deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update enable-exploit-protection.md

Browse Source 
Audit of mitigations is not always available via PS but is with other management options
This commit is contained in:
Kurt Sarens
2020-11-06 15:18:45 +01:00
committed by GitHub
parent 89f1e46fef
commit 0e4ce05d01
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
View File

@ -225,20 +225,20 @@ Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreS
Disable extension points | App-level only | ExtensionPoint | Audit not available Disable extension points | App-level only | ExtensionPoint | Audit not available
Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall
Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess
Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter <a href="#r1" id="t1">\[1\]</a> | Audit not available Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter <a href="#r1" id="t1">\[1\]</a> | Audit not available<a href="#r2" id="t2">\[2\]</a>
Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available<a href="#r2" id="t2">\[2\]</a>
Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available<a href="#r2" id="t2">\[2\]</a>
Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available<a href="#r2" id="t2">\[2\]</a>
Validate handle usage | App-level only | StrictHandle | Audit not available Validate handle usage | App-level only | StrictHandle | Audit not available
Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available
Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available<a href="#r2" id="t2">\[2\]</a>
<a href="#t1" id="r1">\[1\]</a>: Use the following format to enable EAF modules for DLLs for a process: <a href="#t1" id="r1">\[1\]</a>: Use the following format to enable EAF modules for DLLs for a process:
```PowerShell ```PowerShell
Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
``` ```
<a href="#t2" id="r2">\[2\]</a>: Audit for this mitigation is not available via Powershell CmdLet.
## Customize the notification ## Customize the notification
See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.