Policy
Set exclusions from Remote Encryption Protection
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Specify IP addresses, subnets, and domain names to exclude from Remote Encryption Protection. Note that attackers can spoof excluded addresses and names to bypass protection. Enter each address or subnet on a new line as a name-value pair: - Name column: Enter an IP address or subnet name. For example, ""1.1.127.0"" will exclude this IP address from getting blocked. - Value column: Enter ""0"" for each item
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Remote Encryption Protection Exclusions ID Remediation_BNB_REP_RemoteEncryptionProtectionExclusions | list | HKLM\Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Remote Encryption Protection\RemoteEncryptionProtectionExclusions\RemoteEncryptionProtection_Exclusions Type REG_MULTI_SZ | List: additive, explicit value |
Other policies in this category
Explore related policies at the same level.
- ComputerConfigure how aggressively Remote Encryption Protection blocks threatsAt least Windows Server 2016, Windows 10 Version 1607
- ComputerConfigure Remote Encryption Protection blocking timeAt least Windows Server 2016, Windows 10 Version 1607
- ComputerConfigure Remote Encryption Protection ModeAt least Windows Server 2016, Windows 10 Version 1607