Policy

Apply a list of exclusions to specific attack surface reduction (ASR) rules

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Attack Surface Reduction
Supported onAt least Windows Server 2016, Windows 10 Version 1709

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy allows an administrator to specify a list of exclusions for specific ASR rules. Each entry is a name-value pair. The key indicates the rule GUID, and the value is a set of full paths separated by the > character, indicating the exclusions for that particular ASR rule. NOTE: The GUID is a KEY, not a value. Example: KEY: "{75668C1F-73B5-4CF0-BB93-3ECF5DB7C484}" VALUE: "C:\Notepad.exe>c:\regedit.exe>C:\SomeFolder\test.exe"

Internal name
ExploitGuard_ASR_ASROnlyPerRuleExclusions
Policy ID
0a4e4d2cd08a
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Exclusions for each ASR rules:
ID ExploitGuard_ASR_ASROnlyPerRuleExclusions
list
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyPerRuleExclusions\ExploitGuard_ASR_ASROnlyPerRuleExclusions
Type REG_MULTI_SZ
List: additive, explicit value

Other policies in this category

Explore related policies at the same level.