Exclude files and paths from Attack Surface Reduction Rules


Exclude files and paths from Attack Surface Reduction (ASR) rules.

Enabled:
Specify the folders or files and resources that should be excluded from ASR rules in the Options section.
Enter each rule on a new line as a name-value pair:
- Name column: Enter a folder path or a fully qualified resource name. For example, ""C:\Windows"" will exclude all files in that directory. ""C:\Windows\App.exe"" will exclude only that specific file in that specific folder
- Value column: Enter ""0"" for each item

Disabled:
No exclusions will be applied to the ASR rules.

Not configured:
Same as Disabled.

You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting.

Supported on: At least Windows Server, Windows 10 Version 1709

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR
Value NameExploitGuard_ASR_ASROnlyExclusions
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Exclusions from ASR rules:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions
Value Name{number}
Value TypeREG_SZ
Default Value

windowsdefender.admx

Administrative Templates (Computers)

Administrative Templates (Users)