mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-23 14:23:38 +00:00
format fixes
This commit is contained in:
Iaan D'Souza-Wiltshire
@ -32,12 +32,14 @@ ms.date: 08/25/2017
|
|||||||
|
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>If you are currently using EMET you should be aware that [EMET will reach end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit protection in Windows 10. You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
|
>If you are currently using EMET you should be aware that [EMET will reach end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit protection in Windows 10.
|
||||||
|
>
|
||||||
|
>You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
|
||||||
|
|
||||||
|
|
||||||
The Enhanced Mitigation Experience Toolkit (EMET) is a stand-alone product that is available on earlier versions of Windows and provides a number of system- and app-based mitigations against known exploit techniques.
|
The Enhanced Mitigation Experience Toolkit (EMET) is a stand-alone product that is available on earlier versions of Windows and provides a number of system- and app-based mitigations against known exploit techniques.
|
||||||
|
|
||||||
After July 31, 2018, it will reach its end of life, which means it will not be supported and no additional development will be made for it.
|
After July 31, 2018, it will reach its end of life, which means it will not be supported and no additional development will be made on it.
|
||||||
|
|
||||||
In Windows 10, version 1709 (also known as the Fall Creators Update), we released Windows Defender Exploit Guard, which provides unparalleled mitigation of known and unknown threat attack vectors, including exploits.
|
In Windows 10, version 1709 (also known as the Fall Creators Update), we released Windows Defender Exploit Guard, which provides unparalleled mitigation of known and unknown threat attack vectors, including exploits.
|
||||||
|
|
||||||
@ -51,10 +53,10 @@ ms.date: 08/25/2017
|
|||||||
|
|
||||||
| Windows Defender Exploit Guard | EMET
|
| Windows Defender Exploit Guard | EMET
|
||||||
-|:-:|:-:
|
-|:-:|:-:
|
||||||
Windows versions | [!include[Check mark yes](images/svg/check-yes.md)] <br />All version of Windows 10 starting with version 1709 | [!include[Check mark yes](images/svg/check-yes.md)] <br />Windows 8.1; Windows 8; Windows 7<br />Cannot be installed on Windows 10, version 1709 and later
|
Windows versions | [!include[Check mark yes](images/svg/check-yes.md)] <br />All versions of Windows 10 starting with version 1709 | [!include[Check mark yes](images/svg/check-yes.md)] <br />Windows 8.1; Windows 8; Windows 7<br />Cannot be installed on Windows 10, version 1709 and later
|
||||||
Installation requirements | [Windows Defender Security Center in Windows 10](../windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md) (no additional installation required)<br />Windows Defender Exploit Guard is built into Windows - it doesn't require a separate tool or package for management, configuration, or deployment. | Available only as an additional download and must be installed onto a management device
|
Installation requirements | [Windows Defender Security Center in Windows 10](../windows-defender-security-center/windows-defender-security-center.md) <br />(no additional installation required)<br />Windows Defender Exploit Guard is built into Windows - it doesn't require a separate tool or package for management, configuration, or deployment. | Available only as an additional download and must be installed onto a management device
|
||||||
User interface | Modern interface integrated with the [Windows Defender Security Center](../windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md) | Older, complex interface that requires considerable ramp-up training
|
User interface | Modern interface integrated with the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md) | Older, complex interface that requires considerable ramp-up training
|
||||||
Supportability | [!include[Check mark yes](images/svg/check-yes.md)] <br /><!-- [Dedicated submission-based support channel](https://www.microsoft.com/en-us/wdsi/filesubmission)<sup id="ref1">[[1](#fn1)]</sup> -->Throughout Windows 10 support lifecycle | [!include[Check mark no](images/svg/check-no.md)]<br />Ends after July 31, 2018
|
Supportability | [!include[Check mark yes](images/svg/check-yes.md)] <br /><!-- [Dedicated submission-based support channel](https://www.microsoft.com/en-us/wdsi/filesubmission)<sup id="ref1">[[1](#fn1)]</sup> -->Throughout the [Windows 10 support lifecycle](https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.md)]<br />Ends after July 31, 2018
|
||||||
Updates | [!include[Check mark yes](images/svg/check-yes.md)] <br />Ongoing updates and development of new features, released twice yearly as part of the [Windows 10 semi-annual update channel](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/) | [!include[Check mark no](images/svg/check-no.md)]<br />No planned updates or development
|
Updates | [!include[Check mark yes](images/svg/check-yes.md)] <br />Ongoing updates and development of new features, released twice yearly as part of the [Windows 10 semi-annual update channel](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/) | [!include[Check mark no](images/svg/check-no.md)]<br />No planned updates or development
|
||||||
Exploit protection | [!include[Check mark yes](images/svg/check-yes.md)] <br />All EMET mitigations plus new, specific mitigations ([see table](#mitigation-comparison)) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Limited set of mitigations
