Skip to content

Latest commit

 

History

History
257 lines (196 loc) · 7.26 KB

Set-ProcessMitigation.md

File metadata and controls

257 lines (196 loc) · 7.26 KB
description external help file Module Name ms.date online version schema title
Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
ProcessMitigations.dll-Help.xml
ProcessMitigations
03/29/2017
2.0.0
Set-ProcessMitigation

Set-ProcessMitigation

SYNOPSIS

Commands to enable and disable process mitigations or set them in bulk from an XML file.

SYNTAX

ProcessPolicy

Set-ProcessMitigation [[-Name] <String>] [-Disable <String[]>] [-Enable <String[]>] [<CommonParameters>]

FullPolicy

Set-ProcessMitigation -PolicyFilePath <String> [<CommonParameters>]

DESCRIPTION

Used to turn on and off various process mitigation settings. Can also apply an XML file to apply settings for many processes at once.

EXAMPLES

Example 1

PS C:\>  Set-ProcessMitigation -Name Notepad.exe -Enable SEHOP -Disable ForceRelocateImages

Gets the current process mitigation for "notepad.exe" from the registry and then enables SEHOP, and disables ForceRelocateImages.

Example 2

PS C:\> Set-ProcessMitigation -PolicyFilePath settings.xml

Applies all settings inside settings.xml

Example 3

PS C:\> Set-ProcessMitigation -System -Enable DEP

Applies DEP at the system level. To disable mitigations, you can replace -Enable with -Disable. However, for app-level mitigations, this will force the mitigation to be disabled only for that app.

Exmaple 4

PS C:\> Set-ProcessMitigation -System -Remove -Disable DEP

If you need to restore the mitigation back to the system default, you need to include the -Remove cmdlet as well, as in the above example:

Example 5

PS C:\> Set-ProcessMitigation -System -Enable SEHOP

Enable SEHOP Component at the system level.

Example 6

PS C:\> Set-ProcessMitigation -System -Disable SEHOP

Disable SEHOP Component at the system level.

Example 7

PS C:\> Set-ProcessMitigation -System -Reset

Reset Mitigation at the system level.

PARAMETERS

-Disable

Comma separated list of mitigations to disable. Disable list takes priority over enable list. If specified in both, it will be disabled.

Type: String[]
Parameter Sets: ProcessPolicy
Aliases: d
Accepted values: DEP, EmulateAtlThunks, SEHOP, ForceRelocateImages, RequireInfo, BottomUp, HighEntropy, StrictHandle, DisableWin32kSystemCalls, AuditSystemCall, DisableExtensionPoints, BlockDynamicCode, AllowThreadsToOptOut, AuditDynamicCode, CFG, SuppressExports, StrictCFG, MicrosoftSignedOnly, AllowStoreSignedBinaries, AuditMicrosoftSigned, AuditStoreSigned, EnforceModuleDependencySigning, DisableNonSystemFonts, AuditFont, BlockRemoteImageLoads, BlockLowLabelImageLoads, PreferSystem32, AuditRemoteImageLoads, AuditLowLabelImageLoads, AuditPreferSystem32, EnableExportAddressFilter, AuditEnableExportAddressFilter, EnableExportAddressFilterPlus, AuditEnableExportAddressFilterPlus, EnableImportAddressFilter, AuditEnableImportAddressFilter, EnableRopStackPivot, AuditEnableRopStackPivot, EnableRopCallerCheck, AuditEnableRopCallerCheck, EnableRopSimExec, AuditEnableRopSimExec, SEHOP, AuditSEHOP, SEHOPTelemetry, TerminateOnError, DisallowChildProcessCreation, AuditChildProcess

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Enable

Comma separated list of mitigations to enable. Disable list takes priority over enable list. If specified in both, it will be disabled.

Type: String[]
Parameter Sets: ProcessPolicy
Aliases: e
Accepted values: DEP, EmulateAtlThunks, SEHOP, ForceRelocateImages, RequireInfo, BottomUp, HighEntropy, StrictHandle, DisableWin32kSystemCalls, AuditSystemCall, DisableExtensionPoints, BlockDynamicCode, AllowThreadsToOptOut, AuditDynamicCode, CFG, SuppressExports, StrictCFG, MicrosoftSignedOnly, AllowStoreSignedBinaries, AuditMicrosoftSigned, AuditStoreSigned, EnforceModuleDependencySigning, DisableNonSystemFonts, AuditFont, BlockRemoteImageLoads, BlockLowLabelImageLoads, PreferSystem32, AuditRemoteImageLoads, AuditLowLabelImageLoads, AuditPreferSystem32, EnableExportAddressFilter, AuditEnableExportAddressFilter, EnableExportAddressFilterPlus, AuditEnableExportAddressFilterPlus, EnableImportAddressFilter, AuditEnableImportAddressFilter, EnableRopStackPivot, AuditEnableRopStackPivot, EnableRopCallerCheck, AuditEnableRopCallerCheck, EnableRopSimExec, AuditEnableRopSimExec, SEHOP, AuditSEHOP, SEHOPTelemetry, TerminateOnError, DisallowChildProcessCreation, AuditChildProcess

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Name

Name of the process to apply mitigation settings to. Can be in the format "notepad" or "notepad.exe"

Type: String
Parameter Sets: ProcessPolicy
Aliases: 

Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-EAFModules

Modules to be added to the EAF+ mitigation.

Type: String
Parameter Sets: ProcessPolicy
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Force

Overrides a system setting either on or off depending on the level this is set at. Will force "on"/"off" all mitigations provided in the -Enable list

Type: String
Parameter Sets: ProcessPolicy
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsValid

Set to check the given XML file for validity. Requires local .xsd

Type: SwitchParameter
Parameter Sets: ProcessPolicy
Aliases: 

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Remove

Removes a mitigation entry from the registry.

Type: SwitchParameter
Parameter Sets: ProcessPolicy
Aliases: 
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Reset

Resets a specific mitigation entry to defer.

Type: SwitchParameter
Parameter Sets: ProcessPolicy
Aliases: 

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-System

Used to configure system defaults rather than individual apps.

Type: SwitchParameter
Parameter Sets: ProcessPolicy
Aliases: 

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-PolicyFilePath

Path to XML file containing mitigation settings.

Type: String
Parameter Sets: FullPolicy
Aliases: x

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

System.String

OUTPUTS

System.Object

NOTES

RELATED LINKS