You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/customize-exploit-protection.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -56,7 +56,7 @@ For the associated PowerShell cmdlets for each mitigation, see the [PowerShell r
56
56
|Data Execution Prevention (DEP)|Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation.|System and app-level|No|
57
57
|Force randomization for images (Mandatory ASLR)|Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information.|System and app-level|No|
58
58
|Randomize memory allocations (Bottom-Up ASLR)|Randomizes locations for virtual memory allocations. It includes system structure heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes.|System and app-level|No|
59
-
|Validate exception chains (SEHOP)|Ensures the integrity of an exception chain during an exception dispatch. Only configurable for 32-bit (x86) applications.|System and app-level|No|
59
+
|Validate exception chains (SEHOP)|Ensures the integrity of an exception chain during exception dispatches. Only configurable for 32-bit (x86) applications.|System and app-level|No|
60
60
|Validate heap integrity|Terminates a process when heap corruption is detected.|System and app-level|No|
61
61
|Arbitrary code guard (ACG)|Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell).|App-level only|Yes|
62
62
|Block low integrity images|Prevents the loading of images marked with Low Integrity.|App-level only|Yes|
@@ -67,15 +67,15 @@ For the associated PowerShell cmdlets for each mitigation, see the [PowerShell r
67
67
|Disable Win32k system calls|Prevents an app from using the Win32k system call table.|App-level only|Yes|
68
68
|Don't allow child processes|Prevents an app from creating child processes.|App-level only|Yes|
69
69
|Export address filtering (EAF)|Detects dangerous operations that are resolved by malicious code. Can optionally validate access by modules commonly used by exploits.|App-level only|Yes|
70
-
|Import address filtering (IAF)|Detects dangerous operations that are resolved by malicious code.|App-level only|Yes|
70
+
|Import address filtering (IAF)|Detects dangerous operations that are resolved by a malicious code.|App-level only|Yes|
71
71
|Simulate execution (SimExec)|Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG.|App-level only|Yes|
72
-
|Validate API invocation (CallerCheck)|Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG|App-level only|Yes|
72
+
|Validate API invocation (CallerCheck)|Ensures that legitimate callers invoke sensitive APIs. Only configurable for 32-bit (x86) applications. Not compatible with ACG|App-level only|Yes|
73
73
|Validate handle usage|Causes an exception to be raised on any invalid handle references.|App-level only|No|
74
74
|Validate image dependency integrity|Enforces code signing for Windows image dependency loading.|App-level only|No|
75
75
|Validate stack integrity (StackPivot)|Ensures that the stack hasn't been redirected for sensitive APIs. Not compatible with ACG.|App-level only|Yes|
76
76
77
77
> [!IMPORTANT]
78
-
> If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
78
+
> If you add an app to the **Program settings** section and configure individual mitigation settings there, they'll be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
79
79
>
80
80
> |Enabled in **Program settings**|Enabled in **System settings**|Behavior|
0 commit comments