Policy

Apply a list of exclusions to specific attack surface reduction (ASR) rules

This policy allows an administrator to specify a list of exclusions for specific ASR rules. Each entry is a name-value pair. The key indicates the rule GUID, and the value is a set of full paths separated by the > character, indicating the exclusions for that particular ASR rule. NOTE: The GUID is a KEY, not a value. Example: KEY: "{75668C1F-73B5-4CF0-BB93-3ECF5DB7C484}" VALUE: "C:\Notepad.exe>c:\regedit.exe>C:\SomeFolder\test.exe"

Policy
Pack Microsoft Windows
Category Windows Components / Microsoft Defender Antivirus / Microsoft Defender Exploit Guard / Attack Surface Reduction
Policy ID 0a4e4d2cd08a
Internal name ExploitGuard_ASR_ASROnlyPerRuleExclusions

Registry

Copy registry mappings

HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyPerRuleExclusions\ExploitGuard_ASR_ASROnlyPerRuleExclusions

Policy notes

This policy allows an administrator to specify a list of exclusions for specific ASR rules. Each entry is a name-value pair. The key indicates the rule GUID, and the value is a set of full paths separated by the > character, indicating the exclusions for that particular ASR rule. NOTE: The GUID is a KEY, not a value. Example: KEY: "{75668C1F-73B5-4CF0-BB93-3ECF5DB7C484}" VALUE: "C:\Notepad.exe>c:\regedit.exe>C:\SomeFolder\test.exe"

Related policies

Configure Attack Surface Reduction rulesExclude files and paths from Attack Surface Reduction Rules