DSCResources/ProcessMitigation/ProcessMitigation.schema.mof
[ClassVersion("1.0.0.0"), FriendlyName("ProcessMitigation")] class ProcessMitigation : OMI_BaseResource { [Key, Description("Name of the process to apply mitigation settings to. Use System to configure system defaults rather than individual app")] String MitigationTarget; [Key, Description("Type of mitigation setting"),ValueMap{"ControlFlowGuard","SystemCalls","StrictHandle","DynamicCode","PayLoad","ASLR","Heap","Fonts","SignedBinaries","ImageLoad","SEHOP","ExtensionPoints","DEP","ChildProcess"}, Values{"ControlFlowGuard","SystemCalls","StrictHandle","DynamicCode","PayLoad","ASLR","Heap","Fonts","SignedBinaries","ImageLoad","SEHOP","ExtensionPoints","DEP","ChildProcess"}] String MitigationType; [Key, Description("Mitigation Name"),ValueMap{"HighEntropy","OverrideHighEntropy","BottomUp","OverrideForceRelocateImages","RequireInfo","ForceRelocateImages","OverrideBottomUp","AllowStoreSignedBinaries","AuditMicrosoftSignedOnly","OverrideMicrosoftSignedOnly","AuditEnforceModuleDependencySigning","AuditStoreSigned","OverrideDependencySigning","MicrosoftSignedOnly","EnforceModuleDependencySigning","StrictControlFlowGuard","OverrideCFG","OverrideStrictCFG","Enable","SuppressExports","OverrideChildProcess","DisallowChildProcessCreation","Audit","EmulateAtlThunks","OverrideDEP","OverrideDynamicCode","BlockDynamicCode","AllowThreadsToOptOut","DisableExtensionPoints","OverrideExtensionPoint","OverrideFontDisable","DisableNonSystemFonts","TerminateOnError","OverrideHeap","OverrideBlockLowLabel","OverridePreferSystem32","OverrideBlockRemoteImageLoads","AuditPreferSystem32","PreferSystem32","AuditLowLabelImageLoads","BlockLowLabelImageLoads","AuditRemoteImageLoads","BlockRemoteImageLoads","EAFModules","AuditEnableExportAddressFilterPlus","EnableRopStackPivot","EnableExportAddressFilter","OverrideEnableRopStackPivot","AuditEnableRopCallerCheck","OverrideEnableRopCallerCheck","AuditEnableRopStackPivot","OverrideEnableImportAddressFilter","OverrideEnableExportAddressFilter","EnableExportAddressFilterPlus","AuditEnableRopSimExec","AuditEnableImportAddressFilter","OverrideEnableRopSimExec","EnableRopCallerCheck","AuditEnableExportAddressFilter","EnableRopSimExec","EnableImportAddressFilter","OverrideEnableExportAddressFilterPlus","TelemetryOnly","OverrideSEHOP","OverrideStrictHandle","DisableWin32kSystemCalls","OverrideSystemCall"},Values{"HighEntropy","OverrideHighEntropy","BottomUp","OverrideForceRelocateImages","RequireInfo","ForceRelocateImages","OverrideBottomUp","AllowStoreSignedBinaries","AuditMicrosoftSignedOnly","OverrideMicrosoftSignedOnly","AuditEnforceModuleDependencySigning","AuditStoreSigned","OverrideDependencySigning","MicrosoftSignedOnly","EnforceModuleDependencySigning","StrictControlFlowGuard","OverrideCFG","OverrideStrictCFG","Enable","SuppressExports","OverrideChildProcess","DisallowChildProcessCreation","Audit","EmulateAtlThunks","OverrideDEP","OverrideDynamicCode","BlockDynamicCode","AllowThreadsToOptOut","DisableExtensionPoints","OverrideExtensionPoint","OverrideFontDisable","DisableNonSystemFonts","TerminateOnError","OverrideHeap","OverrideBlockLowLabel","OverridePreferSystem32","OverrideBlockRemoteImageLoads","AuditPreferSystem32","PreferSystem32","AuditLowLabelImageLoads","BlockLowLabelImageLoads","AuditRemoteImageLoads","BlockRemoteImageLoads","EAFModules","AuditEnableExportAddressFilterPlus","EnableRopStackPivot","EnableExportAddressFilter","OverrideEnableRopStackPivot","AuditEnableRopCallerCheck","OverrideEnableRopCallerCheck","AuditEnableRopStackPivot","OverrideEnableImportAddressFilter","OverrideEnableExportAddressFilter","EnableExportAddressFilterPlus","AuditEnableRopSimExec","AuditEnableImportAddressFilter","OverrideEnableRopSimExec","EnableRopCallerCheck","AuditEnableExportAddressFilter","EnableRopSimExec","EnableImportAddressFilter","OverrideEnableExportAddressFilterPlus","TelemetryOnly","OverrideSEHOP","OverrideStrictHandle","DisableWin32kSystemCalls","OverrideSystemCall"}] String MitigationName; [Key, Description("Mitigation Value"),ValueMap{"true","false"}, Values{"true","false"}] String MitigationValue; }; |