Skip to content

Update-SophosEndpointExploitMitigationExclusion

SYNOPSIS

Update Exploit Mitigation settings for an application

SYNTAX

Update-SophosEndpointExploitMitigationExclusion [-Token] <String> [-TenantId] <String> [-ApiHost] <String>
 [-MitigationId] <String> [-ExclusionPaths] <Array> [-IsProtected] [-ASLR] [-BannedAPI] [-BottomUpASLR] [-DEP]
 [-HeapSpray] [-IAF] [-Intruder] [-KbdGuard] [-LoadLib] [-LockdownAutorun] [-LockdowNewFile] [-NullCheck]
 [-SEHOP] [-Caller] [-StackExec] [-StackPivot] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm]
 [<CommonParameters>]

DESCRIPTION

Update Exploit Mitigation settings for an application

EXAMPLES

EXAMPLE 1

$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx"
PS>$partnerId = Get-SophosPartnerId -Token $token
PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'}
PS>$exclusions = Get-SophosEndpointExploitMitigationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"}
PS>$params = @{
    Token = "$token"
    TenantId = "$tenant.id"
    ApiHost = "$tenant.apiHost"
    paths= @(
        "$programFiles/FooApp/foo.exe"
    )
    modifications= @{
        protected= $true
        settings= @{
        ASLR= $true
        BannedAPI= $true
        BottomUpASLR= $true
        DEP= $true
        HeapSpray= $false
        IAF= $true
        Intruder= $false
        KbdGuard= $false
        LoadLib= $false
        LockdownAutorun= $true
        LockdownNewFile= $true
        NullCheck= $true
        SEHOP= $true
        Caller= $true
        StackExec= $true
        StackPivot= $true
        }
    }
    }
PS>Update-SophosEndpointExploitMitigationExclusion @params

PARAMETERS

-Token

JWT token from oauth API

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-TenantId

Tenant ID

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApiHost

API host location URL of the tenant

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MitigationId

target mitigation ID

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ExclusionPaths

Array of paths to be excluded

Type: Array
Parameter Sets: (All)
Aliases:

Required: True
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsProtected

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ASLR

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-BannedAPI

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-BottomUpASLR

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-DEP

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-HeapSpray

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-IAF

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Intruder

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-KbdGuard

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-LoadLib

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-LockdownAutorun

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-LockdowNewFile

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-NullCheck

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-SEHOP

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Caller

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-StackExec

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-StackPivot

Bool

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

{{ Fill ProgressAction Description }}

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES