deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

exp prot updates

Browse Source
This commit is contained in:
Iaan D'Souza-Wiltshire
2017-08-24 12:39:10 -07:00
parent 20a2e44ea1
commit c706a1d637
18 changed files with 302 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
View File

@ -55,7 +55,7 @@ See the [PowerShell reference table](#powershell-reference) at the bottom of thi
### Configure system-level mitigations with the app
### Configure system-level mitigations
1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@ -90,7 +90,7 @@ Exporting the configuration as an XML file allows you to copy the configuration
1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection** label:
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection settings** at the bottom of the screen:
>Screenshot coming
@ -171,7 +171,44 @@ You can disable audit mode by using the same command but replacing `-Enable` wit
The following table lists each mitigation, its associated PowerShell cmdlet, and indicates whether it can be applied system-wide or to individual apps. It also lists any optional cmdlets and the appropriate audit mode cmdlet.
#### PowerShell
You can also use powershell to set these mitigation policies and to convert EMET policies to Windows Defender EG, as demonstrated in the following examples:
Get the current settings in the registry for processName.exe
```
Get-ProcessMitigation -Name processName.exe
```
Exports the current settings to the filename.xml
```
Get-ProcessMitigation -RegistryConfigFilePath filename.xml
```
Imports the settings in filename.xml to the system.
```
Set-ProcessMitigation -PolicyFilePath filename.xml
```
Enables a list of mitigations
```
Set-ProcessMitigation -Name processName.exe -Enable SEHOP,DEP
```
Disables a list of mitigations
```
Set-ProcessMitigation -Name processName.exe -Disable SEHOP,DEP
```
Sets the EAFModules for dllName1.dll & dllName2.dll for processName.exe
```
Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
```
Converts an emet file named, emetFile.xml, to the new windows 10 format called, filename.xml
```
ConvertTo-ProcessMitigationPolicy -EMETFilePath emetFile.xml -OutputFilePath filename.xml
```
## Related topics