Policy
Configure allowed applications
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Add additional applications that should be considered "trusted" by controlled folder access. These applications are allowed to modify or delete files in controlled folder access folders. Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications. Enabled: Specify additional allowed applications in the Options section.. Disabled: No additional applications will be added to the trusted list. Not configured: Same as Disabled. You can enable controlled folder access in the Configure controlled folder access GP setting. Default system folders are automatically guarded, but you can add folders in the configure protected folders GP setting.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Enter the applications that should be trusted: ID ExploitGuard_ControlledFolderAccess_AllowedApplications | list | HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications\ExploitGuard_ControlledFolderAccess_AllowedApplications Type REG_MULTI_SZ | List: additive, explicit value |
Other policies in this category
Explore related policies at the same level.