deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 15:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 13133: 12/03 AM Publish

Browse Source
This commit is contained in:
Huaping Yu (Beyondsoft Consulting Inc) 2018-12-03 18:34:58 +00:00
commit 6535ded830
4 changed files with 59 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
windows/application-management/msix-app-packaging-tool.md
View File

@ -8,228 +8,30 @@ ms.sitesec: library
ms.localizationpriority: medium ms.localizationpriority: medium
ms.author: mikeblodge ms.author: mikeblodge
ms.topic: article ms.topic: article
ms.date: 10/18/2018 ms.date: 12/03/2018
--- ---
# Repackage existing win32 applications to the MSIX format # Repackage existing win32 applications to the MSIX format
The MSIX Packaging Tool 1.2018.1005.0 is now available to install from the Microsoft Store. The MSIX Packaging Tool enables you to repackage your existing win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your machine and upload to the Microsoft Store. MSIX is a packaging format built to be safe, secure and reliable, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies. You can [use the MSIX packaging tool](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) to repackage your existing Win32 applications to the MSIX format.
> Prerequisites: You can either run your installer interactivly (through the UI) or create a package from the command line. Either way, you can convert an application without having the source code. Then, you can make your app available through the Microsoft Store.
- [Package your favorite application installer](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) interactively (msi, exe, App-V 5.x and ClickOnce) in MSIX format.
- Create a [modification package](https://docs.microsoft.com/windows/msix/packaging-tool/package-editor) to update an existing MSIX package.
- [Bundle multiple MSIX packages](https://docs.microsoft.com/windows/msix/packaging-tool/bundle-msix-packages) for distribution.
## Installing the MSIX Packaging Tool
### Prerequisites
- Windows 10, version 1809 (or later) - Windows 10, version 1809 (or later)
- Participation in the Windows Insider Program (if you're using an Insider build) - Participation in the Windows Insider Program (if you're using an Insider build)
- A valid Microsoft account (MSA) alias to access the app from the Microsoft Store - A valid Microsoft account (MSA) alias to access the app from the Microsoft Store
- Admin privileges on your PC account - Admin privileges on your PC account
## Installing the MSIX Packaging Tool ### Get the app from the Microsoft Store
1. Use the MSA login associated with your Windows Insider Program credentials in the [Microsoft Store](https://www.microsoft.com/store/r/9N5LW3JBCXKF). 1. Use the MSA login associated with your Windows Insider Program credentials in the [Microsoft Store](https://www.microsoft.com/store/r/9N5LW3JBCXKF).
2. Open the product description page. 2. Open the product description page.
3. Click the install icon to begin installation. 3. Click the install icon to begin installation.
Here is what you can expect to be able to do with this tool:
- Package your favorite application installer interactively (msi, exe, App-V 5.x and ClickOnce) to MSIX format by launching the tool and selecting **Application package** icon.
- Create a modification package for a newly created Application MSIX Package by launching the tool and selecting the **Modification package** icon.
- Open your MSIX package to view and edit its content/properties by navigating to the **Open package editor** tab. Browse to the MSIX package and select **Open package**.
## Creating an application package using the Command line interface
To create a new MSIX package for your application, run the MsixPackagingTool.exe create-package command in a Command prompt window.
Here are the parameters that can be passed as command line arguments:
|Parameter |Description |
|---------|---------|
|-? <br> --help | Show help information |
|--template | [required] path to the conversion template XML file containing package information and settings for this conversion |
|--virtualMachinePassword | [optional] The password for the Virtual Machine to be used for the conversion environment. Notes: The template file must contain a VirtualMachine element and the Settings::AllowPromptForPassword attribute must not be set to true. |
Examples:
- MsixPackagingTool.exe create-package --template c:\users\documents\ConversionTemplate.xml
- MSIXPackagingTool.exe create-package --template c:\users\documents\ConversionTemplate.xml --virtualMachinePassword pswd112893
## Creating an application package using virtual machines
You can select to perform the packaging steps on a virtual machine. To do this:
- Click on Application package and select “Create package on an existing virtual machine” in the select environment page.
