Written in the style of checksec.sh for Linux. Check-Security is a simpler view of the current state of the exploit mitigation settings on your machine.
Microsoft deprecated EMET and added that exploit mitigation functionality, now called Windows Defender Exploit Guard, into Windows 10.
In response to this, I plan on writing a tool that helps defensive teams enumerate the exploit mitigations available and enabled on their Windows devices so they can better understand their exploitation landscape and how useless the technologies are that bad vendors are selling.
— Julian Cohen (@HockeyInJune) December 8, 2018
Run Check-Security with the same parameters you would use with Get-ProcessMitigation.
Run without parameters to system defaults.
.\Check-Security.ps1
Run with parameters like this to get settings for specific processes.
.\Check-Security.ps1 -Name iexplore.exe
For each exploit mitigation Check-Security will output "On", "Off", "On (default)", "Off (default)", or "Unexpected value!".
Category:
Specific Mitigation (More details or Abbreviation) [CmdletName]: Result
You can use the CmdletName to change the exploit mitigation settings with Set-ProcessMitigation.
Set-ProcessMitigation -System -Enable CmdletName
