Forum Discussion

BinTN42's avatar
BinTN42
Copper Contributor
Jul 02, 2023

Exploit Prevention Blocking EXE files

My environment is having an issue where exe files are being blocked when executed via a remote share. It appears Exploit Prevention is blocking but it does not happen for every user.

 

I have placed an exclusion using Set-ProcessMitigation -Name filename.exe -Disable BlockRemoteImageLoads and the issues still persist.

 

We do not use Defender for Endpoint as a solution and are not managing Exploit Guard policy via GPO, SCCM, or InTune.

 

Also I have verified the process mitigation is disabled using PowerShell.

 

ImageLoad:
BlockRemoteImageLoads : OFF
AuditRemoteImageLoads : NOTSET
Override BlockRemoteImages : False
BlockLowLabelImageLoads : OFF
AuditLowLabelImageLoads : NOTSET
Override BlockLowLabel : False
PreferSystem32 : NOTSET
AuditPreferSystem32 : NOTSET
Override PreferSystem32 : False

 

This randomly started a few days ago and I'm at a loss for how to move forward and why this occured all the sudden.

 

 

No RepliesBe the first to reply

Resources