Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1909 (a.k.a., “19H2”), and for Windows Server version 1909. Note that Windows...
Updated Nov 21, 2019
Version 2.0
Blog Post
Moin from Germany,
I read the change regarding Exploit Protection in the blog article. I also saw the remove script in the download package
But which setting regarding the Exploit Protection within the GPOs has changed? I don't see anything there in the change history.
[Aaron Margosis] Good question. The way Exploit Protection (EP) is intended to be deployed through Group Policy is with the "Use a common set of exploit protection settings" setting in "Computer Configuration\Administrative Templates\Windows Components\Windows Defender Exploit Guard\Exploit Protection." You configure that setting with the full path to an XML file (specific path is up to you, for example on a file share) that contains EP configuration settings. We could never include that directly in the baselines because we can't specify a path that works for everyone. If you never deployed that XML file then you don't need to do anything to undo its effects!