Select Apply when you're done setting up your configuration. Repeat step 6 for all the system-level mitigations you want to configure.
Use default: The mitigation is either enabled or disabled, depending on the default configuration that is set up by Windows 10 or Windows 11 installation the default value ( On or Off) is always specified next to the Use default label for each mitigation.Off by default: The mitigation is disabled for apps that don't have this mitigation set in the app-specific Program settings section.
On by default: The mitigation is enabled for apps that don't have this mitigation set in the app-specific Program settings section.Apps that aren't configured individually in the Program settings section use the settings that are configured here. Under the System settings section, find the mitigation you want to configure and then specify one of the following settings. Repeat steps 3-4 for all the apps and mitigations you want to configure. You are notified if you need to restart the process or app, or if you need to restart Windows. Choosing Audit will apply the mitigation in audit mode only. Use Choose exact file path to use a standard Windows Explorer file picker window to find and select the file you want.Īfter selecting the app, you'll see a list of all the mitigations that can be applied.
You can enter a full path to limit the mitigation to only the app with that name in that location. Use Add by program name to have the mitigation applied to any running process with that name.If the app is not listed, at the top of the list select Add program to customize and then choose how you want to add the app.If the app you want to configure is already listed, select it, and then select Edit.Go to Program settings and choose the app you want to apply mitigations to. Select the App & browser control tile (or the app icon on the left menu bar) and then select Exploit protection settings. Open the Windows Security app by either selecting the shield icon in your task bar, or by searching the Start menu for Security. Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the device. You can also set mitigations to audit mode. You can export these settings as an XML file and deploy them to other devices.
You can set each mitigation to on, off, or to its default value.