You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/evaluate-exploit-protection.md
+15-15Lines changed: 15 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ ms.collection:
15
15
- tier2
16
16
- mde-asr
17
17
search.appverid: met150
18
-
ms.date: 12/18/2020
18
+
ms.date: 11/15/2024
19
19
---
20
20
21
21
# Evaluate exploit protection
@@ -35,34 +35,31 @@ In audit, you can see how mitigation works for certain apps in a test environmen
35
35
36
36
## Generic guidelines
37
37
38
-
Exploit Protection mitigations work at a very low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they are configured to be protected by using Exploit Protection.
38
+
Exploit protection mitigations work at a very low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they are configured to be protected by using exploit protection.
39
39
40
-
#### The following list of the kinds of software that should not be protected by using Exploit Protection:
40
+
#### What kinds of Software should not be protected by exploit protection?
41
41
42
42
- Anti-malware and intrusion prevention or detection software
43
-
44
43
- Debuggers
45
-
46
44
- Software that handles digital rights management (DRM) technologies (that is, video games)
47
-
48
45
- Software that use anti-debugging, obfuscation, or hooking technologies
49
46
50
-
#### What type of applications should you consider enabling Exploit Protection?
47
+
#### What type of applications should you consider enabling exploit protection?
51
48
52
49
Applications that receive or handle untrusted data.
53
50
54
-
#### What type of processes are out of scope for Exploit Protection?
51
+
#### What type of processes are out of scope for exploit protection?
55
52
56
53
Services
57
54
58
55
- System services
59
-
60
56
- Network services
61
57
62
58
## Application compatibility list
63
-
The following is a list of specific products that have compatibility issues in regard to the mitigations that are offered by Exploit Protection. You must disable specific incompatible mitigations if you want to protect the product by using Exploit Protection. Be aware that this list takes into consideration the default settings for the latest versions of the product. Compatibility issues introduction may by introduced when you apply certain add-ins or additional components to the standard software.
64
59
65
-
| Product | Exploit Protection mitigation |
60
+
The following is a list of specific products that have compatibility issues in regard to the mitigations that are offered by exploit protection. You must disable specific incompatible mitigations if you want to protect the product by using exploit protection. Be aware that this list takes into consideration the default settings for the latest versions of the product. Compatibility issues introduction may by introduced when you apply certain add-ins or additional components to the standard software.
61
+
62
+
| Product | Exploit protection mitigation |
66
63
| -------- | -------- |
67
64
| .NET 2.0/3.5 | EAF/IAF |
68
65
| 7-Zip Console/GUI/File Manager | EAF |
@@ -97,10 +94,12 @@ You can set mitigations in a testing mode for specific programs by using the Win
97
94
98
95
3. Go to **Program settings** and choose the app you want to apply protection to:
99
96
100
-
1. If the app you want to configure is already listed, select it and then select **Edit**
101
-
2. If the app isn't listed at the top of the list select **Add program to customize**. Then, choose how you want to add the app.
102
-
- Use **Add by program name** to have the mitigation applied to any running process with that name. Specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
103
-
- Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
97
+
1. If the app you want to configure is already listed, select it and then select **Edit**.
98
+
99
+
2. If the app isn't listed at the top of the list select **Add program to customize**. Then, choose how you want to add the app.
100
+
101
+
- Use **Add by program name** to have the mitigation applied to any running process with that name. Specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
102
+
- Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
104
103
105
104
4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in test mode only. You'll be notified if you need to restart the process, app, or Windows.
106
105
@@ -162,4 +161,5 @@ To review which apps would have been blocked, open Event Viewer and filter for t
162
161
-[Configure and audit exploit protection mitigations](customize-exploit-protection.md)
163
162
-[Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
0 commit comments