Windows Exploit Protection - dcasota/Lenovo83BY GitHub Wiki

Microsoft published the Microsoft Security Compliance Toolkit 1.0 in January 2025. It contains a reset file for Exploit Protection as well.

Simply starting Set-ProcessMitigation -PolicyFilePath "c:\users\username\Windows 11 v24H2 Security Baseline\Windows 11 v24H2 Security Baseline\Scripts\ConfigFiles\EP-reset.xml" does not work. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options contains all entries in subkeys. If a user tries to delete that key, an antivirus solution - in one case McAfee - will prevent the deletion of its own entries, but all other entries are gone. This is good, because after that, Set-ProcessMitigation -PolicyFilePath ep-reset.xml works flawlessly.

Weblinks:

• Exploit protection
• https://github.com/HotCakeX/Harden-Windows-Security/issues/653