- The tool will then query for existing Virtual machines and allows you to select one form a drop down menu.
- Once a VM is selected the tool will ask for user and password. The username field accepts domain\user entries as well.
When using local virtual machines as conversion environment, the tool leverages an authenticated remote PowerShell connection to configure the virtual machine. A lightweight WCF server then provides bidirectional communication between the host and target environment.
Requirements:
- Virtual Machine need to have PSRemoting enabled. (Enable-PSRemoting command should be run on the VM)
- Virtual Machine needs to be configured for Windows Insider Program similar to the host machine. Minimum Windows 10 build 17701
## Conversion template file
```xml
<MsixPackagingToolTemplate
xmlns="http://schemas.microsoft.com/appx/msixpackagingtool/template/2018">
<Settings
AllowTelemetry="true"
ApplyAllPrepareComputerFixes="true"
GenerateCommandLineFile="true"
AllowPromptForPassword="false"
EnforceMicrosoftStoreVersioningRequirements="false">
<ExclusionItems>
<FileExclusion ExcludePath="[{CryptoKeys}]" />
<FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Crypto" />
<FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Search\Data" />
<FileExclusion ExcludePath="[{Cookies}]" />
<FileExclusion ExcludePath="[{History}]" />
<FileExclusion ExcludePath="[{Cache}]" />
<FileExclusion ExcludePath="[{Personal}]" />
<FileExclusion ExcludePath="[{Profile}]\Local Settings" />
<FileExclusion ExcludePath="[{Profile}]\NTUSER.DAT.LOG1" />
<FileExclusion ExcludePath="[{Profile}]\ NTUSER.DAT.LOG2" />
<FileExclusion ExcludePath="[{Recent}]" />
<FileExclusion ExcludePath="[{Windows}]\debug" />
<FileExclusion ExcludePath="[{Windows}]\Logs\CBS" />
<FileExclusion ExcludePath="[{Windows}]\Temp" />
<FileExclusion ExcludePath="[{Windows}]\WinSxS\ManifestCache" />
<FileExclusion ExcludePath="[{Windows}]\WindowsUpdate.log" />
<FileExclusion ExcludePath="[{AppVPackageDrive}]\$Recycle.Bin " />
<FileExclusion ExcludePath="[{AppVPackageDrive}]\System Volume Information" />
<FileExclusion ExcludePath="[{AppData}]\Microsoft\AppV" />
<FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Microsoft Security Client" />
<FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Microsoft Antimalware" />
<FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Windows Defender" />
<FileExclusion ExcludePath="[{ProgramFiles}]\Microsoft Security Client" />
<FileExclusion ExcludePath="[{ProgramFiles}]\Windows Defender" />
<FileExclusion ExcludePath="[{Local AppData}]\Temp" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Security Client" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" />
<RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" />
<RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" />
<RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams" />
<RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Streams" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\AppV" />
<RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AppV" />
<RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\AppV" />
<RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\AppV" />
</ExclusionItems>
</Settings>
<PrepareComputer
DisableDefragService="true"
DisableWindowsSearchService="true"
DisableSmsHostService="true"
DisableWindowsUpdateService ="true"/>
<!--Note: this section takes precedence over the Settings::ApplyAllPrepareComputerFixes attribute -->
<SaveLocation
PackagePath="C:\users\user\Desktop\MyPackage.msix"
TemplatePath="C:\users\user\Desktop\MyTemplate.xml" />
<Installer
Path="C:\MyAppInstaller.msi"
Arguments="/quiet"
InstallLocation="C:\Program Files\MyAppInstallLocation" />
<VirtualMachine Name="vmname" Username="vmusername" />
<PackageInformation
PackageName="MyAppPackageName"
PackageDisplayName="MyApp Display Name"
PublisherName="CN=MyPublisher"
PublisherDisplayName="MyPublisher Display Name"
Version="1.1.0.0"
MainPackageNameForModificationPackage="MainPackageIdentityName">
<Applications>
<Application
Id="MyApp1"
Description="MyApp"
DisplayName="My App"
ExecutableName="MyApp.exe"/>
</Applications>
<Capabilities>
<Capability Name="runFullTrust" />
</Capabilities>
</PackageInformation>
</MsixPackagingToolTemplate>
```
## Conversion template parameter reference
Here is the complete list of parameters that you can use in the Conversion template file. When a virtual machine is conversion environment, all file paths(installer, savelocation, etc) should be declared relative to the host, where the tool is running)
|ConversionSettings entries |Description |
|---------|---------|
|Settings:: AllowTelemetry |[optional] Enables telemetry logging for this invocation of the tool. |
|Settings:: ApplyAllPrepareComputerFixes |[optional] Applies all recommended prepare computer fixes. Cannot be set when other attributes are used. |
