You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/enable-exploit-protection.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,7 +43,7 @@ This section includes recommendations for you to be successful with deploying ex
43
43
44
44
- Enable [full user mode dump](/windows/win32/wer/collecting-user-mode-dumps) collection
45
45
46
-
- Check to see which applications are already compiled with "[Control Flow Guard](/windows/win32/secbp/control-flow-guard)" (CFG) which primarily focus on mitigating memory corruption vulnerabilities. Use dumpbin tool to see if it's compiled w/ [CFG](/windows/win32/secbp/control-flow-guard). For these applications, you could skip enabling enforcement for DEP, ASRL, SEHOP, and ACG.
46
+
- Check to see which applications are already compiled with "[Control Flow Guard](/windows/win32/secbp/control-flow-guard)" (CFG) which primarily focus on mitigating memory corruption vulnerabilities. Use dumpbin tool to see if it's compiled w/ [CFG](/windows/win32/secbp/control-flow-guard). For these applications, you could skip enabling enforcement for DEP, ASRL, SEHOP, and ACG.
47
47
48
48
- Use safe deployment practices.
49
49
@@ -52,11 +52,11 @@ This section includes recommendations for you to be successful with deploying ex
52
52
53
53
### Safe deployment practices
54
54
55
-
Safe deployment practices (SDP): Safe deployment processes and procedures define how to safely make and deploy changes to your workload. Implementing SDP requires you to think about deployments through the lens of managing risk. You can minimize the risk of end-user productivity outages in your deployments and limit the effects of problematic deployments on your users by implementing SDP.
55
+
Safe deployment practices (SDP): Safe deployment processes and procedures define how to safely make and deploy changes to your workload. Implementing SDP requires you to think about deployments through the lens of managing risk. You can minimize the risk of end-user productivity outages in your deployments and limit the effects of problematic deployments on your users by implementing SDP.
56
56
57
-
Start out with a small set (e.g. 10 to 50) of Windows devices and use that as your test environment to see which of the 21 mitigations, are incompatible with exploit protection. Remove the mitigations that are not compatible with the application. Reiterate with the applications that you are targeting. Once you feel that the policy is ready for production.
57
+
Start out with a small set (for example, 10 to 50) of Windows devices and use that as your test environment to see which of the 21 mitigations, are incompatible with exploit protection. Remove the mitigations that aren't compatible with the application. Reiterate with the applications that you are targeting. Once you feel that the policy is ready for production.
58
58
59
-
Start out by pushing first to User Acceptance Testing (UAT) usually comprised of the IT administrators, Security administrators and help desk personnel. Then to 1%, 5%, 10%, 25%, 50%, 75%, and finally to 100% of your environment.
59
+
Start out by pushing first to User Acceptance Testing (UAT) usually comprised of the IT administrators, Security administrators and help desk personnel. Then to 1%, 5%, 10%, 25%, 50%, 75%, and finally to 100% of your environment.
0 commit comments