From 5aaeac378772ad3ca6a3e72ae7c329aaf3ba5b7d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 26 Mar 2019 16:33:37 -0700 Subject: [PATCH] consolidated exploit protection topics --- .../evaluate-exploit-protection.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index 1f34932458..47eb5e8ced 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -34,6 +34,27 @@ You can make sure it doesn't affect your line-of-business apps, and see which su ## Enable exploit protection in audit mode +You can set mitigations in audit mode for specific programs either by using the Windows Security app or PowerShell. + +### Windows Security app + +1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. + +2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**. + +3. Go to **Program settings** and choose the app you want to apply mitigations to: + + 1. If the app you want to configure is already listed, click it and then click **Edit** + 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app: + - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. + - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. + +4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. + +5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration. + +### PowerShell + To set app-level mitigations to audit mode, use `Set-ProcessMitigation` with the **Audit mode** cmdlet. Configure each mitigation in the following format: