I've got the Windows 10 Home version so sadly no proper application guard.
Exploit wise, II still use
@oldschool 's setup he got from @umbra originally:
Exploit Protection settings for browsers (thanks to @Umbra). These have broken anything yet, e.g. extensions crashing.
- for Brave, Edge and Firefox:
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON
ADD for Edge Chromium only: Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
________________________________
Mind you, I've been tinkering with other setups and testing out CIS with Firefox and Thunderbird rather than using everything Microsoft tells me to do. I'd love to see some recommended exploint tweaks done via Hard_configurator.