Configure Remote Encryption Protection Mode
Supported on: At least Windows Server 2016, Windows 10 Version 1607
Registry
HKLM
Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Remote Encryption Protection Value name: RemoteEncryptionProtectionConfiguredState
Options
RemoteEncryptionProtectionConfiguredState enum - Default
->
0 - Block
->
1 - Audit
->
2 - Off
->
4
Description
Set the mode for Remote Encryption Protection in Microsoft Defender Antivirus, which can detect and block attempts to replace local files with encrypted versions from another device. Supported settings: * 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform * 1 - Block: Prevent suspicious and malicious behaviors * 2 - Audit: Generate EDR detections without blocking * 4 - Off: Feature is off with no performance impact