Configuring the Process Exploit Mitigation for File Access Manager Services

Part of the higher security settings involve configuring the Process Exploit Mitigation settings in Windows Defender for the File Access Manager Services, with the following settings enabled:

Component

Setting

Location

Control Flow Guard (CFG)

on (default)

System setting

DEP

on (default)

System setting

Randomize memory allocations (Bottom-Up ASLR)

on (default)

System setting

Export Address Filtering (EAF)

on (This requires manual configuration per service)

Program settings

Import Address Filtering (IAF)

on (This requires manual configuration per service)

Program settings

The system settings should be kept in the default values. Please verify that these settings above are in fact set in the Windows Exploit Protection Settings under the system tab.

The program settings can be updated using a script which is part of the File Access Manager deployment package, or manually in the Process Exploit Mitigation tool. Both methods are described below,

Configuring the Program Settings Using FAM.Exploit.protection.Settings.xml Script

You can enable the recommended security settings for File Access Manager using the file FAM.Exploit.protection.Settings.xml from in the installation folder.

To apply the settings, run the command below in an elevated PowerShell window:

Set-ProcessMitigation -PolicyFilePath “Full path to FAM.Exploit.protection.Settings.xml

This script lists the File Access Manager to update, and configures the permissions per service.

For these settings to take effect, the services have to be restarted.

Configuring the Program Settings Using the Windows Defender Settings Tool

If you can’t run the script described above, or want to see what’s happening under the hood - the recommended security settings for File Access Manager can be changed manually in the Windows Defender Settings tool, as described below:

  1. On the Windows server, open the Windows Defender Settings .

  2. Click App & Browser Control.

  3. Click Exploit Protection Settings.

  4. Click Program Settings tab.

  5. For each of the File Access Manager services:

    1. Click + Add program to customize to open the parameters panel.

    2. Set the EAF and IAF to on.

  6. Click Apply to save the changes.

  7. Restart all the services modified, or reboot the server.