Windows 10 Redstone 3 IAF/EAF

Discussion on reverse-engineering and debugging.
Post Reply
User avatar
zerosum0x0
Posts: 11
Joined: Fri Mar 31, 2017 1:52 pm
Location: USA

Windows 10 Redstone 3 IAF/EAF

Post by zerosum0x0 » Mon Jun 26, 2017 6:08 am

Windows 10 Redstone 3 adds the following to EPROCESS:

Code: Select all

   +0x82c MitigationFlags2Values : <unnamed-tag>
      +0x000 EnableExportAddressFilter : Pos 0, 1 Bit
      +0x000 AuditExportAddressFilter : Pos 1, 1 Bit
      +0x000 EnableExportAddressFilterPlus : Pos 2, 1 Bit
      +0x000 AuditExportAddressFilterPlus : Pos 3, 1 Bit
      +0x000 EnableRopStackPivot : Pos 4, 1 Bit
      +0x000 AuditRopStackPivot : Pos 5, 1 Bit
      +0x000 EnableRopCallerCheck : Pos 6, 1 Bit
      +0x000 AuditRopCallerCheck : Pos 7, 1 Bit
      +0x000 EnableRopSimExec : Pos 8, 1 Bit
      +0x000 AuditRopSimExec  : Pos 9, 1 Bit
      +0x000 EnableImportAddressFilter : Pos 10, 1 Bit
      +0x000 AuditImportAddressFilter : Pos 11, 1 Bit
How to enable these?

User avatar
zerosum0x0
Posts: 11
Joined: Fri Mar 31, 2017 1:52 pm
Location: USA

Re: Windows 10 Redstone 3 IAF/EAF

Post by zerosum0x0 » Wed Jun 28, 2017 12:41 am

They added this today: https://blogs.technet.microsoft.com/mmp ... rs-update/

Looks like you can set these and other settings in a new "Windows Defender Security Center" panel.

User avatar
FakeAVHunter
Posts: 95
Joined: Thu Feb 01, 2018 6:20 pm
Location: Romania
Contact:

Re: Windows 10 Redstone 3 IAF/EAF

Post by FakeAVHunter » Sun Feb 04, 2018 4:02 pm

I Like Windows 10 Redstone :D

Post Reply