Privacy and Security Check if Process is using Hardware-enforced Stack Protection in Windows 11


  • Staff
Task_Manager_banner.png

This tutorial will show you how to check if a process is using Hardware-enforced Stack Protection in Windows 10 an Windows 11.

Hardware-enforced Stack Protection offers robust protection against Return Oriented Programming (ROP) exploits since it maintains a record of the intended execution flow of a program.

The Kernel Mode Hardware Enforced Stack Protection security feature is applicable to Windows 11, version 22H2 and above, and provides additional security enhancement for kernel code.

You can use Task Manager to understand the state of enforcement of processes for Hardware-enforced Stack Protection.

Reference:
techcommunity.microsoft.com

Understanding Hardware-enforced Stack Protection

ROP (Return Oriented Programming) based control flow attacks have become a common form of attack. In this post, we will describe our efforts to harden control..
techcommunity.microsoft.com

Here's How:

1 Open Task Manager (Ctrl+Shift+Esc).

2 Open the Details page in Task Manager. (see screenshot below)

Task_Manager_Hardware-enforced_Stack_Protection-1.png

3 Add the Hardware-enforced Stack Protection column to the "Processes" window in Task Manager if not already added. (see screenshot below)

www.elevenforum.com

Add or Remove Columns in Task Manager in Windows 11 Tutorial

This tutorial will show you how to add or remove columns for details in Task Manager for your account in Windows 11. Task Manager can be used to view and manage your processes, performance statistics, app history, startup apps, users, process details, and services in Windows 11. Starting with...
www.elevenforum.com www.elevenforum.com

Task_Manager_Hardware-enforced_Stack_Protection-2.png

4 Look in the Hardware-enforced Stack Protection column to see if each process you want is currently utilizing the Hardware-enforced Stack Protection security feature or not. (see screenshot below)

Disabled = Process is not protected by Hardware-enforced Stack Protection.

Compatible modules only = Compatibility mode. Compatibility mode provides a more flexible enforcement of stacks, at module granularity. When a return address mismatch occurs in this mode, it is checked to see if 1) it is not in an image binary (from dynamic code) or 2) in a module that is not compiled for /CETCOMPAT. If either hold true, the execution is allowed to continue.

All modules = Strict mode. Strictly enforces stack protections and will terminate the process if the intended return address is also not on the stack.


Task_Manager_Hardware-enforced_Stack_Protection-3.png



That's it,
Shawn Brink


Related Tutorials

 

Attachments

  • Task_Manager.png
    Task_Manager.png
    7.6 KB · Views: 51
Last edited:
Click to expand...
Intel (VMX) Virtualization Technology disabled, but
1.jpg
 

My Computer

System One

  • OS
    Microsoft Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI MS-7D98
    CPU
    Intel Core i5-13490F
    Motherboard
    MSI B760 GAMING PLUS WIFI
    Memory
    2 x 16 Patriot Memory (PDP Systems) PSD516G560081
    Graphics Card(s)
    GIGABYTE GeForce RTX 4070 WINDFORCE OC 12G (GV-N4070WF3OC-12GD)
    Sound Card
    Bluetooth Аудио
    Monitor(s) Displays
    INNOCN 15K1F
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD_BLACK SN770 250GB
    KINGSTON SNV2S1000G (ELFK0S.6)
    PSU
    Thermaltake Toughpower GF3 1000W
    Case
    CG560 - DeepCool
    Cooling
    ID-COOLING SE-224-XTS / 2 x 140Mm Fan - rear and top; 3 x 120Mm - front
    Keyboard
    Corsair K70 RGB TKL
    Mouse
    Corsair KATAR PRO XT
    Internet Speed
    100 Mbps
    Browser
    Firefox
    Antivirus
    Microsoft Defender Antivirus
    Other Info
    https://www.userbenchmark.com/UserRun/66553205
Is there a way to disable this completely? I have core isolation / memory integrity, smartscreen, smartapp priority, and windows defender all turned off by the way. I don't need anything related to security

It is very consuming how there are instances of Chrome/Firefox for example saying it is off and other instances says compatible modules only
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m16 R1
    CPU
    AMD Ryzen 9 7945HX
    Motherboard
    Alienware
    Memory
    SK Hynix 64 GB 5200 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 4090 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    16" QHD+ (2560 x 1600) 240Hz, 3ms 300-nits Screen + LG 32GQ850-B 32" UltraGear QHD 240hz Monitor
    Screen Resolution
    QHD (2560x 1440)
    Hard Drives
    2x Samsung 990 PRO 4TB SSDs + WD_BLACK SN770M 2TB SSD
    PSU
    330W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware CherryMX mechanical keyboard (Laptop) + AW510K Mechanical Gaming Keyboard (external)
    Mouse
    Alienware Tri-Mode Wireless Gaming Mouse AW720M
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Antivirus
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
Spartan said:
Is there a way to disable this completely? I have core isolation / memory integrity, smartscreen, smartapp priority, and windows defender all turned off by the way. I don't need anything related to security

It is very consuming how there are instances of Chrome/Firefox for example saying it is off and other instances says compatible modules only
Click to expand...

Hello mate, :-)

Yes, you can disable it below if wanted.

www.elevenforum.com

Enable or Disable Kernel-mode Hardware-enforced Stack Protection in Windows 11 Tutorial

This tutorial will show you how to enable or disable Kernel-mode Hardware-enforced Stack Protection for all users in Windows 11. Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article
Privacy and Security Verify Local Security Authority (LSA) Protection in Windows 11
Replies
0
Views
1K
Brink
Brink
  • Article
Privacy and Security Enable or Disable Kernel-mode Hardware-enforced Stack Protection in Windows 11
Replies
1
Views
30K
Cliff S
Cliff S
  • Article
System Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows 11
Replies
0
Views
2K
Brink
Brink
  • Article
System Find All Dev Drives in Windows 11
Replies
0
Views
1K
Brink
Brink
  • Article
Devices Check If PC Has a Neural Processing Unit (NPU) in Windows 11
Replies
11
Views
3K
Haydon
Haydon
  • Article
Browsers and Mail Enable or Disable Bypass Enhanced Security Mode in Microsoft Edge
Replies
0
Views
3K
Brink
Brink
  • Article
Backup and Restore Add "System Protection and Restore" Context Menu in Windows 11
Replies
18
Views
2K
Wisewiz
Wisewiz

Latest Support Threads

Latest Tutorials

Back
Top Bottom