deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update enable-exploit-protection.md

Browse Source 
From issue ticket #8927 (**No such property as TerminateOnHeapError**):

> In the list of properties used for different security exploit settings for the cmdlets, the properties to be set for 'Validate heap integrity' is labeled wrong.
> 
> | Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available |
>
> **The property 'TerminateOnHeapError' doesn't exist for Heap. It should be TerminateOnError.**

Thanks to dennisl68-castra for noticing and reporting this incorrect term variant.

Changes proposed:
- Change "TerminateOnHeapError" to 'TerminateOnError'

Whitespace changes:
- Add recommended minimum cell divider spacing to the MarkDown table cells
- Align table dividing row cell dividers with the table title row cell dividers
- Add editorial line between footnote mark [2] and second last H2 (##) heading

Closes #8927

Ref. old PR #4351 from July 5, 2019 (before Windows Defender Exploit Guard was changed or retired)
This commit is contained in:
Trond B. Krokli
2021-01-08 01:27:31 +01:00
committed by GitHub
parent 0fdcad23cb
commit 6c9cf28542
1 changed files with 27 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
View File

@ -210,21 +210,21 @@ Set-Processmitigation -Name test.exe -Remove -Disable DEP
This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that can be used to configure each mitigation. This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that can be used to configure each mitigation.
| Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet | | Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet |
|:---|:---|:---|:---| | :--------- | :--------- | :----------------- | :---------------- |
| Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available | | Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available |
| Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available | | Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available |
| Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available | | Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available |
| Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available | Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available
|Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available | Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available |
|Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available | Validate heap integrity | System and app-level | TerminateOnError | Audit not available |
|Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode | Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode |
|Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad | Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad |
|Block remote images | App-level only | BlockRemoteImages | Audit not available | Block remote images | App-level only | BlockRemoteImages | Audit not available |
|Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly | Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly |
|Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned | Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned |
|Disable extension points | App-level only | ExtensionPoint | Audit not available | Disable extension points | App-level only | ExtensionPoint | Audit not available |
|Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall | Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall |
|Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess | Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess |
| Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter <a href="#r1" id="t1">\[1\]</a> | Audit not available<a href="#r2" id="t2">\[2\]</a> | | Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter <a href="#r1" id="t1">\[1\]</a> | Audit not available<a href="#r2" id="t2">\[2\]</a> |
| Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available<a href="#r2" id="t2">\[2\]</a> | | Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available<a href="#r2" id="t2">\[2\]</a> |
| Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available<a href="#r2" id="t2">\[2\]</a> | | Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available<a href="#r2" id="t2">\[2\]</a> |
@ -239,6 +239,7 @@ This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that
Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
``` ```
<a href="#t2" id="r2">\[2\]</a>: Audit for this mitigation is not available via Powershell cmdlets. <a href="#t2" id="r2">\[2\]</a>: Audit for this mitigation is not available via Powershell cmdlets.
## Customize the notification ## Customize the notification
See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.