mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 05:47:23 +00:00
insert link to eg eval package
This commit is contained in:
Iaan D'Souza-Wiltshire
parent
a77d0e684f
commit
20d937f90b
@ -68,7 +68,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows De
|
|||||||
|
|
||||||
You can review the Windows event log to see events that are created when an Attack Surface Reduction rule is triggered (or audited):
|
You can review the Windows event log to see events that are created when an Attack Surface Reduction rule is triggered (or audited):
|
||||||
|
|
||||||
1. Download the [Exploit Guard Evaluation Package](#) and extract the file *asr-events.xml* to an easily accessible location on the machine.
|
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *asr-events.xml* to an easily accessible location on the machine.
|
||||||
|
|
||||||
1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
||||||
|
|
||||||
|
|||||||
@ -52,7 +52,7 @@ Audit applies to individual mitigations | [Enable Exploit Protection](enable-exp
|
|||||||
|
|
||||||
You can also use the a custom PowerShell script that enables the features in audit mode automatically:
|
You can also use the a custom PowerShell script that enables the features in audit mode automatically:
|
||||||
|
|
||||||
1. Download the [Exploit Guard Evaluation Package](#) and extract the file *Enable-ExploitGuardAuditMode.ps1* to an easily accessible location on the machine.
|
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *Enable-ExploitGuardAuditMode.ps1* to an easily accessible location on the machine.
|
||||||
|
|
||||||
1. Type **powershell** in the Start menu.
|
1. Type **powershell** in the Start menu.
|
||||||
|
|
||||||
|
|||||||
@ -69,7 +69,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows De
|
|||||||
|
|
||||||
You can review the Windows event log to see events that are created when Controlled Folder Access blocks (or audits) an app:
|
You can review the Windows event log to see events that are created when Controlled Folder Access blocks (or audits) an app:
|
||||||
|
|
||||||
1. Download the [Exploit Guard Evaluation Package](#) and extract the file *cfa-events.xml* to an easily accessible location on the machine.
|
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the machine.
|
||||||
|
|
||||||
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
||||||
|
|
||||||
|
|||||||
@ -51,7 +51,7 @@ This topic helps you evaluate Attack Surface Reduction. It explains how to demo
|
|||||||
Use the **ExploitGuard ASR test tool** app to see how Attack Surface Reduction rules are applied in certain key protection and high-risk scenarios. These scenarios are typical infection vectors for malware that use exploits to spread and infect machines.
|
Use the **ExploitGuard ASR test tool** app to see how Attack Surface Reduction rules are applied in certain key protection and high-risk scenarios. These scenarios are typical infection vectors for malware that use exploits to spread and infect machines.
|
||||||
|
|
||||||
The tool is part of the Windows Defender Exploit Guard evaluation package:
|
The tool is part of the Windows Defender Exploit Guard evaluation package:
|
||||||
- [Download the Exploit Guard Evaluation Package](#)
|
- [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w)
|
||||||
|
|
||||||
This tool has a simple user interface that lets you choose a rule, configure it in blocking, audit, or disabled mode, and run a pre-created series of actions that would be evaluated by the rule.
|
This tool has a simple user interface that lets you choose a rule, configure it in blocking, audit, or disabled mode, and run a pre-created series of actions that would be evaluated by the rule.
|
||||||
|
|
||||||
|
|||||||
@ -50,7 +50,7 @@ This topic helps you evaluate Controlled Folder Access. It explains how to demo
|
|||||||
Use the **ExploitGuard CFA File Creator** tool to see how Controlled Folder Access can prevent a suspicious app from creating files in protected folders.
|
Use the **ExploitGuard CFA File Creator** tool to see how Controlled Folder Access can prevent a suspicious app from creating files in protected folders.
