Page 1 of 1

Windows 10 Redstone 3 IAF/EAF

PostPosted:Mon Jun 26, 2017 6:08 am
by zerosum0x0
Windows 10 Redstone 3 adds the following to EPROCESS:
Code: Select all
   +0x82c MitigationFlags2Values : <unnamed-tag>
      +0x000 EnableExportAddressFilter : Pos 0, 1 Bit
      +0x000 AuditExportAddressFilter : Pos 1, 1 Bit
      +0x000 EnableExportAddressFilterPlus : Pos 2, 1 Bit
      +0x000 AuditExportAddressFilterPlus : Pos 3, 1 Bit
      +0x000 EnableRopStackPivot : Pos 4, 1 Bit
      +0x000 AuditRopStackPivot : Pos 5, 1 Bit
      +0x000 EnableRopCallerCheck : Pos 6, 1 Bit
      +0x000 AuditRopCallerCheck : Pos 7, 1 Bit
      +0x000 EnableRopSimExec : Pos 8, 1 Bit
      +0x000 AuditRopSimExec  : Pos 9, 1 Bit
      +0x000 EnableImportAddressFilter : Pos 10, 1 Bit
      +0x000 AuditImportAddressFilter : Pos 11, 1 Bit
How to enable these?

Re: Windows 10 Redstone 3 IAF/EAF

PostPosted:Wed Jun 28, 2017 12:41 am
by zerosum0x0
They added this today: https://blogs.technet.microsoft.com/mmp ... rs-update/

Looks like you can set these and other settings in a new "Windows Defender Security Center" panel.

Re: Windows 10 Redstone 3 IAF/EAF

PostPosted:Sun Feb 04, 2018 4:02 pm
by FakeAVHunter
I Like Windows 10 Redstone :D