deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 23:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
3a0d20792348b58c7377d7cf55b14a3c54e94d02
windows-itpro-docs/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
Iaan D'Souza-Wiltshire c706a1d637 exp prot updates
2017-08-24 12:39:10 -07:00

2.9 KiB
Raw Blame History

title, keywords, search.product, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, localizationpriority, author, ms.author
title keywords search.product ms.pagetype ms.prod ms.mktglfcycl ms.sitesec ms.pagetype localizationpriority author ms.author
eADQiWindows 10XVcnh security w10 manage library security medium iaanw iawilt

Protect devices from exploits with Windows Defender Exploit Guard

Applies to:

  • Windows 10 Insider Preview, build 16232 and later

Audience

  • Enterprise security administrators

Manageability available with

  • Group Policy
  • PowerShell
  • Windows Management Instrumentation (WMI)
  • System Center Configuration Manager
  • Microsoft Intune
  • Windows Defender Security Center app

Exploit Protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.

It is part of Windows Defender Exploit Guard, which is itself a component in the new Windows Defender Advanced Threat Protection offering of security and threat prevention products.

You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once.

Requirements

The following requirements must be met before Exploit Protection will work:

Windows 10 version | Windows Defender Advanced Threat Protection Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full reporting you need a license for Windows Defender ATP

Converting and Applying an EMET config:

  1. Export the existing EMET configuration. This can be done from the "Export" button in the GUI, or by running the command: emet_conf.exe export emetConfig.xml
  2. In an elevated PowerShell window, convert the exported configuration with: ConvertTo-ProcessMitigationPolicy -EMETFilePath emetConfig.xml -OutputFilePath win10Config.xml
  3. Note that this may give you some warnings, but these should be safe to ignore.
  4. Apply the new configuration: from an elevated PowerShell window run **Set-ProcessMitigation -RegistryConfigFilePath win10Config.xml **
  5. From here you can check or edit the settings in the new interface in the Windows Defender Security Center or with Get-ProcessMitigation (this command by itself will output the entire current state of the mitigations to the shell), and Set-ProcessMitigation respectively.