|
Exploit protection | [!include[Check mark yes](images/svg/check-yes.md)] <br />All EMET mitigations plus new, specific mitigations ([see table](#mitigation-comparison)) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Limited set of mitigations
|
||||||
[Attack surface reduction](attack-surface-reduction-exploit-guard.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />[Configuration of individual rules](enable-attack-surface-reduction.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Limited ruleset configuration only for modules (no processes)
|
[Attack surface reduction](attack-surface-reduction-exploit-guard.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />[Configuration of individual rules](enable-attack-surface-reduction.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Limited ruleset configuration only for modules (no processes)
|
||||||
@ -65,7 +67,7 @@ Configuration with GUI (user interface) | [!include[Check mark yes](images/svg/c
|
|||||||
Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.md)] <br />PowerShell| [!include[Check mark yes](images/svg/check-yes.md)]<br />Requires use of EMET tool (EMET_CONF)
|
Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.md)] <br />PowerShell| [!include[Check mark yes](images/svg/check-yes.md)]<br />Requires use of EMET tool (EMET_CONF)
|
||||||
System Center Configuration Manager | [!include[Check mark yes](images/svg/check-yes.md)] <br />Available | [!include[Check mark no](images/svg/check-no.md)]<br />Not available
|
System Center Configuration Manager | [!include[Check mark yes](images/svg/check-yes.md)] <br />Available | [!include[Check mark no](images/svg/check-no.md)]<br />Not available
|
||||||
Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.md)] <br />Available | [!include[Check mark no](images/svg/check-no.md)]<br />Not available
|
Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.md)] <br />Available | [!include[Check mark no](images/svg/check-no.md)]<br />Not available
|
||||||
Reporting | [!include[Check mark yes](images/svg/check-yes.md)] <br />[With Windows event logs](event-views-exploit-guard.md) and full [audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Windows Defender Advanced Threat Protection](../windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Limited Windows event log monitoring
|
Reporting | [!include[Check mark yes](images/svg/check-yes.md)] <br />[With Windows event logs](event-views-exploit-guard.md) and full [audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Limited Windows event log monitoring
|
||||||
[Audit mode](audit-windows-defender-exploit-guard.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Available | [!include[Check mark no](images/svg/check-no.md)]<br />Limited to EAF, EAF+, and anti-ROP mitigations
|
[Audit mode](audit-windows-defender-exploit-guard.md) | [!include[Check mark yes](images/svg/check-yes.md)] <br />Available | [!include[Check mark no](images/svg/check-no.md)]<br />Limited to EAF, EAF+, and anti-ROP mitigations
|
||||||
|
|
||||||
|
|
||||||
@ -82,35 +84,43 @@ The mitigations available in EMET are included in Windows Defender Exploit Guard
|
|||||||
|
|
||||||
The table in this section indicates the availability and support of native mitigations between EMET and Exploit protection.
|
The table in this section indicates the availability and support of native mitigations between EMET and Exploit protection.
|
||||||
|
|
||||||
Mitigation | Description | Available in Windows Defender Exploit Guard | Available in EMET
|
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
|
||||||
-|-|:-:|:-:
|
-|:-:|:-:
|
||||||
Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Arbitrary<EFBFBD>code<EFBFBD>guard<EFBFBD>(ACG)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>As<EFBFBD>"Memory<72>Protection<6F>Check"
|
||||||
Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Block<EFBFBD>remote<EFBFBD>images<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br/>As<EFBFBD>"Load<61>Library<72>Check"
|
||||||
Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations including those for system structures heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Block<EFBFBD>untrusted<EFBFBD>fonts<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Data<EFBFBD>Execution<EFBFBD>Prevention<EFBFBD>(DEP)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Validate heap integrity | Terminates a process when heap corruption is detected. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Export<EFBFBD>address<EFBFBD>filtering<EFBFBD>(EAF)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br />As "Memory Protection Check"
|
Force<EFBFBD>randomization<EFBFBD>for<EFBFBD>images<EFBFBD>(Mandatory<72>ASLR)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Block low integrity images | Prevents the loading of images marked with Low Integrity. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
NullPage<EFBFBD>Security<EFBFBD>Mitigation<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>Included<EFBFBD>natively<EFBFBD>in<EFBFBD>Windows<EFBFBD>10<EFBFBD><EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Block remote images | Prevents loading of images from remote devices. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br/>As "Load Library Check"
|
