Windows 10 WINDOWS DEFENDER EXPLOIT PROTECTION POWERSHELL SCRIPTS TO ENABLE PROCESS MIGITATION COMPONENTS AT APPLICATION SETTINGS

  • Thread starter Thread starter RAJU.MSC
  • Start date Start date
R

RAJU.MSC

i am sharing some PowerShell scripts to enable certain process migration components for the various application settings

The following components are recommended to enable different applications


Dep
BottomUp
ForceRelocateImages
EnableExportAddressFilterPlus
EnableExportAddressFilter
EnableImportAddressFilter
EnableRopSimExec
EnableRopCallerCheck
EnableRopStackPivot


Not necessary to enable all components to all applications , some applications need one component only


Open WINDOWS POWERSHELL in cmd run as administrator and press enter

for Acrord32.exe

set-ProcessMitigation -Name Acrord32.exe -enable Dep
set-ProcessMitigation -Name Acrord32.exe -enable BottomUp
set-ProcessMitigation -Name Acrord32.exe -enable ForceRelocateImages
set-ProcessMitigation -Name Acrord32.exe -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name Acrord32.exe -enable EnableExportAddressFilter
set-ProcessMitigation -Name Acrord32.exe -enable EnableImportAddressFilter
set-ProcessMitigation -Name Acrord32.exe -enable EnableRopSimExec
set-ProcessMitigation -Name Acrord32.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name acrord32.exe -enable EnableRopStackPivot

for EXCEL.EXE

set-ProcessMitigation -Name EXCEL.EXE -enable Dep
set-ProcessMitigation -Name EXCEL.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name EXCEL.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name EXCEL.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name EXCEL.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name EXCEL.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name EXCEL.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name EXCEL.EXE -enable EnableRopStackPivot

for java.exe

set-ProcessMitigation -Name java.exe -enable Dep
set-ProcessMitigation -Name java.exe -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name java.exe -enable EnableExportAddressFilter
set-ProcessMitigation -Name java.exe -enable EnableImportAddressFilter
set-ProcessMitigation -Name java.exe -enable EnableRopSimExec
set-ProcessMitigation -Name java.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name java.exe -enable EnableRopStackPivot

for javaw.exe

set-ProcessMitigation -Name javaw.exe -enable Dep
set-ProcessMitigation -Name javaw.exe -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name javaw.exe -enable EnableExportAddressFilter
set-ProcessMitigation -Name javaw.exe -enable EnableImportAddressFilter
set-ProcessMitigation -Name javaw.exe -enable EnableRopSimExec
set-ProcessMitigation -Name javaw.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name javaw.exe -enable EnableRopStackPivot

for javaws.exe

set-ProcessMitigation -Name javaws.exe -enable Dep
set-ProcessMitigation -Name javaws.exe -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name javaws.exe -enable EnableExportAddressFilter
set-ProcessMitigation -Name javaws.exe -enable EnableImportAddressFilter
set-ProcessMitigation -Name javaws.exe -enable EnableRopSimExec
set-ProcessMitigation -Name javaws.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name javaws.exe -enable EnableRopStackPivot

for iexplore.exe

set-ProcessMitigation -Name iexplore.exe -enable Dep
set-ProcessMitigation -Name iexplore.exe -enable BottomUp
set-ProcessMitigation -Name iexplore.exe -enable ForceRelocateImages
set-ProcessMitigation -Name iexplore.exe -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name iexplore.exe -enable EnableExportAddressFilter
set-ProcessMitigation -Name iexplore.exe -enable EnableImportAddressFilter
set-ProcessMitigation -Name iexplore.exe -enable EnableRopSimExec
set-ProcessMitigation -Name iexplore.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name iexplore.exe -enable EnableRopStackPivot

for lync.exe

set-ProcessMitigation -Name lync.exe -enable Dep
set-ProcessMitigation -Name lync.exe -enable ForceRelocateImages
set-ProcessMitigation -Name lync.exe -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name lync.exe -enable EnableExportAddressFilter
set-ProcessMitigation -Name lync.exe -enable EnableImportAddressFilter
set-ProcessMitigation -Name lync.exe -enable EnableRopSimExec
set-ProcessMitigation -Name lync.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name lync.exe -enable EnableRopStackPivot

for MSACCESS.EXE

set-ProcessMitigation -Name MSACCESS.EXE -enable Dep
set-ProcessMitigation -Name MSACCESS.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name MSACCESS.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name MSACCESS.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name MSACCESS.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name MSACCESS.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name MSACCESS.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name MSACCESS.EXE -enable EnableRopStackPivot

for MSPUB.EXE

set-ProcessMitigation -Name MSPUB.EXE -enable Dep
set-ProcessMitigation -Name MSPUB.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name MSPUB.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name MSPUB.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name MSPUB.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name MSPUB.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name MSPUB.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name MSPUB.EXE -enable EnableRopStackPivot

for ONEDRIVE.EXE

set-ProcessMitigation -Name ONEDRIVE.EXE -enable Dep
set-ProcessMitigation -Name ONEDRIVE.EXE -enable BlockRemoteImageLoads
set-ProcessMitigation -Name ONEDRIVE.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name ONEDRIVE.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name ONEDRIVE.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name ONEDRIVE.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name ONEDRIVE.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name ONEDRIVE.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name ONEDRIVE.EXE -enable EnableRopStackPivot

