From 0b44189a7c99ff7c78ab92e83e675e60b8b08957 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Tue, 29 Aug 2017 19:27:24 +0000
Subject: [PATCH] Merged PR 2938: Updated ExploitGuard and Browser policies in
 Policy CSP

---
 .../mdm/policy-csp-browser.md                 |  4 +--
 .../mdm/policy-csp-exploitguard.md            | 29 +++++++++++++++++--
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 263cff9d57..edd167f211 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -1041,7 +1041,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 
 <p style="margin-left: 20px">If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.
 
-<p style="margin-left: 20px">Data type is integer. Supported operations are Add, Get, Replace, and Delete.
+<p style="margin-left: 20px">Data type is integer.
 
 <!--EndDescription-->
 <!--EndPolicy-->
@@ -1311,7 +1311,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 
 <p style="margin-left: 20px">If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.
 
-<p style="margin-left: 20px">Data type is string. Supported operations are Add, Get, Replace, and Delete.
+<p style="margin-left: 20px">Data type is string. 
 
 <!--EndDescription-->
 <!--EndPolicy-->
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index cf06c60c3e..d1dc5d3933 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/11/2017
+ms.date: 08/29/2017
 ---
 
 # Policy CSP - ExploitGuard
@@ -41,10 +41,35 @@ ms.date: 08/11/2017
 
 <!--EndSKU-->
 <!--StartDescription-->
-<p style="margin-left: 20px">Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML.
+<p style="margin-left: 20px">Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
 
 <p style="margin-left: 20px">The system settings require a reboot; the application settings do not require a reboot.
 
+<p style="margin-left: 20px">Here is an example:
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+  <SyncBody>
+    <Replace>
+      <CmdID>$CmdId$</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+       </Meta>
+        <Target>
+          <LocURI>./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings</LocURI>
+        </Target>
+        <Data><![CDATA[<?xml version="1.0" encoding="UTF-8"?><MitigationPolicy><SystemConfig><SEHOP Audit="true" /></SystemConfig><AppConfig Executable="iexplore.exe"><ImageLoad AuditImageLoad="true" /><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="wordpad.exe"><DynamicCode Audit="true" /><SignedBinaries Audit="true" AuditStoreSigned="false" /><ImageLoad AuditImageLoad="true"  /><ChildProcess  Audit="true" /><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="notepad.exe"><DynamicCode Audit="true" /><SignedBinaries Audit="true" AuditStoreSigned="false" /><ImageLoad AuditImageLoad="true" /><ChildProcess Audit="true" /><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="outlook.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="winword.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="excel.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="powerpnt.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="AcroRd32.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="Acrobat.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="fltldr.exe"><DynamicCode Audit="true" /><ImageLoad AuditImageLoad="true" /><ChildProcess Audit="true" /><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="RuntimeBroker.exe"><ImageLoad AuditImageLoad="true" /><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="SearchIndexer.exe"><DynamicCode Audit="true" /><SignedBinaries Audit="true" AuditStoreSigned="false" /><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="java.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="javaws.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="javaw.exe"><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig><AppConfig Executable="EpSelfhostV1.exe"><DynamicCode Audit="true" /><ImageLoad AuditImageLoad="true" /><ChildProcess Audit="true" /><Payload AuditEnableExportAddressFilter="true"AuditEnableExportAddressFilterPlus="true"AuditEnableImportAddressFilter="true"AuditEnableRopStackPivot="true"AuditEnableRopCallerCheck="true"AuditEnableRopSimExec="true"/></AppConfig></MitigationPolicy>]]></Data>
+      </Item>
+    </Replace>
+    <Final/>
+  </SyncBody>
+</SyncML>
+
+```
+
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>