sound of that, has a certain finesse about it.. As long as you don't treat us all as NOOBS...

Search

Windows 10 1909 Drops Exploit Protection From Security Baseline

LASER_oneXM

Level 37

Andy Ful

From Hard_Configurator Tools

South Park

Level 9

shmu26

Level 85

Andy Ful

From Hard_Configurator Tools

Venustus

Level 59

TairikuOkami

Level 35

Attachments

g4nu5

Level 2

plat

Level 29

Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Andy Ful

From Hard_Configurator Tools

oldschool

Level 82

ForgottenSeer 823865

oldschool

Level 82

Venustus

Level 59

Similar threads