Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1909 (a.k.a., “19H2”), and for Windows Server version 1909. Note that Windows...
Updated Nov 21, 2019
Version 2.0
Blog Post
you are right, it is not default on enterprise, i am setting standards for 1809 and CIS says , set it to 1 , but am interested the reason behind this rollback.
I am planning to enforce this on my enterprise, since we have locked down on admin and would like to know, how Microsoft populates by default a bunch of .exe , if a vendor reaches out to us with an .exe, is there a a way for users within enterprise to certify that .exe is harmless and include in the list of trusted. How does Microsoft go about certifying for the overrides. Thanks,
[Aaron Margosis] What rollback? EnableInstallerDetection has always been enabled.
I don't know what you're referring to with the rest of your question. We never make any assertion about "harmless" - if you're asking about why we configured EP for some apps (and similarly EMET several years ago) it was just that they were/are popular and could potentially have had exploitable vulnerabilities.