mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 05:43:41 +00:00
update capitalization
This commit is contained in:
Iaan D'Souza-Wiltshire
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: See how Exploit Protection works in a demo
|
||||
description: See how Exploit Protection can prevent suspicious behaviors from occurring on specific apps.
|
||||
keywords: exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation
|
||||
title: See how Exploit protection works in a demo
|
||||
description: See how Exploit protection can prevent suspicious behaviors from occurring on specific apps.
|
||||
keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -16,7 +16,7 @@ ms.date: 08/25/2017
|
||||
|
||||
|
||||
|
||||
# Evaluate Exploit Protection
|
||||
# Evaluate Exploit protection
|
||||
|
||||
**Applies to:**
|
||||
|
||||
@ -36,18 +36,18 @@ ms.date: 08/25/2017
|
||||
- PowerShell
|
||||
|
||||
|
||||
Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
|
||||
Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
|
||||
|
||||
Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in Exploit Protection.
|
||||
Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in Exploit protection.
|
||||
|
||||
This topcs helps you evaluate Exploit Protection. See the [Exploit Protection topic](exploit-protection-exploit-guard.md) for more information on what Exploit Protection does and how to configure it for real-world deployment.
|
||||
This topcs helps you evaluate Exploit protection. See the [Exploit protection topic](exploit-protection-exploit-guard.md) for more information on what Exploit protection does and how to configure it for real-world deployment.
|
||||
|
||||
>[!NOTE]
|
||||
>This topic uses PowerShell cmdlets to make it easy to enable the feature and test it.
|
||||
>For instructions on how to use Group Policy and Mobile Device Management (MDM to deploy these settings across your network, see the main [Exploit Protection topic](exploit-protection-exploit-guard.md) .
|
||||
>For instructions on how to use Group Policy and Mobile Device Management (MDM to deploy these settings across your network, see the main [Exploit protection topic](exploit-protection-exploit-guard.md) .
|
||||
|
||||
|
||||
## Enable and validate an Exploit Protection mitigation
|
||||
## Enable and validate an Exploit protection mitigation
|
||||
|
||||
For this demo you will enable the mitigation that prevents child processes from being created. You'll use Internet Explorer as the parent app.
|
||||
|
||||
@ -90,9 +90,9 @@ Lastly, we can disable the mitigation so that Internet Explorer works properly a
|
||||
5. Validate that Internet Explorer runs by running it from the run dialog box again. It should open as expected.
|
||||
|
||||
|
||||
## Review Exploit Protection events in Windows Event Viewer
|
||||
## Review Exploit protection events in Windows Event Viewer
|
||||
|
||||
You can now review the events that Exploit Protection sent to the Windows Event log to confirm what happened. You can use the custom view below or [locate them manually](event-views-exploit-guard.md#list-of-all-windows-defender-exploit-guard-events).
|
||||
You can now review the events that Exploit protection sent to the Windows Event log to confirm what happened. You can use the custom view below or [locate them manually](event-views-exploit-guard.md#list-of-all-windows-defender-exploit-guard-events).
|
||||
|
||||
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine.
|
||||
|
||||
@ -104,7 +104,7 @@ You can now review the events that Exploit Protection sent to the Windows Event
|
||||
|
||||
4. Click **OK**.
|
||||
|
||||
5. This will create a custom view that filters to only show the following events related to Exploit Protection, which are all listed in the [Exploit Protection](exploit-protection-exploit-guard.md) topic.
|
||||
5. This will create a custom view that filters to only show the following events related to Exploit protection, which are all listed in the [Exploit protection](exploit-protection-exploit-guard.md) topic.
|
||||
|
||||
6. The specific event to look for in this demo is event ID 4, which should have the following or similar information:
|
||||
|
||||
@ -113,13 +113,13 @@ You can now review the events that Exploit Protection sent to the Windows Event
|
||||
|
||||
## Use audit mode to measure impact
|
||||
|
||||
As with other Windows Defender EG features, you can enable Exploit Protection in audit mode. You can enable audit mode for individual mitigations.
|
||||
As with other Windows Defender EG features, you can enable Exploit protection in audit mode. You can enable audit mode for individual mitigations.
|
||||
|
||||
This lets you see a record of what *would* have happened if you had enabled the mitigation.
|
||||
|
||||
You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious or malicious events generally occur over a certain period.
|
||||
|
||||
See the [**PowerShell reference** section in the Customize Exploit Protection topic](customize-exploit-protection.md#powershell-reference) for a list of which mitigations can be audited and instructions on enabling the mode.
|
||||
See the [**PowerShell reference** section in the Customize Exploit protection topic](customize-exploit-protection.md#powershell-reference) for a list of which mitigations can be audited and instructions on enabling the mode.
|
||||
|
||||
For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
|
||||
|
||||
@ -128,6 +128,6 @@ For further details on how audit mode works, and when you might want to use it,
|
||||
## Related topics
|
||||
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
|
||||
- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
|
||||
- [Enable Exploit Protection](enable-exploit-protection.md)
|
||||
- [Configure and audit Exploit Protection mitigations](customize-exploit-protection.md)
|
||||
- [Import, export, and deploy Exploit Protection configurations](import-export-exploit-protection-emet-xml.md)
|
||||
- [Enable Exploit protection](enable-exploit-protection.md)
|
||||
- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
|
||||
- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)
|
||||
Reference in New Issue
Block a user