Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 10
OS Archive
Use Windows 10 build-in (anti)execution options
Message
<blockquote data-quote="Andy Ful" data-source="post: 754422" data-attributes="member: 32260"><p><strong>Access, Excel, Outlook, PowerPoint, Word</strong></p><p></p><p>Windows default system-wide mitigations: <span style="color: rgb(0, 168, 133)"><strong>Control Flow Guard (CFG), DEP (for 64-bit apps), Randomize memory allocations (<em>Bottom</em>-<em>Up ASLR</em>), High entropy ASLR, Validate exception chains (SEHOP), Validate heap integrity.</strong></span></p><p>.</p><p><strong>Microsoft Security BaseLine Windows ver. 1803</strong> (the below per-application mitigations should be activated alongside system-wide): <span style="color: rgb(41, 105, 176)"><strong>DEP (for 32-bit apps), Export address filtering (EAF), Force randomization for images (Mandatory ASLR), Import address filtering (IAF), Simulate Execution (SimExec), Validate API Invocation (CallerCheck), Validate Stack Integrity (StackPivot).</strong></span></p><p>'</p><p><span style="color: rgb(147, 101, 184)"><strong>Do not allow child</strong></span> <span style="color: rgb(147, 101, 184)"><strong>processes</strong></span> is not required (for MS Office) if one uses ASR, although this mitigation is stronger, because the user cannot start printing session (printing is still possible with some trick) and cannot open any other applications from the protected one (Word cannot open an embedded spreadsheet in Excel etc.).</p><p>.</p><p><span style="color: rgb(147, 101, 184)"><strong>Block untrusted fonts</strong></span> mitigation is not required for most users, because in Windows 10, the GDI font parsing is no longer performed in kernel mode but via fontdrvhost.exe, which is running in AppContainer (user mode). Blocking untrusted fonts is the system-wide mitigation, so the fonts are blocked everywhere (PDF viewers, 3rd party web browsers, etc.) - sometimes this can be not convenient (not readable text).</p><p>.</p><p>Other mitigations are also possible, but should be tested on the concrete machine, because some apps integrated with MS Office applications may work improperly.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 754422, member: 32260"] [B]Access, Excel, Outlook, PowerPoint, Word[/B] Windows default system-wide mitigations: [COLOR=rgb(0, 168, 133)][B]Control Flow Guard (CFG), DEP (for 64-bit apps), Randomize memory allocations ([I]Bottom[/I]-[I]Up ASLR[/I]), High entropy ASLR, Validate exception chains (SEHOP), Validate heap integrity.[/B][/COLOR] . [B]Microsoft Security BaseLine Windows ver. 1803[/B] (the below per-application mitigations should be activated alongside system-wide): [COLOR=rgb(41, 105, 176)][B]DEP (for 32-bit apps), Export address filtering (EAF), Force randomization for images (Mandatory ASLR), Import address filtering (IAF), Simulate Execution (SimExec), Validate API Invocation (CallerCheck), Validate Stack Integrity (StackPivot).[/B][/COLOR] ' [COLOR=rgb(147, 101, 184)][B]Do not allow child[/B][/COLOR] [COLOR=rgb(147, 101, 184)][B]processes[/B][/COLOR] is not required (for MS Office) if one uses ASR, although this mitigation is stronger, because the user cannot start printing session (printing is still possible with some trick) and cannot open any other applications from the protected one (Word cannot open an embedded spreadsheet in Excel etc.). . [COLOR=rgb(147, 101, 184)][B]Block untrusted fonts[/B][/COLOR] mitigation is not required for most users, because in Windows 10, the GDI font parsing is no longer performed in kernel mode but via fontdrvhost.exe, which is running in AppContainer (user mode). Blocking untrusted fonts is the system-wide mitigation, so the fonts are blocked everywhere (PDF viewers, 3rd party web browsers, etc.) - sometimes this can be not convenient (not readable text). . Other mitigations are also possible, but should be tested on the concrete machine, because some apps integrated with MS Office applications may work improperly. [/QUOTE]
Insert quotes…
Verification
Post reply
Top