- Jan 15, 2020
- 9
This is my config.
Mozilla Software, Google Chrome*, Firefox, Chromium “New” Edge*, Adobe Reader (with Protected View enabled) - Chrome.exe, Firefox.exe, Thunderbird.exe, Seamonkey.exe, Msedge.exe, AcroRd32.exe, AcroRd32Info.exe
MicrosoftEdge.exe (Old Microsoft Edge) from @Windows_Security
- ACG (off)*
- BLII (on)
- BRI (on)
- BUF (off)
- CIG (off)* - loading (off) this setting can be turned ON if you use ChromEdge, however don't run it in 3rd party sandbox if you do enable it.
- CFG (on) - Strict (Off)*
- DEP (on) - ATL (on)
- Dextp (on)
- Win32k (off)*
- Child Process (off)
- EAF (off)*
- Mandatory ASLR (on) - Stripped (on)
- IAF (off)*
- BottomUp ASLR (on)
- SimExec (off)*
- CallerCheck (off)*
- SEHOP (on)
- VHU (on)
- VHI (on)
- VIDI (on)
- StackPivot (off)
MicrosoftEdge.exe (Old Microsoft Edge) from @Windows_Security
- Arbitrary code guard (ACG) - ENABLED
- Blow low integrity images - ENABLED
- Block remote images - ENABLED
- Block untrusted fonts
- Code integrity guard - ENABLED (also Microsoft Store)
- Control flow guard (CFG) - ENABLED (enforce strict)
- Data Execution Prevention (DEP) - ENABLED
- Disable extension points - ENABLED
- Disable Win32 system calls
- Do not allow child processes
- Export address filtering (EAF)
- Force randomization for images (Mandatory ASLR) - ENABLED (enable no stripped images)
- Randomize memory allocations (Bottom-Up ASLR) - ENABLED (enable no high entrophy)
- Import address filtering (IAF)
- Simulate execution (SimExec)
- Validate API invocation (CallerCheck)
- Validate exception chains (SEHOP) - ENABLED
- Validate handle usage - ENABLED
- Validate heap integrity - ENABLED
- Validate image dependency integration - ENABLED
- Validate stack integrity (StackPivot)
- Arbitrary code guard (ACG) - ENABLED (important: allow Thread Opt-Out)
- Blow low integrity images - ENABLED
- Block remote images - ENABLED
- Block untrusted fonts
- Code integrity guard - ENABLED (also Microsoft Store)
- Control flow guard (CFG) - ENABLED (important: don't enforce strict)
- Data Execution Prevention (DEP) - ENABLED
- Disable extension points - ENABLED
- Disable Win32 system calls
- Do not allow child processes - ENABLED
- Export address filtering (EAF)
- Force randomization for images (Mandatory ASLR) - ENABLED (enable no stripped images)
- Randomize memory allocations (Bottom-Up ASLR) - ENABLED (enable no high entrophy)
- Import address filtering (IAF)
- Simulate execution (SimExec)
- Validate API invocation (CallerCheck)
- Validate exception chains (SEHOP) - ENABLED
- Validate handle usage - ENABLED
- Validate heap integrity - ENABLED
- Validate image dependency integration - ENABLED
- Validate stack integrity (StackPivot)
- ACG (off)
- BLII (on)
- BRI (on)
- BUF (on)
- CIG (off) - loading (off)
- CFG (on) - Strict (off)
- DEP (on) - ATL (on)
- Dextp (on)
- Win32k (off)
- Child Process (on)
- EAF (on), Validate (on)
- Mandatory ASLR (on) - Stripped (on)
- IAF (on)
- BottomUp ASLR (on) - High entropy (on)
- SimExec (on)
- CallerCheck (on)
- SEHOP (on)
- VHU (on)
- VHI (on)
- VIDI (on)
- StackPivot (on)
- ACG (on)
- BLII (on)
- BRI (on)
- BUF (on)
- CIG (off) - loading (off)
- CFG (on) - Strict (off)
- DEP (on) - ATL (on)
- Dextp (on)
- Win32k (off)
- Child Process (on)
- EAF (on), Validate (on)
- Mandatory ASLR (on) - Stripped (on)
- IAF (on)
- BottomUp ASLR (on) - High entropy (on)
- SimExec (on)
- CallerCheck (on)
- SEHOP (on)
- VHU (on)
- VHI (on)
- VIDI (on)
- StackPivot (on)
- ACG (off)
- BLII (on)
- BRI (on)
- BUF (off)
- CIG (on) - loading (on)
- CFG (on) - Strict (off)
- DEP (on) - ATL (on)
- Dextp (on)
- Win32k (off)
- Child Process (on)
- EAF (off)
- Mandatory ASLR (on)
- IAF (off)
- BottomUp ASLR (on)
- SimExec (off)
- CallerCheck (off)
- SEHOP (on)
- VHU (off)
- VHI (on)
- VIDI (on)
- StackPivot (off)