< Back
Set-ProcessMitigation
Post
NAME Set-ProcessMitigation
SYNOPSIS
Commands to enable and disable process mitigations or set them in bulk from an XML file.
SYNTAX
Set-ProcessMitigation [[-Name] <String>] [-Disable {DEP | DisableATL | SEHOP | ForceRelocate | BottomUpASLR | CFG
| HighEntropyASLR | StrictHandleCheck | AllowThreadOptOut | SystemCallDisable | ExtensionPointDisable |
ProhibitDynamicCode | MicrosoftSignedOnly | StoreSignOnly | FontDisable | AuditNonSystemFonts | NoRemoteImages |
NoLowLabel | PreferSystem32}] [-Enable {DEP | DisableATL | SEHOP | MandatoryASLR | BottomUpASLR | CFG |
HighEntropyASLR | StrictHandleCheck | AllowThreadOptOut | SystemCallDisable | ExtensionPointDisable |
ProhibitDynamicCode | MicrosoftSignedOnly | StoreSignOnly | FontDisable | AuditNonSystemFonts | NoRemoteImages |
NoLowLabel | PreferSystem32}] [<CommonParameters>]
Set-ProcessMitigation -PolicyFilePath <String> [<CommonParameters>]
DESCRIPTION
Used to turn on and off various process mitigation settings. Can also apply an XML file to apply settings for many
processes at once.
PARAMETERS
-Disable <String[]>
Comma separated list of mitigations to disable. Disable list takes priority over enable list. If specified in
both, it will be disabled.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Enable <String[]>
Comma separated list of mitigations to enable. Disable list takes priority over enable list. If specified in
both, it will be disabled.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Name <String>
Name of the process to apply mitigation settings to. Can be in the format "notepad" or "notepad.exe"
Required? false
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-PolicyFilePath <String>
{{Fill PolicyFilePath Description}}
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
OUTPUTS
System.Object
NOTES
Example 1
PS C:\\> set-ProcessMitigation -Name Notepad.exe -Enable SEHOP -Disable MandatoryASLR
Gets the current process mitigation for "notepad.exe" from the registry and then enables SEHOP, and disables
MandatoryASLR.
Example 2
PS C:\\> set-ProcessMitigation -file settings.xml
Applies all settings inside settings.xml
RELATED LINKS
SYNOPSIS
Commands to enable and disable process mitigations or set them in bulk from an XML file.
SYNTAX
Set-ProcessMitigation [[-Name] <String>] [-Disable {DEP | DisableATL | SEHOP | ForceRelocate | BottomUpASLR | CFG
| HighEntropyASLR | StrictHandleCheck | AllowThreadOptOut | SystemCallDisable | ExtensionPointDisable |
ProhibitDynamicCode | MicrosoftSignedOnly | StoreSignOnly | FontDisable | AuditNonSystemFonts | NoRemoteImages |
NoLowLabel | PreferSystem32}] [-Enable {DEP | DisableATL | SEHOP | MandatoryASLR | BottomUpASLR | CFG |
HighEntropyASLR | StrictHandleCheck | AllowThreadOptOut | SystemCallDisable | ExtensionPointDisable |
ProhibitDynamicCode | MicrosoftSignedOnly | StoreSignOnly | FontDisable | AuditNonSystemFonts | NoRemoteImages |
NoLowLabel | PreferSystem32}] [<CommonParameters>]
Set-ProcessMitigation -PolicyFilePath <String> [<CommonParameters>]
DESCRIPTION
Used to turn on and off various process mitigation settings. Can also apply an XML file to apply settings for many
processes at once.
PARAMETERS
-Disable <String[]>
Comma separated list of mitigations to disable. Disable list takes priority over enable list. If specified in
both, it will be disabled.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Enable <String[]>
Comma separated list of mitigations to enable. Disable list takes priority over enable list. If specified in
both, it will be disabled.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Name <String>
Name of the process to apply mitigation settings to. Can be in the format "notepad" or "notepad.exe"
Required? false
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-PolicyFilePath <String>
{{Fill PolicyFilePath Description}}
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
OUTPUTS
System.Object
NOTES
Example 1
PS C:\\> set-ProcessMitigation -Name Notepad.exe -Enable SEHOP -Disable MandatoryASLR
Gets the current process mitigation for "notepad.exe" from the registry and then enables SEHOP, and disables
MandatoryASLR.
Example 2
PS C:\\> set-ProcessMitigation -file settings.xml
Applies all settings inside settings.xml
RELATED LINKS