deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 11750: additional updates for rs5 (from pr 11748)

Browse Source
This commit is contained in:
Jeanie Decker
2018-10-02 15:38:14 +00:00
parent f01fb6dac8
commit 951a08abdd
52 changed files with 327 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
View File

@ -1,7 +1,7 @@
---
title: Enable or disable specific mitigations used by Exploit protection
keywords: Exploit protection, mitigations, enable, powershell, dep, cfg, emet, aslr
description: You can enable individual mitigations using the Windows Defender Security Center app or PowerShell. You can also audit mitigations and export configurations.
description: You can enable individual mitigations using the Windows Security app or PowerShell. You can also audit mitigations and export configurations.
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
@ -22,11 +22,11 @@ ms.date: 08/08/2018
Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
You configure these settings using the Windows Security app on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
This topic lists each of the mitigations available in exploit protection, indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works.
It also describes how to enable or configure the mitigations using Windows Defender Security Center, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
It also describes how to enable or configure the mitigations using Windows Security, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
>[!WARNING]
>Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](evaluate-exploit-protection.md) before deploying the configuration across a production environment or the rest of your network.
@ -102,9 +102,9 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
>The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*.
>CFG will be enabled for *miles.exe*.
### Configure system-level mitigations with the Windows Defender Security Center app
### Configure system-level mitigations with the Windows Security app
1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
@ -126,9 +126,9 @@ You can now [export these settings as an XML file](import-export-exploit-protect
Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
### Configure app-specific mitigations with the Windows Defender Security Center app
### Configure app-specific mitigations with the Windows Security app
1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings** at the bottom of the screen.
@ -153,9 +153,9 @@ Exporting the configuration as an XML file allows you to copy the configuration
## PowerShell reference
You can use the Windows Defender Security Center app to configure Exploit protection, or you can use PowerShell cmdlets.
You can use the Windows Security app to configure Exploit protection, or you can use PowerShell cmdlets.
The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Defender Security Center. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply.
The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Security. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply.
>[!IMPORTANT]
>Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overridden.
@ -173,7 +173,7 @@ Get-ProcessMitigation -Name processName.exe
>
>For app-level settings, `NOTSET` indicates the system-level setting for the mitigation will be applied.
>
>The default setting for each system-level mitigation can be seen in the Windows Defender Security Center, as described in the [Configure system-level mitigations with the Windows Defender Security Center app section above](#configure-system-level-mitigations-with-the-windows-defender-security-center-app).
>The default setting for each system-level mitigation can be seen in the Windows Security, as described in the [Configure system-level mitigations with the Windows Security app section above](#configure-system-level-mitigations-with-the-windows-defender-security-center-app).
Use `Set` to configure each mitigation in the following format:
@ -267,7 +267,7 @@ Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu
## Customize the notification
See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
## Related topics