Enable Windows Security Block Suspicious Behaviors in Windows 10

Starting with Windows 10 Build 17704, you can enable a new option in Windows Security. The option "Block suspicious behaviors" is designed to prevent behavior by an app or file that might infect your device. Here is how it can be done.

Recent versions of Windows 10 come with an app called Windows Security. The application, formerly known as "Windows Defender Security Center", has been renamed to Windows Security. It is intended to help the user control his security and privacy settings in a clear and useful way.

Windows Security Windows 10

You can launch Windows Security from the Start menu or with a special shortcut. Alternatively, you can access it using its tray icon.

Windows Defender Security Center Icon

You can enable a new protection setting, Block suspicious behaviors, which brings Windows Defender Exploit Guard attack surface reduction technology to all users.  Here is how it can be done. Before proceeding, ensure that your user account has administrative privileges. Now, follow the instructions below.

To enable Windows Defender Block Suspicious Behaviors in Windows 10, do the following.

  1. Open Windows Security.
  2. Click on the Virus & threat protection icon.Windows Security Virus And Threat Protection Icon
  3. Click on the Manage settings link under Virus & threat protection settings.Windows Security Virus And Threat Manage Settings
  4. Enable the option Block suspicious behaviors.Windows Security Virus And Threat Block Suspicious
  5. Confirm the UAC prompt.

The feature is now enabled. You can disable it at any moment if you change your mind later.

Alternatively, you can apply a Registry tweak.

Enable Windows Defender Block Suspicious Behaviors with a Registry tweak

The option is stored in the Registry under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR. The DWORD value EnableASRConsumers should be set 1 to enable the feature. However, the key is write protected, so you need to use some tool to bypass this limitation and modify the value without using the Windows Security app.

  1. Download the ExecTI freeware and start regedit.exe using it. This will open the Registry Editor app with the highest privilege level.ExecTI Run As TrustedInstaller
  2. Go to the following location in Regedit.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR

    Tip: See how to go to a Registry key with one click.

  3. Here, modify or create a new 32-bit value EnableASRConsumers and set it to 1.Enable Windows Security Block Suspicious Behaviors In Windows 10
  4. By setting the value to 0 you will disable the feature.

That's it.

3 thoughts on “Enable Windows Security Block Suspicious Behaviors in Windows 10

  1. OMC

    Sergey, please add a trick to disable “Windows Defender Security Center” into your tweaker!

    Reply
    1. Sergey Tkachenko Post author

      OK, I will try to add it.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.