Set-Process
Mitigation
Syntax
Set-ProcessMitigation
[[-Name] <String>]
[-Disable <String[]>]
[-Enable <String[]>]
[<CommonParameters>]
Set-ProcessMitigation
-PolicyFilePath <String>
[<CommonParameters>]
Description
Used to turn on and off various process mitigation settings. Can also apply an XML file to apply settings for many processes at once.
Examples
Example 1
PS C:\> set-ProcessMitigation -Name Notepad.exe -Enable SEHOP -Disable ForceRelocateImages
Gets the current process mitigation for "notepad.exe" from the registry and then enables SEHOP, and disables ForceRelocateImages.
Example 2
PS C:\> set-ProcessMitigation -file settings.xml
Applies all settings inside settings.xml
Required Parameters
{{Fill PolicyFilePath Description}}
Type: | String |
Aliases: | x |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Optional Parameters
Comma separated list of mitigations to disable. Disable list takes priority over enable list. If specified in both, it will be disabled.
Type: | String[] |
Aliases: | d |
Parameter Sets: | DEP, EmulateAtlThunks, SEHOP, ForceRelocateImages, RequireInfo, BottomUp, HighEntropy, StrictHandle, DisableWin32kSystemCalls, AuditSystemCall, DisableExtensionPoints, BlockDynamicCode, AllowThreadsToOptOut, AuditDynamicCode, CFG, SuppressExports, StrictCFG, MicrosoftSignedOnly, AllowStoreSignedBinaries, AuditMicrosoftSigned, AuditStoreSigned, EnforceModuleDependencySigning, DisableNonSystemFonts, AuditFont, BlockRemoteImageLoads, BlockLowLabelImageLoads, PreferSystem32, AuditRemoteImageLoads, AuditLowLabelImageLoads, AuditPreferSystem32, EnableExportAddressFilter, AuditEnableExportAddressFilter, EnableExportAddressFilterPlus, AuditEnableExportAddressFilterPlus, EnableImportAddressFilter, AuditEnableImportAddressFilter, EnableRopStackPivot, AuditEnableRopStackPivot, EnableRopCallerCheck, AuditEnableRopCallerCheck, EnableRopSimExec, AuditEnableRopSimExec, SEHOP, AuditSEHOP, SEHOPTelemetry, TerminateOnError, DisallowChildProcessCreation, AuditChildProcess |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Comma separated list of mitigations to enable. Disable list takes priority over enable list. If specified in both, it will be disabled.
Type: | String[] |
Aliases: | e |
Parameter Sets: | DEP, EmulateAtlThunks, SEHOP, ForceRelocateImages, RequireInfo, BottomUp, HighEntropy, StrictHandle, DisableWin32kSystemCalls, AuditSystemCall, DisableExtensionPoints, BlockDynamicCode, AllowThreadsToOptOut, AuditDynamicCode, CFG, SuppressExports, StrictCFG, MicrosoftSignedOnly, AllowStoreSignedBinaries, AuditMicrosoftSigned, AuditStoreSigned, EnforceModuleDependencySigning, DisableNonSystemFonts, AuditFont, BlockRemoteImageLoads, BlockLowLabelImageLoads, PreferSystem32, AuditRemoteImageLoads, AuditLowLabelImageLoads, AuditPreferSystem32, EnableExportAddressFilter, AuditEnableExportAddressFilter, EnableExportAddressFilterPlus, AuditEnableExportAddressFilterPlus, EnableImportAddressFilter, AuditEnableImportAddressFilter, EnableRopStackPivot, AuditEnableRopStackPivot, EnableRopCallerCheck, AuditEnableRopCallerCheck, EnableRopSimExec, AuditEnableRopSimExec, SEHOP, AuditSEHOP, SEHOPTelemetry, TerminateOnError, DisallowChildProcessCreation, AuditChildProcess |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Name of the process to apply mitigation settings to. Can be in the format "notepad" or "notepad.exe"
Type: | String |
Position: | 0 |
Default value: | None |
Accept pipeline input: | True (ByPropertyName, ByValue) |
Accept wildcard characters: | False |
Inputs
System.String
Outputs
System.Object