Policy
Configure Remote Encryption Protection Mode
Set the mode for Remote Encryption Protection in Microsoft Defender Antivirus, which can detect and block attempts to replace local files with encrypted versions from another device. Supported settings: * 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform * 1 - Block: Prevent suspicious and malicious behaviors * 2 - Audit: Generate EDR detections without blocking * 4 - Off: Feature is off with no performance impact
fa8e5866d7dcRemediation_BNB_REP_RemoteEncryptionProtection_ConfiguredStateRegistry
Copy registry mappings
HKLM\Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Remote Encryption Protection\RemoteEncryptionProtectionConfiguredStatePolicy notes
Set the mode for Remote Encryption Protection in Microsoft Defender Antivirus, which can detect and block attempts to replace local files with encrypted versions from another device. Supported settings: * 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform * 1 - Block: Prevent suspicious and malicious behaviors * 2 - Audit: Generate EDR detections without blocking * 4 - Off: Feature is off with no performance impact