From 836f00270575fd48c914aff89f8d7da6705ee9a9 Mon Sep 17 00:00:00 2001 From: Reece Peacock <49645174+Reeced40@users.noreply.github.com> Date: Thu, 15 Oct 2020 11:09:03 +0200 Subject: [PATCH 1/2] Update exploit-protection.md Added link --- .../microsoft-defender-atp/exploit-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md index e4174dddea..fcd55deef2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md @@ -136,3 +136,4 @@ The table in this section indicates the availability and support of native mitig - [Configure and audit exploit protection mitigations](customize-exploit-protection.md) - [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md) - [Troubleshoot exploit protection](troubleshoot-exploit-protection-mitigations.md) +- [Optimize ASR rule deployment and detections](threat-protection/microsoft-defender-atp/configure-machines-asr.md) From 8f83290f03714a0103d3f88beb16a763371f4991 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 21 Oct 2020 11:41:49 -0700 Subject: [PATCH 2/2] Update exploit-protection.md --- .../microsoft-defender-atp/exploit-protection.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md index fcd55deef2..7ba2b8b2d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro author: denisebmsft ms.author: deniseb -ms.date: 04/02/2019 +ms.date: 10/21/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -65,7 +65,7 @@ DeviceEvents You can review the Windows event log to see events that are created when exploit protection blocks (or audits) an app: |Provider/source | Event ID | Description| -|---|---|---| +|:---|:---|:---| |Security-Mitigations | 1 | ACG audit | |Security-Mitigations | 2 | ACG enforce | |Security-Mitigations | 3 | Do not allow child processes audit | @@ -100,7 +100,7 @@ The mitigations available in EMET are included natively in Windows 10 (starting The table in this section indicates the availability and support of native mitigations between EMET and exploit protection. |Mitigation | Available under exploit protection | Available in EMET | -|---|---|---| +|:---|:---|:---| |Arbitrary code guard (ACG) | yes | yes
As "Memory Protection Check" | |Block remote images | yes | yes
As "Load Library Check" | |Block untrusted fonts | yes | yes | @@ -131,9 +131,6 @@ The table in this section indicates the availability and support of native mitig ## See also - [Protect devices from exploits](exploit-protection.md) -- [Evaluate exploit protection](evaluate-exploit-protection.md) -- [Enable exploit protection](enable-exploit-protection.md) - [Configure and audit exploit protection mitigations](customize-exploit-protection.md) -- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md) - [Troubleshoot exploit protection](troubleshoot-exploit-protection-mitigations.md) - [Optimize ASR rule deployment and detections](threat-protection/microsoft-defender-atp/configure-machines-asr.md)