Randomize<EFBFBD>memory<EFBFBD>allocations<EFBFBD>(Bottom-Up<55>ASLR)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Block untrusted fonts | Prevents loading any GDI-based fonts not installed in the system fonts directory, notably fonts from the web. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Simulate<EFBFBD>execution<EFBFBD>(SimExec)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Code integrity guard | Restricts loading of images signed by Microsoft, WQL, and higher. Can optionally allow Microsoft Store signed images. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Validate<EFBFBD>API<EFBFBD>invocation<EFBFBD>(CallerCheck)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Validate<EFBFBD>exception<EFBFBD>chains<EFBFBD>(SEHOP)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Disable Win32k system calls | Prevents an app from using the Win32k system call table. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Validate<EFBFBD>stack<EFBFBD>integrity<EFBFBD>(StackPivot)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Do not allow child processes | Prevents an app from creating child processes. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Certificate<EFBFBD>trust<EFBFBD>(configurable<6C>certificate<74>pinning)<29> | <20>No<4E>longer<65>supported<65>by<62>the<68>industry<72>as<61>newer<65>mitigations<6E>provide<64>better<65>protection<6F>with<74>fewer<65>errors<72> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Heap<EFBFBD>spray<EFBFBD>allocation<EFBFBD> | <20>Ineffective<76>against<73>modern<72>browser<65>exploits,<2C>newer<65>mitigations<6E>provide<64>better<65>protection<6F> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
|
||||||
Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Block<EFBFBD>low<EFBFBD>integrity<EFBFBD>images<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Code<EFBFBD>integrity<EFBFBD>guard<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Disable<EFBFBD>extension<EFBFBD>points<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
Validate handle usage | Causes an exception to be raised on any invalid handle references. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Disable<EFBFBD>Win32k<EFBFBD>system<EFBFBD>calls<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
Do<EFBFBD>not<EFBFBD>allow<EFBFBD>child<EFBFBD>processes<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
Validate stack integrity (StackPivot) | Ensures that the stack has not been redirected for sensitive APIs. | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
Import<EFBFBD>address<EFBFBD>filtering<EFBFBD>(IAF)<29> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
Heap spray allocation | | Ineffective against modern browser exploits, newer mitigations provide better protection | [!include[Check mark yes](images/svg/check-yes.md)]
|
Validate<EFBFBD>handle<EFBFBD>usage<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
NullPage Security Mitigation | | [!include[Check mark yes](images/svg/check-yes.md)]<br />Included natively in Windows 10 | [!include[Check mark yes](images/svg/check-yes.md)]
|
Validate<EFBFBD>heap<EFBFBD>integrity<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<EFBFBD> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
Certificate trust (configurable certificate pinning) | | No longer supported by the industry as newer mitigations provide better protection with fewer errors | [!include[Check mark yes](images/svg/check-yes.md)]
|
Validate<EFBFBD>image<EFBFBD>dependency<EFBFBD>integrity<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <EFBFBD>[!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
>[!NOTE] The Advanced ROP mitigations that are available in EMET refer to additional configuration options for other mitigations, such as "Memory protection checks" and "Load library checks". These mitigations have been included in Windows Defender Exploit Guard with enhancements that natively increase the protection beyond those options in EMET.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>The Advanced ROP mitigations that are available in EMET refer to additional configuration options for other mitigations, such as "Memory protection checks" and "Load library checks". These mitigations have been included in Windows Defender Exploit Guard with enhancements that natively increase the protection beyond those options in EMET.
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
@ -119,3 +129,61 @@ Certificate trust (configurable certificate pinning) | | No longer supported by
|
|||||||
- [Enable Exploit protection](enable-exploit-protection.md)
|
- [Enable Exploit protection](enable-exploit-protection.md)
|
||||||
- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
|
- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
|
||||||
- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)
|
- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)
|
||||||
|
|
||||||
|
|
||||||
|
## Table A-Z mitigations
|
||||||
|
|
||||||
|
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
|
||||||
|
-|:-:|:-:
|
||||||
|
Arbitrary<EFBFBD>code<EFBFBD>guard<EFBFBD>(ACG)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<br<EFBFBD>/>As<EFBFBD>"Memory<72>Protection<6F>Check"
|
||||||
|
Block<EFBFBD>low<EFBFBD>integrity<EFBFBD>images<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Block<EFBFBD>remote<EFBFBD>images<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<br/>As<EFBFBD>"Load<61>Library<72>Check"
|
||||||
|
