diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 1e00cd20dd..6c243891bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -57,7 +57,7 @@ You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Au - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. -4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. +4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You are notified if you need to restart the process or app, or if you need to restart Windows. 5. Repeat steps 3-4 for all the apps and mitigations you want to configure. @@ -66,7 +66,7 @@ You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Au - **Off by default**: The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section - **Use default**: The mitigation is either enabled or disabled, depending on the default configuration that is set up by Windows 10 installation; the default value (**On** or **Off**) is always specified next to the **Use default** label for each mitigation -7. Repeat this for all the system-level mitigations you want to configure. Click **Apply** when you're done setting up your configuration. +7. Repeat step 6 for all the system-level mitigations you want to configure. Click **Apply** when you're done setting up your configuration. If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work: @@ -79,15 +79,15 @@ Enabled in **Program settings** | Enabled in **System settings** | Behavior ### Example 1: Mikael configures Data Execution Prevention in system settings section to be off by default -Mikael adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, he enables the **Override system settings** option and sets the switch to **On**. There are no other apps listed in the **Program settings** section. +Mikael adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, Mikael enables the **Override system settings** option and sets the switch to **On**. There are no other apps listed in the **Program settings** section. The result will be that DEP only will be enabled for *test.exe*. All other apps will not have DEP applied. ### Example 2: Josie configures Data Execution Prevention in system settings to be off by default -Josie adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, she enables the **Override system settings** option and sets the switch to **On**. +Josie adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, Josie enables the **Override system settings** option and sets the switch to **On**. -Josie also adds the app *miles.exe* to the **Program settings** section and configures **Control flow guard (CFG)** to **On**. She doesn't enable the **Override system settings** option for DEP or any other mitigations for that app. +Josie also adds the app *miles.exe* to the **Program settings** section and configures **Control flow guard (CFG)** to **On**. Josie doesn't enable the **Override system settings** option for DEP or any other mitigations for that app. The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. CFG will be enabled for *miles.exe*. @@ -116,7 +116,7 @@ CFG will be enabled for *miles.exe*. 5. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings: ![Enable network protection in Intune](../images/enable-ep-intune.png) 6. Click **OK** to save each open blade and click **Create**. -7. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. +7. Click the profile. Assignments**, assign to **All Users & All Devices**, and click **Save**. ## MDM