Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Exploit Protection automatically applies exploit mitigation settings system wide and on individual apps. Many of the features in the Enhanced Mitigation Experience Toolkit (EMET) have been included in Exploit Protection, and you can convert and import existing EMET configuration profiles into Exploit Protection.
Prerequisites
- Windows client devices must be running Windows 11 or Windows 10 1709 build 16273 or newer.
- Windows server devices must be running Windows Server 2016 and later or Azure Stack HCI OS, version 23H2 and later.
Setup
Run PowerShell commands:
Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xmlSet-ProcessMitigation –helpVerify configuration
Get-ProcessMitigation
Sample xml file
EP xml config file (right select, "save target as")
Scenario
Scenario 1: Convert EMET xml to Exploit Protection settings
Convert EMET to xml, run PowerShell command:
ConvertTo-ProcessMitigationPolicyApply settings, run PowerShell command: use the XML from the prior step
Set-ProcessMitigation -PolicyFilePathConfirm settings were applied, run PowerShell command:
Get-ProcessMitigationReview the event log for application compatibility
Scenario 2: Apply selfhost xml to Exploit Protection settings
Download our EP xml config file (right select, "save target as") or use your own.
Apply settings, run PowerShell command:
Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xmlConfirm settings were applied, run PowerShell command:
Get-ProcessMitigationReview the event log for application compatibility.
See also
Microsoft Defender for Endpoint - demonstration scenarios
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.