|Settings:: GenerateCommandLineFile |[optional] Copies the template file input to the SaveLocation directory for future use. |
|Settings:: AllowPromptForPassword |[optional] Instructs the tool to prompt the user to enter passwords for the Virtual Machine and for the signing certificate if it is required and not specified. |
|Settings:: EnforceMicrosoftStoreVersioningRequirements|[optional] Instructs the tool to enforce the package versioning scheme required for deployment from Microsoft Store and Microsoft Store for Business.|
|ExclusionItems |[optional] 0 or more FileExclusion or RegistryExclusion elements. All FileExclusion elements must appear before any RegistryExclusion elements. |
|ExclusionItems::FileExclusion |[optional] A file to exclude for packaging. |
|ExclusionItems::FileExclusion::ExcludePath |Path to file to exclude for packaging. |
|ExclusionItems::RegistryExclusion |[optional] A registry key to exclude for packaging. |
|ExclusionItems::RegistryExclusion:: ExcludePath |Path to registry to exclude for packaging. |
|PrepareComputer::DisableDefragService |[optional] Disables Windows Defragmenter while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes. |
|PrepareComputer:: DisableWindowsSearchService |[optional] Disables Windows Search while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes. |
|PrepareComputer:: DisableSmsHostService |[optional] Disables SMS Host while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes. |
|PrepareComputer:: DisableWindowsUpdateService |[optional] Disables Windows Update while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes. |
|SaveLocation |[optional] An element to specify the save location of the tool. If not specified, the package will be saved under the Desktop folder. |
|SaveLocation::PackagePath |[optional] The path to the file or folder where the resulting MSIX package is saved. |
|SaveLocation::TemplatePath |[optional] The path to the file or folder where the resulting CLI template is saved. |
|Installer::Path |The path to the application installer. |
|Installer::Arguments |The arguments to pass to the installer. You must pass the arguments to force your installer to run unattended/silently. If the installer is an msi or appv, pass an empty argument ie Installer=””. |
|Installer::InstallLocation |[optional] The full path to your application's root folder for the installed files if it were installed (e.g. "C:\Program Files (x86)\MyAppInstalllocation"). |
|VirtualMachine |[optional] An element to specify that the conversion will be run on a local Virtual Machine. |
|VrtualMachine::Name |The name of the Virtual Machine to be used for the conversion environment. |
|VirtualMachine::Username |[optional] The user name for the Virtual Machine to be used for the conversion environment. |
|PackageInformation::PackageName |The Package Name for your MSIX package. |
|PackageInformation::PackageDisplayName |The Package Display Name for your MSIX package. |
|PackageInformation::PublisherName |The Publisher for your MSIX package. |
|PackageInformation::PublisherDisplayName |The Publisher Display Name for your MSIX package. |
|PackageInformation::Version |The version number for your MSIX package. |
|PackageInformation:: MainPackageNameForModificationPackage |[optional] The Package identity name of the main package name. This is used when creating a modification package that takes a dependency on a main (parent) application. |
|Applications |[optional] 0 or more Application elements to configure the Application entries in your MSIX package. |
|Application::Id |The App ID for your MSIX application. This ID will be used for the Application entry detected that matches the specified ExecutableName. You can have multiple Application ID for executables in the package |
|Application::ExecutableName |The executable name for the MSIX application that will be added to the package manifest. The corresponding application entry will be ignored if no application with this name is detected. |
|Application::Description |[optional] The App Description for your MSIX application. If not used, the Application DisplayName will be used. This description will be used for the application entry detected that matches the specified ExecutableName |
|Application::DisplayName |The App Display Name for your MSIX package. This Display Name will be used for the application entry detected that matches the specified ExecutableName |
|Capabilities |[optional] 0 or more Capability elements to add custom capabilities to your MSIX package. “runFullTrust” capability is added by default during conversion. |
|Capability::Name |The capability to add to your MSIX package. |
## Delete temporary conversion files using Command line interface
To delete all the temporary package files, logs, and artifacts created by the tool, run the MsixPackagingTool.exe cleanup command in the Command line window.
