Set-Process Mitigation

Module:
processmitigations
Commands to enable and disable process mitigations or set them in bulk from an XML file.

Syntax 

Set-ProcessMitigation
   [[-Name] <String>]
   [-Disable <String[]>]
   [-Enable <String[]>]
   [<CommonParameters>]
Set-ProcessMitigation
   -PolicyFilePath <String>
   [<CommonParameters>]

Description

Used to turn on and off various process mitigation settings. Can also apply an XML file to apply settings for many processes at once.

Examples

Example 1 

PS C:\>  set-ProcessMitigation -Name Notepad.exe -Enable SEHOP -Disable ForceRelocateImages

Gets the current process mitigation for "notepad.exe" from the registry and then enables SEHOP, and disables ForceRelocateImages.

Example 2 

PS C:\> set-ProcessMitigation -file settings.xml

Applies all settings inside settings.xml

Required Parameters

-PolicyFilePath

{{Fill PolicyFilePath Description}}

Type: String
Aliases: x
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Disable

Comma separated list of mitigations to disable. Disable list takes priority over enable list. If specified in both, it will be disabled.

Type: String[]
Aliases: d
Parameter Sets: DEP, EmulateAtlThunks, SEHOP, ForceRelocateImages, RequireInfo, BottomUp, HighEntropy, StrictHandle, DisableWin32kSystemCalls, AuditSystemCall, DisableExtensionPoints, BlockDynamicCode, AllowThreadsToOptOut, AuditDynamicCode, CFG, SuppressExports, StrictCFG, MicrosoftSignedOnly, AllowStoreSignedBinaries, AuditMicrosoftSigned, AuditStoreSigned, EnforceModuleDependencySigning, DisableNonSystemFonts, AuditFont, BlockRemoteImageLoads, BlockLowLabelImageLoads, PreferSystem32, AuditRemoteImageLoads, AuditLowLabelImageLoads, AuditPreferSystem32, EnableExportAddressFilter, AuditEnableExportAddressFilter, EnableExportAddressFilterPlus, AuditEnableExportAddressFilterPlus, EnableImportAddressFilter, AuditEnableImportAddressFilter, EnableRopStackPivot, AuditEnableRopStackPivot, EnableRopCallerCheck, AuditEnableRopCallerCheck, EnableRopSimExec, AuditEnableRopSimExec, SEHOP, AuditSEHOP, SEHOPTelemetry, TerminateOnError, DisallowChildProcessCreation, AuditChildProcess
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Enable

Comma separated list of mitigations to enable. Disable list takes priority over enable list. If specified in both, it will be disabled.

Type: String[]
Aliases: e
Parameter Sets: DEP, EmulateAtlThunks, SEHOP, ForceRelocateImages, RequireInfo, BottomUp, HighEntropy, StrictHandle, DisableWin32kSystemCalls, AuditSystemCall, DisableExtensionPoints, BlockDynamicCode, AllowThreadsToOptOut, AuditDynamicCode, CFG, SuppressExports, StrictCFG, MicrosoftSignedOnly, AllowStoreSignedBinaries, AuditMicrosoftSigned, AuditStoreSigned, EnforceModuleDependencySigning, DisableNonSystemFonts, AuditFont, BlockRemoteImageLoads, BlockLowLabelImageLoads, PreferSystem32, AuditRemoteImageLoads, AuditLowLabelImageLoads, AuditPreferSystem32, EnableExportAddressFilter, AuditEnableExportAddressFilter, EnableExportAddressFilterPlus, AuditEnableExportAddressFilterPlus, EnableImportAddressFilter, AuditEnableImportAddressFilter, EnableRopStackPivot, AuditEnableRopStackPivot, EnableRopCallerCheck, AuditEnableRopCallerCheck, EnableRopSimExec, AuditEnableRopSimExec, SEHOP, AuditSEHOP, SEHOPTelemetry, TerminateOnError, DisallowChildProcessCreation, AuditChildProcess
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Name

Name of the process to apply mitigation settings to. Can be in the format "notepad" or "notepad.exe"

Type: String
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

Inputs

System.String

Outputs

System.Object