|
||||||
|
|
||||||
The tool is part of the Windows Defender Exploit Guard evaluation package:
|
The tool is part of the Windows Defender Exploit Guard evaluation package:
|
||||||
- [Download the Exploit Guard Evaluation Package](#)
|
- [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w)
|
||||||
|
|
||||||
This tool can be run locally on an individual machine to see the typical behavior of Controlled Folder Access. The tool is considered by Windows Defender Exploit Guard to be suspicious and will be blocked from creating new files or making changes to existing files in any of your protected folders.
|
This tool can be run locally on an individual machine to see the typical behavior of Controlled Folder Access. The tool is considered by Windows Defender Exploit Guard to be suspicious and will be blocked from creating new files or making changes to existing files in any of your protected folders.
|
||||||
|
|
||||||
|
|||||||
@ -94,7 +94,7 @@ Lastly, we can disable the mitigation so that Internet Explorer works properly a
|
|||||||
|
|
||||||
You can now review the events that Exploit Protection sent to the Windows Event log to confirm what happened:
|
You can now review the events that Exploit Protection sent to the Windows Event log to confirm what happened:
|
||||||
|
|
||||||
1. Download the [Exploit Guard Evaluation Package](#) and extract the file *ep-events.xml* to an easily accessible location on the machine.
|
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine.
|
||||||
|
|
||||||
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
||||||
|
|
||||||
|
|||||||
@ -39,11 +39,11 @@ This topic lists all the events, their associated feature or setting, and descri
|
|||||||
|
|
||||||
You can create custom views in the Windows Event Viewer to only see events for specific features and settings.
|
You can create custom views in the Windows Event Viewer to only see events for specific features and settings.
|
||||||
|
|
||||||
The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](#), or you can copy the XML directly from this page.
|
The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w), or you can copy the XML directly from this page.
|
||||||
|
|
||||||
### Import an existing XML custom view
|
### Import an existing XML custom view
|
||||||
|
|
||||||
1. Download the [Exploit Guard Evaluation Package](#) and extract the appropraite file to an easily accessible location. The following filenames are each of the custom views:
|
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the appropraite file to an easily accessible location. The following filenames are each of the custom views:
|
||||||
- Controlled Folder Access events custom view: *cfa-events.xml*
|
- Controlled Folder Access events custom view: *cfa-events.xml*
|
||||||
- Exploit Protection events custom view: *ep-events.xml*
|
- Exploit Protection events custom view: *ep-events.xml*
|
||||||
- Attack Surface Reduction events custom view: *asr-events.xml*
|
- Attack Surface Reduction events custom view: *asr-events.xml*
|
||||||
|
|||||||
@ -70,7 +70,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full re
|
|||||||
|
|
||||||
You can review the Windows event log to see events that are created when Exploit Protection blocks (or audits) an app:
|
You can review the Windows event log to see events that are created when Exploit Protection blocks (or audits) an app:
|
||||||
|
|
||||||
1. Download the [Exploit Guard Evaluation Package](#) and extract the file *ep-events.xml* to an easily accessible location on the machine.
|
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine.
|
||||||
|
|
||||||
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
||||||
|
|
||||||
|
|||||||
@ -51,7 +51,7 @@ You can also convert and import an existing EMET configuration XML file into an
|
|||||||
|
|
||||||
This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration.
|
This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration.
|
||||||
|
|
||||||
The [Exploit Guard Evaluation Package](#) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into Exploit Protection and then review the settings in the Windows Defender Security Center app, as described further in this topic.
|
The [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into Exploit Protection and then review the settings in the Windows Defender Security Center app, as described further in this topic.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -64,7 +64,7 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows De
|
|||||||
|
|
||||||
You can review the Windows event log to see events that are created when Network Protection blocks (or audits) access to a malicious IP or domain:
|
You can review the Windows event log to see events that are created when Network Protection blocks (or audits) access to a malicious IP or domain:
|
||||||
|
|
||||||
1. Download the [Exploit Guard Evaluation Package](#) and extract the file *np-events.xml* to an easily accessible location on the machine.
|
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *np-events.xml* to an easily accessible location on the machine.
|
||||||
|
|
||||||
1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user