Windows Defender Exploit Guard MitigationOptions for office 2016

Topic

New Reply

It seems that this C2R type software erases/resets the windows defender exploit guard MitigationOptions every time office is updated or repaired. Is anyone else seeing this?

On an indirectly related note:
There’s also an option(checkbox) “don’t use high entropy”. I note that checking this box means “use high entropy” and unchecking it means “don’t use high entropy”. This is backwards from what makes sense. Anyone notice this?

Reply | Quote

Replies

Anyone?

Reply | Quote

Which settings are being reset? For which Office apps?

--Joe

Reply | Quote

Any settings you set for Windows Defender Exploit Guard (introduced as EMET replacement 1709).

Example from where the settings are changed in the registry:
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe”
MitigationAuditOptions

Here’s some pictures from the user interface:
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-app-settings.png
https://msdnshared.blob.core.windows.net/media/2017/11/WDEGConfig.png

These settings (once you enable compatible settings — attempting to improve security) are lost after a repair or update of office 2016.

Reply | Quote

Yup – I experienced loss of custom exploit settings too.

Reply | Quote