Update enable-exploit-protection.md

Audit of mitigations is not always available via PS but is with other management options
2025-06-21 13:23:36 +00:00 · 2020-11-06 15:18:45 +01:00
parent 89f1e46fef
commit 0e4ce05d01
1 changed files with 7 additions and 7 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@ -210,7 +210,7 @@ Set-Processmitigation -Name test.exe -Remove -Disable DEP
 This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that can be used to configure each mitigation.
 Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet
- | - | - | -
+-|-|-|-
 Control flow guard (CFG) | System and app-level |   CFG,   StrictCFG,   SuppressExports  | Audit not available
 Data Execution Prevention (DEP) | System and app-level |   DEP,   EmulateAtlThunks  | Audit not available
 Force randomization for images (Mandatory ASLR) | System and app-level |   ForceRelocateImages  | Audit not available
@ -225,20 +225,20 @@ Code integrity guard | App-level only |   BlockNonMicrosoftSigned,   AllowStoreS
 Disable extension points | App-level only |   ExtensionPoint  | Audit not available
 Disable Win32k system calls | App-level only |   DisableWin32kSystemCalls  |   AuditSystemCall
 Do not allow child processes | App-level only |   DisallowChildProcessCreation  |   AuditChildProcess
-Export address filtering (EAF) | App-level only |   EnableExportAddressFilterPlus,   EnableExportAddressFilter  <a href="#r1" id="t1">\[1\]</a> | Audit not available
+Export address filtering (EAF) | App-level only |   EnableExportAddressFilterPlus,   EnableExportAddressFilter  <a href="#r1" id="t1">\[1\]</a> | Audit not available<a href="#r2" id="t2">\[2\]</a>
-Import address filtering (IAF) | App-level only |   EnableImportAddressFilter  | Audit not available
+Import address filtering (IAF) | App-level only |   EnableImportAddressFilter  | Audit not available<a href="#r2" id="t2">\[2\]</a>
-Simulate execution (SimExec) | App-level only |   EnableRopSimExec  | Audit not available
+Simulate execution (SimExec) | App-level only |   EnableRopSimExec  | Audit not available<a href="#r2" id="t2">\[2\]</a>
-Validate API invocation (CallerCheck) | App-level only |   EnableRopCallerCheck  | Audit not available
+Validate API invocation (CallerCheck) | App-level only |   EnableRopCallerCheck  | Audit not available<a href="#r2" id="t2">\[2\]</a>
 Validate handle usage | App-level only |   StrictHandle  | Audit not available
 Validate image dependency integrity | App-level only |   EnforceModuleDepencySigning  | Audit not available
-Validate stack integrity (StackPivot) | App-level only |   EnableRopStackPivot  | Audit not available
+Validate stack integrity (StackPivot) | App-level only |   EnableRopStackPivot  | Audit not available<a href="#r2" id="t2">\[2\]</a>
 <a href="#t1" id="r1">\[1\]</a>: Use the following format to enable EAF modules for DLLs for a process:
 ```PowerShell
 Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
 ```
-
+<a href="#t2" id="r2">\[2\]</a>: Audit for this mitigation is not available via Powershell CmdLet.
 ## Customize the notification
 See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.