Policy

Apply a list of exclusions to specific attack surface reduction (ASR) rules

Microsoft Windows

Back to Attack Surface ReductionBack to main
Apply a list of exclusions to specific attack surface reduction (ASR) rules
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Attack Surface Reduction
Supported on
At least Windows Server 2016, Windows 10 Version 1709

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy allows an administrator to specify a list of exclusions for specific ASR rules. Each entry is a name-value pair. The key indicates the rule GUID, and the value is a set of full paths separated by the > character, indicating the exclusions for that particular ASR rule. NOTE: The GUID is a KEY, not a value. Example: KEY: "{75668C1F-73B5-4CF0-BB93-3ECF5DB7C484}" VALUE: "C:\Notepad.exe>c:\regedit.exe>C:\SomeFolder\test.exe"

Internal name
ExploitGuard_ASR_ASROnlyPerRuleExclusions
Policy ID
0a4e4d2cd08a
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Exclusions for each ASR rules:
ID ExploitGuard_ASR_ASROnlyPerRuleExclusions
list
Path
Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyPerRuleExclusions
Value name
ExploitGuard_ASR_ASROnlyPerRuleExclusions
Type
REG_MULTI_SZ
List: additive, explicit value
Exclusions for each ASR rules:
Computer · Type list
Registry mapping
Path
Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyPerRuleExclusions
Value name
ExploitGuard_ASR_ASROnlyPerRuleExclusions
Type
REG_MULTI_SZ
Details
List: additive, explicit value