Security controls (Exploit Guard)

We provide a comprehensive list of vulnerabilities and remediation options on this page for our visitors’ reference. However, we would like to inform you that EireaNet, Inc. offers a free of charge automated mitigation service to our monthly subscribers. This service is designed to detect and remediate any vulnerabilities or other security issues on your system. Our mitigation service is constantly updated with the latest threats and vulnerabilities, ensuring that our subscribers are always protected against the latest security threats.

In addition to the automated mitigation service, EireaNet, Inc. also provides personalized consulting for businesses that require a more tailored approach to their security needs. Our team of experts can conduct thorough security assessments and provide customized recommendations to address specific vulnerabilities within your system. This personalized consulting service aims to empower businesses with the knowledge and tools to enhance their overall security posture and mitigate potential risks effectively.

We understand the critical importance of staying ahead of evolving security threats, which is why we remain dedicated to continuously updating our mitigation service and staying informed about emerging vulnerabilities. By offering both automated and personalized solutions, we aim to cater to the diverse security needs of our subscribers, ultimately contributing to a more secure digital environment for all.

Set controlled folder access to enabled or audit mode

Description

This status indicated that controlled folder access is disabled. Controlled folder access helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Microsoft Defender Antivirus Real-time protection.

This security control is only assessed for machines on Windows 10, version 1709 or later, and Windows Server 2019.

Potential risk

Not enabling controlled folder access leaves you exposed to various attack vectors. Audit mode allows you to see audit events in the Microsoft Defender for Endpoint Machine timeline however it does not block suspicious applications. Consider enabling Controlled Folder Access for better protection.

Remediation options

Option 1 – Set the following Group Policy:
Computer Configuration\Administrative Templates\Windows Components\(Windows|Microsoft) Defender Antivirus\Windows Defender Exploit Guard\Controlled folder access
To the following value: Enabled\Block (recommended) or Enabled\Audit Mode

Option 2 – Set the following registry value:
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\EnableControlledFolderAccess
To REG_DWORD value:
Enabled (recommended): 1
Audit Mode: 2