Example:
- MsixPackagingTool.exe cleanup
## How to file feedback
Open Feedback Hub. Alternatively, launch the tool and select the **Settings** gear icon in the top right corner to open the Feedback tab. Here you can file feedback for suggestions, problems, and see other feedback items.
## Best practices
- When Packaging ClickOnce installers, it is necessary to send a shortcut to the desktop if the installer is not doing so already. In general, it's a good practice to always send a shortcut to your desktop for the main app executable.
- When creating modification packages, you need to declare the **Package Name** (Identity Name) of the parent application in the tool UI so that the tool sets the correct package dependency in the manifest of the modification package.
- Declaring an installation location field on the Package information page is optional but *recommended*. Make sure that this path matches the installation location of application Installer.
- Performing the preparation steps on the **Prepare Computer** page is optional but *highly recommended*.
## Known issues
- MSIX Packaging Tool Driver will fail to install if Windows Insider flight ring settings do no match the OS build of the conversion environment. Navigate to Settings, Updates & Security, Windows Insider Program to make sure your Insider preview build settings do not need attention. If you see this message click on the Fix me button to log in again. You might have to go to Windows Update page and check for update before settings change takes effect. Then try to run the tool again to download the MSIX Packaging Tool driver. If you are still hitting issues, try changing your flight ring to Canary or Insider Fast, install the latest Windows updates and try again.
- Restarting the machine during application installation is not supported. Please ignore the restart request if possible or pass an argument to the installer to not require a restart.
- Setting **EnforceMicrosoftStoreVersioningRequirements=true**, when using the command line interface, will throw an error, even if the vesrion is set correctly. To work around this issue, use **EnforceMicrosoftStoreVersioningRequirements=false** in the conversion template file.
- Adding files to MSIX packages in package editor does not add the file to the folder that the user right-clicks. To work around this issue, ensure that the file being added is in the correct classic app location. For example if you want to add a file in the VFS\ProgramFilesx86\MyApp folder, copy the file locally to your C:\Program Files (86)\MyApp location first, then in the package editor right-click **Package files**, and then click **Add file**. Browse to the newly copied file, then click **Save**.

32
windows/client-management/troubleshoot-stop-errors.md
View File

@ -103,6 +103,12 @@ You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that
>[!video https://www.youtube.com/embed?v=xN7tOfgNKag] >[!video https://www.youtube.com/embed?v=xN7tOfgNKag]
More information on how to use Dumpchk.exe to check your dump files:
- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
### Pagefile Settings ### Pagefile Settings
- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](https://support.microsoft.com/help/4133658) - [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](https://support.microsoft.com/help/4133658)
@ -117,6 +123,19 @@ When a Stop error occurs, you should first isolate the problematic components, a
You can use the tools such as Windows Software Development KIT (SDK) and Symbols to diagnose dump logs. You can use the tools such as Windows Software Development KIT (SDK) and Symbols to diagnose dump logs.
## Video resources
The following videos illustrate various troubleshooting techniques on analyzing dump file.
