example/minimal/netlogon/ExploitProtection/WS19_MemberServer_DOD_EP_V3.xml
|
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy> <AppConfig Executable="ONEDRIVE.EXE"> <DEP OverrideDEP="false" /> <ASLR OverrideRelocateImages="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> <ImageLoad OverrideBlockRemoteImages="false" /> </AppConfig> <AppConfig Executable="firefox.exe"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> </AppConfig> <AppConfig Executable="fltldr.exe"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> <ImageLoad OverrideBlockRemoteImages="false" /> <ChildProcess OverrideChildProcess="false" /> </AppConfig> <AppConfig Executable="GROOVE.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> <ImageLoad OverrideBlockRemoteImages="false" /> <ChildProcess OverrideChildProcess="false" /> </AppConfig> <AppConfig Executable="Acrobat.exe"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="AcroRd32.exe"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="chrome.exe"> <DEP OverrideDEP="false" /> </AppConfig> <AppConfig Executable="EXCEL.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="iexplore.exe"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="INFOPATH.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="java.exe"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="javaw.exe"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="javaws.exe"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="LYNC.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="MSACCESS.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="MSPUB.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="OIS.EXE"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="OUTLOOK.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="plugin-container.exe"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="POWERPNT.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="PPTVIEW.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="VISIO.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="VPREVIEW.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="WINWORD.EXE"> <DEP OverrideDEP="false" /> <ASLR ForceRelocateImages="true" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="wmplayer.exe"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> <AppConfig Executable="wordpad.exe"> <DEP OverrideDEP="false" /> <Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" /> </AppConfig> </MitigationPolicy> |