Block<EFBFBD>untrusted<EFBFBD>fonts<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Certificate<EFBFBD>trust<EFBFBD>(configurable<6C>certificate<74>pinning)<29> | <20>No<4E>longer<65>supported<65>by<62>the<68>industry<72>as<61>newer<65>mitigations<6E>provide<64>better<65>protection<6F>with<74>fewer<65>errors<72> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Code<EFBFBD>integrity<EFBFBD>guard<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Data<EFBFBD>Execution<EFBFBD>Prevention<EFBFBD>(DEP)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Disable<EFBFBD>extension<EFBFBD>points<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Disable<EFBFBD>Win32k<EFBFBD>system<EFBFBD>calls<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Do<EFBFBD>not<EFBFBD>allow<EFBFBD>child<EFBFBD>processes<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Export<EFBFBD>address<EFBFBD>filtering<EFBFBD>(EAF)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Force<EFBFBD>randomization<EFBFBD>for<EFBFBD>images<EFBFBD>(Mandatory<72>ASLR)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Heap<EFBFBD>spray<EFBFBD>allocation<EFBFBD> | <20>Ineffective<76>against<73>modern<72>browser<65>exploits,<2C>newer<65>mitigations<6E>provide<64>better<65>protection<6F> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Import<EFBFBD>address<EFBFBD>filtering<EFBFBD>(IAF)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
NullPage<EFBFBD>Security<EFBFBD>Mitigation<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<br<EFBFBD>/>Included<EFBFBD>natively<EFBFBD>in<EFBFBD>Windows<EFBFBD>10<EFBFBD><EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Randomize<EFBFBD>memory<EFBFBD>allocations<EFBFBD>(Bottom-Up<55>ASLR)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Simulate<EFBFBD>execution<EFBFBD>(SimExec)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Validate<EFBFBD>API<EFBFBD>invocation<EFBFBD>(CallerCheck)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Validate<EFBFBD>exception<EFBFBD>chains<EFBFBD>(SEHOP)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Validate<EFBFBD>handle<EFBFBD>usage<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Validate<EFBFBD>heap<EFBFBD>integrity<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Validate<EFBFBD>image<EFBFBD>dependency<EFBFBD>integrity<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Validate<EFBFBD>stack<EFBFBD>integrity<EFBFBD>(StackPivot)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
|
||||||
|
|
||||||
|
# Table WDEG yes > EMET no > Emet > yes
|
||||||
|
|
||||||
|
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
|
||||||
|
-|:-:|:-:
|
||||||
|
Block<EFBFBD>low<EFBFBD>integrity<EFBFBD>images<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Code<EFBFBD>integrity<EFBFBD>guard<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Disable<EFBFBD>extension<EFBFBD>points<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Disable<EFBFBD>Win32k<EFBFBD>system<EFBFBD>calls<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Do<EFBFBD>not<EFBFBD>allow<EFBFBD>child<EFBFBD>processes<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Import<EFBFBD>address<EFBFBD>filtering<EFBFBD>(IAF)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Validate<EFBFBD>handle<EFBFBD>usage<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Validate<EFBFBD>heap<EFBFBD>integrity<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Validate<EFBFBD>image<EFBFBD>dependency<EFBFBD>integrity<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>no](images/svg/check-no.md)]
|
||||||
|
Heap<EFBFBD>spray<EFBFBD>allocation<EFBFBD> | <20>Ineffective<76>against<73>modern<72>browser<65>exploits,<2C>newer<65>mitigations<6E>provide<64>better<65>protection<6F> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Certificate<EFBFBD>trust<EFBFBD>(configurable<6C>certificate<74>pinning)<29> | <20>No<4E>longer<65>supported<65>by<62>the<68>industry<72>as<61>newer<65>mitigations<6E>provide<64>better<65>protection<6F>with<74>fewer<65>errors<72> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
NullPage<EFBFBD>Security<EFBFBD>Mitigation<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<br<EFBFBD>/>Included<EFBFBD>natively<EFBFBD>in<EFBFBD>Windows<EFBFBD>10<EFBFBD><EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Block<EFBFBD>untrusted<EFBFBD>fonts<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Data<EFBFBD>Execution<EFBFBD>Prevention<EFBFBD>(DEP)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Export<EFBFBD>address<EFBFBD>filtering<EFBFBD>(EAF)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Force<EFBFBD>randomization<EFBFBD>for<EFBFBD>images<EFBFBD>(Mandatory<72>ASLR)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Randomize<EFBFBD>memory<EFBFBD>allocations<EFBFBD>(Bottom-Up<55>ASLR)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Simulate<EFBFBD>execution<EFBFBD>(SimExec)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Validate<EFBFBD>API<EFBFBD>invocation<EFBFBD>(CallerCheck)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Validate<EFBFBD>exception<EFBFBD>chains<EFBFBD>(SEHOP)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Validate<EFBFBD>stack<EFBFBD>integrity<EFBFBD>(StackPivot)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]
|
||||||
|
Arbitrary<EFBFBD>code<EFBFBD>guard<EFBFBD>(ACG)<29> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<br<EFBFBD>/>As<EFBFBD>"Memory<72>Protection<6F>Check"
|
||||||
|
Block<EFBFBD>remote<EFBFBD>images<EFBFBD> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<5D> | <20>[!include[Check<63>mark<72>yes](images/svg/check-yes.md)]<br/>As<EFBFBD>"Load<61>Library<72>Check"
|
||||||
|
|||||||
Reference in New Issue
Block a user