for OUTLOOK.EXE

set-ProcessMitigation -Name OUTLOOK.EXE -enable Dep
set-ProcessMitigation -Name OUTLOOK.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name OUTLOOK.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name OUTLOOK.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name OUTLOOK.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name OUTLOOK.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name OUTLOOK.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name OUTLOOK.EXE -enable EnableRopStackPivot

for POWERPNT.EXE

set-ProcessMitigation -Name POWERPNT.EXE -enable Dep
set-ProcessMitigation -Name POWERPNT.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name POWERPNT.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name POWERPNT.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name POWERPNT.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name POWERPNT.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name POWERPNT.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name POWERPNT.EXE -enable EnableRopStackPivot

for PPTVIEW.EXE

set-ProcessMitigation -Name PPTVIEW.EXE -enable Dep
set-ProcessMitigation -Name PPTVIEW.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name PPTVIEW.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name PPTVIEW.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name PPTVIEW.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name PPTVIEW.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name PPTVIEW.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name PPTVIEW.EXE -enable EnableRopStackPivot

for VISIO..EXE

set-ProcessMitigation -Name VISIO..EXE -enable Dep
set-ProcessMitigation -Name VISIO..EXE -enable ForceRelocateImages
set-ProcessMitigation -Name VISIO..EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name VISIO..EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name VISIO..EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name VISIO..EXE -enable EnableRopSimExec
set-ProcessMitigation -Name VISIO..EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name VISIO..EXE -enable EnableRopStackPivot

for VPREVIEW..EXE

set-ProcessMitigation -Name VPREVIEW..EXE -enable Dep
set-ProcessMitigation -Name VPREVIEW..EXE -enable BottomUp
set-ProcessMitigation -Name VPREVIEW..EXE -enable ForceRelocateImages
set-ProcessMitigation -Name VPREVIEW..EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name VPREVIEW..EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name VPREVIEW..EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name VPREVIEW..EXE -enable EnableRopSimExec
set-ProcessMitigation -Name VPREVIEW..EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name VPREVIEW..EXE -enable EnableRopStackPivot

for WINWORD.EXE

set-ProcessMitigation -Name WINWORD.EXE -enable Dep
set-ProcessMitigation -Name WINWORD.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name WINWORD.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name WINWORD.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name WINWORD.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name WINWORD.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name WINWORD.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name WINWORD.EXE -enable EnableRopStackPivot

for WINPROJ.EXE

set-ProcessMitigation -Name WINPROJ.EXE -enable Dep
set-ProcessMitigation -Name WINPROJ.EXE -enable ForceRelocateImages
set-ProcessMitigation -Name WINPROJ.EXE -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name WINPROJ.EXE -enable EnableExportAddressFilter
set-ProcessMitigation -Name WINPROJ.EXE -enable EnableImportAddressFilter
set-ProcessMitigation -Name WINPROJ.EXE -enable EnableRopSimExec
set-ProcessMitigation -Name WINPROJ.EXE -enable EnableRopCallerCheck
set-ProcessMitigation -Name WINPROJ.EXE -enable EnableRopStackPivot

for wmplayer.exe

set-ProcessMitigation -Name wmplayer.exe -enable Dep
set-ProcessMitigation -Name wmplayer.exe -enable EnableRopSimExec
set-ProcessMitigation -Name wmplayer.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name wmplayer.exe -enable EnableRopStackPivot

for wordpad.exe

set-ProcessMitigation -Name wordpad.exe -enable Dep
set-ProcessMitigation -Name wordpad.exe -enable EnableExportAddressFilterPlus
set-ProcessMitigation -Name wordpad.exe -enable EnableExportAddressFilter
set-ProcessMitigation -Name wordpad.exe -enable EnableImportAddressFilter
set-ProcessMitigation -Name wordpad.exe -enable EnableRopSimExec
set-ProcessMitigation -Name wordpad.exe -enable EnableRopCallerCheck
set-ProcessMitigation -Name wordpad.exe -enable EnableRopStackPivot

for chrome.exe

set-ProcessMitigation -Name chrome.exe -enable Dep

for firefox.exe
set-ProcessMitigation -Name firefox.exe -enable Dep
set-ProcessMitigation -Name firefox.exe -enable BottomUp
set-ProcessMitigation -Name firefox.exe -enable ForceRelocateImages



Please reply if any user accepts this tips and give helpfull votes

Thanks

Continue reading...
 
You must log in or register to reply here.

Similar threads

R
Windows 10 WINDOWS DEFENDER EXPLOIT PROTECTION POWERSHELL SCRIPTS TO ENABLE OR DISABLE PROCESS MIGITATION COMPONENTS
Replies
0
Views
54
RAJU.MSC
R
C
Exploit Protection Intune Configuration Issues with Skype
Replies
0
Views
74
Chan_437
C
R
WINDOWS DEFENDER EXPLOIT PROTECTION POWERSHELL SCRIPTS TO ENABLE OR DISABLE PROCESS MIGITATION COMPONENTS
Replies
0
Views
144
RAJU.MSC
R
Back
Top