deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 14:53:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

final exp prot drafts

Browse Source
This commit is contained in:
Iaan D'Souza-Wiltshire
2017-08-24 16:18:22 -07:00
parent 6c79bd0826
commit 0e6dda660d
9 changed files with 128 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
View File

@ -1,6 +1,7 @@
---
title:
keywords:
title: Compare the features in Exploit Protection with EMET
keywords: emet, enhanced mitigation experience toolkit, configuration, exploit
description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET.
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
@ -26,44 +27,15 @@ ms.author: iawilt
- Enterprise security administrators
**Manageability available with**
- Group Policy
- PowerShell
- Windows Management Instrumentation (WMI)
- System Center Configuration Manager
- Microsoft Intune
- Windows Defender Security Center app
Exploit Protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
It is part of Windows Defender Exploit Guard, which is itself a component in the new Windows Defender Advanced Threat Protection offering of security and threat prevention products.
You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once.
## Requirements
The following requirements must be met before Exploit Protection will work:
Windows 10 version | Windows Defender Advanced Threat Protection
Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
### Converting and Applying an EMET config:
1. Export the existing EMET configuration. This can be done from the "Export" button in the GUI, or by running the command: **emet_conf.exe <20>export emetConfig.xml**
2. In an elevated PowerShell window, convert the exported configuration with: **ConvertTo-ProcessMitigationPolicy -EMETFilePath emetConfig.xml -OutputFilePath win10Config.xml**
3. Note that this may give you some warnings, but these should be safe to ignore.
4. Apply the new configuration: from an elevated PowerShell window run **Set-ProcessMitigation -RegistryConfigFilePath win10Config.xml **
5. From here you can check or edit the settings in the new interface in the Windows Defender Security Center or with **Get-ProcessMitigation** (this command by itself will output the entire current state of the mitigations to the shell), and **Set-ProcessMitigation** respectively.
We're still working on this content and will have it published soon!
Check out the following topics for more information about Exploit Protection:
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
- [Evaluate Exploit Protection](evaluate-exploit-protection.md)
- [Enable Exploit Protection](enable-exploit-protection.md)