Resources/ExploitProtections/Settings.xml
|
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy> <SystemConfig> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </SystemConfig> <AppConfig Executable="Acrobat.exe"> <ASLR ForceRelocateImages="true" RequireInfo="true" /> <StrictHandle Enable="true" /> <SignedBinaries EnforceModuleDependencySigning="true" /> <Fonts DisableNonSystemFonts="true" AuditOnly="false" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> <UserShadowStack UserShadowStack="true" UserShadowStackStrictMode="false" /> </AppConfig> <AppConfig Executable="AppControlManager.exe"> <Fonts DisableNonSystemFonts="true" AuditOnly="false" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <Payload EnableExportAddressFilter="true" EnableExportAddressFilterPlus="true" EnableImportAddressFilter="true" EnableRopStackPivot="true" EnableRopCallerCheck="true" /> <UserShadowStack UserShadowStack="true" UserShadowStackStrictMode="true" /> </AppConfig> <AppConfig Executable="csrss.exe"> <ImageLoad BlockRemoteImageLoads="true" /> </AppConfig> <AppConfig Executable="EXCEL.EXE"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> <AppConfig Executable="explorer.exe"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> </AppConfig> <AppConfig Executable="ExtExport.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="HardenSystemSecurity.exe"> <Fonts DisableNonSystemFonts="true" AuditOnly="false" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <Payload EnableExportAddressFilter="true" EnableExportAddressFilterPlus="true" EnableImportAddressFilter="true" EnableRopStackPivot="true" EnableRopCallerCheck="true" /> <UserShadowStack UserShadowStack="true" UserShadowStackStrictMode="true" /> </AppConfig> <AppConfig Executable="ie4uinit.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="ieinstal.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="ielowutil.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="ieUnatt.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="iexplore.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="LSASS.exe"> <ExtensionPoints DisableExtensionPoints="true" /> <DynamicCode BlockDynamicCode="true" AllowThreadsToOptOut="false" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" /> <ImageLoad BlockRemoteImageLoads="true" /> <ChildProcess DisallowChildProcessCreation="true" /> </AppConfig> <AppConfig Executable="MSACCESS.EXE"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> <AppConfig Executable="mscorsvw.exe"> <ExtensionPoints DisableExtensionPoints="true" /> </AppConfig> <AppConfig Executable="msedge.exe"> <ExtensionPoints DisableExtensionPoints="true" /> <ControlFlowGuard Enable="true" SuppressExports="false" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <UserShadowStack UserShadowStack="true" UserShadowStackStrictMode="true" /> </AppConfig> <AppConfig Executable="msedgewebview2.exe"> <ExtensionPoints DisableExtensionPoints="true" /> <ControlFlowGuard Enable="true" SuppressExports="false" StrictControlFlowGuard="true" /> <SignedBinaries EnforceModuleDependencySigning="true" /> </AppConfig> <AppConfig Executable="msfeedssync.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="mshta.exe"> <ASLR ForceRelocateImages="true" RequireInfo="false" /> </AppConfig> <AppConfig Executable="MSPUB.EXE"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> <AppConfig Executable="MsSense.exe"> <StrictHandle Enable="true" /> <SEHOP Enable="true" TelemetryOnly="false" /> </AppConfig> <AppConfig Executable="ngen.exe"> <ExtensionPoints DisableExtensionPoints="true" /> </AppConfig> <AppConfig Executable="ngentask.exe"> <ExtensionPoints DisableExtensionPoints="true" /> </AppConfig> <AppConfig Executable="NisSrv.exe"> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" /> </AppConfig> <AppConfig Executable="OneDrive.exe"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> <AppConfig Executable="ONENOTE.EXE"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> <AppConfig