deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 06:43:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 4747: wdeg updates

Browse Source 
1. Explain NOTSET when using PS for system-level EP mitigations
2. Explain how CFA will show its state in the UI when configured with PS/GP
3. Explain that you can't convert EMET default XMLs, you have to import them to EMET first
4. Describe how to enable MandatoryASLR
This commit is contained in:
Iaan D'Souza-Wiltshire
2017-11-30 22:44:26 +00:00
parent 24690becf1 3b037c8829
commit c1a25f131d
3 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
View File

@ -185,7 +185,7 @@ Exporting the configuration as an XML file allows you to copy the configuration
The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Defender Security Center. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply.
>[!IMPORTANT]
>Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overriden.
>Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overridden.
You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app:
@ -194,7 +194,16 @@ Exporting the configuration as an XML file allows you to copy the configuration
Get-ProcessMitigation -Name processName.exe
```
Use `Set` to configure each mitigation in the following format:
>[!IMPORTANT]
>System-level mitigations that have not been configured will show a status of `NOTSET`.
>
>For system-level settings, `NOTSET` indicates the default setting for that mitigation has been applied.
>
>For app-level settings, `NOTSET` indicates the system-level setting for the mitigation will be applied.
>
>The default setting for each system-level mitigation can be seen in the Windows Defender Security Center, as described in the [Configure system-level mitigations with the Windows Defender Security Center app section above](#configure-system-level-mitigations-with-the-windows-defender-security-center-app).
Use `Set` to configure each mitigation in the following format:
```PowerShell
Set-ProcessMitigation -<scope> <app executable> -<action> <mitigation or options>,<mitigation or options>,<mitigation or options>