Update-SophosEndpointExploitMitigationExclusion
SYNOPSIS
Update Exploit Mitigation settings for an application
SYNTAX
Update-SophosEndpointExploitMitigationExclusion [-Token] <String> [-TenantId] <String> [-ApiHost] <String>
[-MitigationId] <String> [-ExclusionPaths] <Array> [-IsProtected] [-ASLR] [-BannedAPI] [-BottomUpASLR] [-DEP]
[-HeapSpray] [-IAF] [-Intruder] [-KbdGuard] [-LoadLib] [-LockdownAutorun] [-LockdowNewFile] [-NullCheck]
[-SEHOP] [-Caller] [-StackExec] [-StackPivot] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm]
[<CommonParameters>]
DESCRIPTION
Update Exploit Mitigation settings for an application
EXAMPLES
EXAMPLE 1
$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx"
PS>$partnerId = Get-SophosPartnerId -Token $token
PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'}
PS>$exclusions = Get-SophosEndpointExploitMitigationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"}
PS>$params = @{
Token = "$token"
TenantId = "$tenant.id"
ApiHost = "$tenant.apiHost"
paths= @(
"$programFiles/FooApp/foo.exe"
)
modifications= @{
protected= $true
settings= @{
ASLR= $true
BannedAPI= $true
BottomUpASLR= $true
DEP= $true
HeapSpray= $false
IAF= $true
Intruder= $false
KbdGuard= $false
LoadLib= $false
LockdownAutorun= $true
LockdownNewFile= $true
NullCheck= $true
SEHOP= $true
Caller= $true
StackExec= $true
StackPivot= $true
}
}
}
PS>Update-SophosEndpointExploitMitigationExclusion @params
PARAMETERS
-Token
JWT token from oauth API
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-TenantId
Tenant ID
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ApiHost
API host location URL of the tenant
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-MitigationId
target mitigation ID
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ExclusionPaths
Array of paths to be excluded
Type: Array
Parameter Sets: (All)
Aliases:
Required: True
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-IsProtected
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-ASLR
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-BannedAPI
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-BottomUpASLR
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-DEP
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-HeapSpray
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-IAF
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Intruder
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-KbdGuard
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-LoadLib
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-LockdownAutorun
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-LockdowNewFile
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-NullCheck
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-SEHOP
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Caller
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-StackExec
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-StackPivot
Bool
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ProgressAction
{{ Fill ProgressAction Description }}
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.