Executable="OUTLOOK.EXE"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> <AppConfig Executable="POWERPNT.EXE"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> <AppConfig Executable="PresentationHost.exe"> <DEP Enable="true" EmulateAtlThunks="false" /> <ASLR ForceRelocateImages="true" RequireInfo="false" BottomUp="true" HighEntropy="true" /> <SEHOP Enable="true" TelemetryOnly="false" /> <Heap TerminateOnError="true" /> </AppConfig> <AppConfig Executable="QuantumRelayHSS.exe"> <DynamicCode BlockDynamicCode="true" AllowThreadsToOptOut="false" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" /> <Fonts DisableNonSystemFonts="true" AuditOnly="false" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <Payload EnableExportAddressFilter="true" EnableExportAddressFilterPlus="true" EnableImportAddressFilter="true" EnableRopStackPivot="true" EnableRopCallerCheck="true" /> <UserShadowStack UserShadowStack="true" UserShadowStackStrictMode="true" /> </AppConfig> <AppConfig Executable="QuickAssist.exe"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <DynamicCode BlockDynamicCode="true" AllowThreadsToOptOut="false" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Fonts DisableNonSystemFonts="true" AuditOnly="false" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <Payload EnableExportAddressFilter="true" EnableExportAddressFilterPlus="true" EnableImportAddressFilter="true" EnableRopStackPivot="true" EnableRopCallerCheck="true" /> <UserShadowStack UserShadowStack="true" UserShadowStackStrictMode="true" /> </AppConfig> <AppConfig Executable="Regsvr32.exe"> <ImageLoad BlockLowLabelImageLoads="true" /> </AppConfig> <AppConfig Executable="rundll32.exe"> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> </AppConfig> <AppConfig Executable="runtimebroker.exe"> <ExtensionPoints DisableExtensionPoints="true" /> <ControlFlowGuard Enable="true" SuppressExports="false" StrictControlFlowGuard="true" /> <SignedBinaries EnforceModuleDependencySigning="true" /> </AppConfig> <AppConfig Executable="services.exe"> <ImageLoad BlockRemoteImageLoads="true" /> </AppConfig> <AppConfig Executable="SmartScreen.exe"> <ExtensionPoints DisableExtensionPoints="true" /> <ControlFlowGuard Enable="true" SuppressExports="false" StrictControlFlowGuard="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" /> </AppConfig> <AppConfig Executable="SMSS.exe"> <ImageLoad BlockRemoteImageLoads="true" /> </AppConfig> <AppConfig Executable="SystemSettings.exe"> <ExtensionPoints DisableExtensionPoints="true" /> </AppConfig> <AppConfig Executable="vmcompute.exe"> <ControlFlowGuard Enable="true" SuppressExports="false" StrictControlFlowGuard="true" /> </AppConfig> <AppConfig Executable="vmwp.exe"> <ControlFlowGuard Enable="true" SuppressExports="false" StrictControlFlowGuard="true" /> </AppConfig> <AppConfig Executable="WindowsSandbox.exe"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <ControlFlowGuard Enable="true" SuppressExports="false" StrictControlFlowGuard="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="true" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <Payload EnableExportAddressFilter="true" EnableExportAddressFilterPlus="true" /> </AppConfig> <AppConfig Executable="WindowsSandboxClient.exe"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <ControlFlowGuard Enable="true" SuppressExports="false" StrictControlFlowGuard="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="true" /> <ImageLoad BlockRemoteImageLoads="true" BlockLowLabelImageLoads="true" /> <Payload EnableExportAddressFilter="true" EnableExportAddressFilterPlus="true" /> </AppConfig> <AppConfig Executable="Wininit.exe"> <ImageLoad BlockRemoteImageLoads="true" /> </AppConfig> <AppConfig Executable="WINWORD.EXE"> <StrictHandle Enable="true" /> <ExtensionPoints DisableExtensionPoints="true" /> <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="true" EnforceModuleDependencySigning="true" /> <Payload EnableRopStackPivot="true" EnableRopCallerCheck="true" /> </AppConfig> </MitigationPolicy> |