Error setting certain Windows Defender settings on Windows Server 2019 Standard RRS feed

  • Question

  • Running the following cmdlet on a Setting that is in the "NOTSET" state works fine, after setting it to Enable/Disable using the following powershell cmdlet:

    Set-ProcessMitigation -System -Enable SEHOP

    I get this error:

    Set-ProcessMitigation : Destination array was not long enough. Check destIndex and length, and the array's lower
    At line:1 char:1
    + Set-ProcessMitigation -System -Enable SEHOP
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Set-ProcessMitigation], ArgumentException
        + FullyQualifiedErrorId : System.ArgumentException,Microsoft.Samples.PowerShell.Commands.SetProcessMitigationsComm

    and I am unable to ever change the setting again using PowerShell commands. The same process works without issue on Windows 10, the issue only seems to exist on Server 2019. Changing the setting using the Windows Security GUI works as expected.

    For other controls, such as DEP, CFG,  I still get the error, but the command applies the new setting properly anyway. So far SEHOP is the only setting that is unchangeable, but there may be others as we haven't tested extensively yet. It fails for both System and App level settings.

    • Moved by jrv Tuesday, October 15, 2019 8:42 PM Correct forum
    Wednesday, September 25, 2019 1:44 PM

All replies

  • You might do better posting in the Security forum as this module is their module and is specific to the mitigation toolkit.


    Wednesday, September 25, 2019 7:38 PM
  • Any chance you could poke someone over there, because it's been sitting unanswered and unacknowledged for three weeks now.


    Tuesday, October 15, 2019 8:40 PM