Error setting certain Windows Defender settings on Windows Server 2019 Standard RRS feed

  • Question

  • Running the following cmdlet on a Setting that is in the "NOTSET" state works fine, after setting it to Enable/Disable using the following powershell cmdlet:

    Set-ProcessMitigation -System -Enable SEHOP

    I get this error:

    Set-ProcessMitigation : Destination array was not long enough. Check destIndex and length, and the array's lower
    At line:1 char:1
    + Set-ProcessMitigation -System -Enable SEHOP
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Set-ProcessMitigation], ArgumentException
        + FullyQualifiedErrorId : System.ArgumentException,Microsoft.Samples.PowerShell.Commands.SetProcessMitigationsComm

    and I am unable to ever change the setting again using PowerShell commands. The same process works without issue on Windows 10, the issue only seems to exist on Server 2019. Changing the setting using the Windows Security GUI works as expected.

    For other controls, such as DEP, CFG,  I still get the error, but the command applies the new setting properly anyway. So far SEHOP is the only setting that is unchangeable, but there may be others as we haven't tested extensively yet. It fails for both System and App level settings.

    Wednesday, October 2, 2019 8:33 PM