Exploit protection (EP) demonstrations

Applies to:

• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender for Business
• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender Antivirus
• Microsoft Defender for Individuals

Exploit Protection automatically applies exploit mitigation settings system wide and on individual apps. Many of the features in the Enhanced Mitigation Experience Toolkit (EMET) have been included in Exploit Protection, and you can convert and import existing EMET configuration profiles into Exploit Protection.

Scenario requirements and setup

• Windows 11 or Windows 10 1709 build 16273 or newer
• Windows Server 2022, Windows Server 2019, and Windows Server 2016.
• Run PowerShell commands:

Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xml

Set-ProcessMitigation –help

• Verify configuration

Get-ProcessMitigation

Sample xml file

EP xml config file (right select, "save target as")

Scenario

Scenario 1: Convert EMET xml to Exploit Protection settings

1. Convert EMET to xml, run PowerShell command:

ConvertTo-ProcessMitigationPolicy

2. Apply settings, run PowerShell command: use the XML from the prior step

Set-ProcessMitigation -PolicyFilePath

3. Confirm settings were applied, run PowerShell command:

Get-ProcessMitigation

4. Review the event log for application compatibility

Scenario 2: Apply selfhost xml to Exploit Protection settings

1. Download our EP xml config file (right select, "save target as") or use your own
2. Apply settings, run PowerShell command:

Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xml

3. Confirm settings were applied, run PowerShell command:

Get-ProcessMitigation

4. Review the event log for application compatibility

See also

Exploit Protection

Microsoft Defender for Endpoint - demonstration scenarios

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.