Policy
Set exclusions from Remote Encryption Protection
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Specify IP addresses, subnets, and domain names to exclude from Remote Encryption Protection. Note that attackers can spoof excluded addresses and names to bypass protection. Enter each address or subnet on a new line as a name-value pair: - Name column: Enter an IP address or subnet name. For example, ""1.1.127.0"" will exclude this IP address from getting blocked. - Value column: Enter ""0"" for each item
Internal name
Remediation_BNB_REP_RemoteEncryptionProtectionExclusions
Policy ID
7e87f04d413f
Elements
1
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Remote Encryption Protection Exclusions ID Remediation_BNB_REP_RemoteEncryptionProtectionExclusions | list | Path Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Remote Encryption Protection\RemoteEncryptionProtectionExclusions Value name RemoteEncryptionProtection_Exclusions Type REG_MULTI_SZ | List: additive, explicit value |
Remote Encryption Protection Exclusions
Registry mapping
Path
Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Remote Encryption Protection\RemoteEncryptionProtectionExclusions
Value name
RemoteEncryptionProtection_Exclusions
Type
REG_MULTI_SZ
Details
List: additive, explicit value