Starting with Windows 10 Build 17704, you can enable a new option in Windows Security. The option "Block suspicious behaviors" is designed to prevent behavior by an app or file that might infect your device. Here is how it can be done.
Recent versions of Windows 10 come with an app called Windows Security. The application, formerly known as "Windows Defender Security Center", has been renamed to Windows Security. It is intended to help the user control his security and privacy settings in a clear and useful way.
You can launch Windows Security from the Start menu or with a special shortcut. Alternatively, you can access it using its tray icon.
You can enable a new protection setting, Block suspicious behaviors, which brings Windows Defender Exploit Guard attack surface reduction technology to all users. Here is how it can be done. Before proceeding, ensure that your user account has administrative privileges. Now, follow the instructions below.
To enable Windows Defender Block Suspicious Behaviors in Windows 10, do the following.
- Open Windows Security.
- Click on the Virus & threat protection icon.
- Click on the Manage settings link under Virus & threat protection settings.
- Enable the option Block suspicious behaviors.
- Confirm the UAC prompt.
The feature is now enabled. You can disable it at any moment if you change your mind later.
Alternatively, you can apply a Registry tweak.
Enable Windows Defender Block Suspicious Behaviors with a Registry tweak
The option is stored in the Registry under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR. The DWORD value EnableASRConsumers should be set 1 to enable the feature. However, the key is write protected, so you need to use some tool to bypass this limitation and modify the value without using the Windows Security app.
- Download the ExecTI freeware and start regedit.exe using it. This will open the Registry Editor app with the highest privilege level.
- Go to the following location in Regedit.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR
Tip: See how to go to a Registry key with one click.
- Here, modify or create a new 32-bit value EnableASRConsumers and set it to 1.
- By setting the value to 0 you will disable the feature.