- [Analyze Dump File](https://www.youtube.com/watch?v=s5Vwnmi_TEY)
- [Installing Debugging Tool for Windows (x64 and x86)](https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-Building-your-USB-thumbdrive/player#time=22m29s:paused)
- [Debugging kernel mode crash memory dumps](https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-137-Debugging-kernel-mode-dumps)
- [Special Pool](https://www.youtube.com/watch?v=vHXYS9KdU1k)
## Advanced troubleshooting using Driver Verifier ## Advanced troubleshooting using Driver Verifier
We estimate that about 75 percent of all Stop errors are caused by faulty drivers. The Driver Verifier tool provides several methods to help you troubleshoot. These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. If the tool encounters errors in the execution of driver code, it proactively creates an exception to let that part of the code be examined further. We estimate that about 75 percent of all Stop errors are caused by faulty drivers. The Driver Verifier tool provides several methods to help you troubleshoot. These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. If the tool encounters errors in the execution of driver code, it proactively creates an exception to let that part of the code be examined further.
@ -135,19 +154,6 @@ Use the following guidelines when you use Driver Verifier:
For more information, see [Driver Verifier](https://docs.microsoft.com/windows-hardware/drivers/devtest/driver-verifier). For more information, see [Driver Verifier](https://docs.microsoft.com/windows-hardware/drivers/devtest/driver-verifier).
**Video resources**
The following videos illustrate various troubleshooting techniques.
- [Analyze Dump File](https://www.youtube.com/watch?v=s5Vwnmi_TEY)
- [Installing Debugging Tool for Windows (x64 and x86)](https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-Building-your-USB-thumbdrive/player#time=22m29s:paused)
- [Debugging kernel mode crash memory dumps](https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-137-Debugging-kernel-mode-dumps)
- [Special Pool](https://www.youtube.com/watch?v=vHXYS9KdU1k)
## Common Windows Stop errors ## Common Windows Stop errors
This section doesn't contain a list of all error codes, but since many error codes have the same potential resolutions, your best bet is to follow the steps below to troubleshoot your error. This section doesn't contain a list of all error codes, but since many error codes have the same potential resolutions, your best bet is to follow the steps below to troubleshoot your error.

2
windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
View File

@ -21,7 +21,7 @@ ms.date: 09/18/2018
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can enable attack surface reduction rules, eploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature.
You might want to do this when testing how the features will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period. You might want to do this when testing how the features will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.

48
windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
View File

@ -144,30 +144,30 @@ You can access these events in Windows Event viewer:
Feature | Provider/source | Event ID | Description Feature | Provider/source | Event ID | Description
:-|:-|:-:|:- :-|:-|:-:|:-
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 1 | ACG audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 2 | ACG enforce Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 2 | ACG enforce
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 3 | Do not allow child processes audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 4 | Do not allow child processes block Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 4 | Do not allow child processes block
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 5 | Block low integrity images audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 6 | Block low integrity images block Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 6 | Block low integrity images block
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 7 | Block remote images audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 8 | Block remote images block Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 8 | Block remote images block
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 9 | Disable win32k system calls audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 10 | Disable win32k system calls block Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 10 | Disable win32k system calls block
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 11 | Code integrity guard audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 12 | Code integrity guard block Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 12 | Code integrity guard block
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 13 | EAF audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 13 | EAF audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 14 | EAF enforce Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 14 | EAF enforce
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 15 | EAF+ audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 15 | EAF+ audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 16 | EAF+ enforce Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 16 | EAF+ enforce
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 17 | IAF audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 17 | IAF audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 18 | IAF enforce Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 18 | IAF enforce
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 19 | ROP StackPivot audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 19 | ROP StackPivot audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 20 | ROP StackPivot enforce Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 20 | ROP StackPivot enforce
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 21 | ROP CallerCheck audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 21 | ROP CallerCheck audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 22 | ROP CallerCheck enforce Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 22 | ROP CallerCheck enforce
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 23 | ROP SimExec audit Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 23 | ROP SimExec audit
Exploit protection | Security-Mitigations (Kernal Mode/User Mode) | 24 | ROP SimExec enforce Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 24 | ROP SimExec enforce
Exploit protection | WER-Diagnostics | 5 | CFG Block Exploit protection | WER-Diagnostics | 5 | CFG Block
Exploit protection | Win32K (Operational) | 260 | Untrusted Font Exploit protection | Win32K (Operational) | 260 | Untrusted Font
Network protection | Windows Defender (Operational) | 5007 | Event when settings are changed Network protection | Windows Defender (Operational) | 5007 | Event when settings are changed