Solved exploit and mitigation security settings


shoober420

shoober420

Well-known member
Member
VIP
Local time
10:58 PM
Posts
231
OS
Windows 11 27965
ive found sound rather odd behavior when running "Set-Processmitigation" commands. for example, when running:

Code: 
Set-Processmitigation -System -Disable StrictCFG

going to Windows Security > App & browser control > Exploit protection > Exploit protection settings will show not only CFG being enabled, but it also enables DEP and SEHOP.

another example, when running:

Code: 
Set-Processmitigation -System -Disable CFG

it does turn off CFG, but enables the formentioned DEP and SEHOP. this is when all exploit protection options were set to "Off by default" prior. does anyone know whats going on here and how to fix this so disabling the settings using this method doesnt effect other exploit options?
 
Windows Build/Version
Windows 11 27808

My Computer

System One

  • OS
    Windows 11 27965
    Computer type
    PC/Desktop
    CPU
    Intel i7 7700 @4.0ghz
    Memory
    64gb DDR4
    Graphics Card(s)
    Radeon RX 5500 XT
    Sound Card
    Topping D50s
    Hard Drives
    NVMe
    PSU
    Corsair
    Keyboard
    Stelseries G6v2
    Mouse
    Zowie EC2
    Other Info
    https://www.youtube.com/shoober420
I don't dabble in Process Mitigation, but -System (System-level) policy != App-level policy.
 

My Computer

System One

  • OS
    Windows 7
because windows, i apparently had to specify all the mitigations in the specific order shown on:

learn.microsoft.com

Set-ProcessMitigation (ProcessMitigations)

Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
learn.microsoft.com

if i put them in a different order, it would produce the same behavior as doing them seperately as i had them before

github.com

windows11-scripts/SecuritySettings.bat at main · shoober420/windows11-scripts

Windows 11 Scripts. Contribute to shoober420/windows11-scripts development by creating an account on GitHub.
github.com github.com
 

My Computer

System One

  • OS
    Windows 11 27965
    Computer type
    PC/Desktop
    CPU
    Intel i7 7700 @4.0ghz
    Memory
    64gb DDR4
    Graphics Card(s)
    Radeon RX 5500 XT
    Sound Card
    Topping D50s
    Hard Drives
    NVMe
    PSU
    Corsair
    Keyboard
    Stelseries G6v2
    Mouse
    Zowie EC2
    Other Info
    https://www.youtube.com/shoober420
You must log in or register to reply here.

Similar threads

About device security settings
2 3
Replies
55
Views
2K
zbook
Z
  • Article Article
New Common Log File System (CLFS) Authentication Mitigation for Windows 11 (25H2)
Replies
0
Views
610
Brink
Brink
  • Article Article
Solved Admin protection: Hardening security
Replies
1
Views
2K
andrew129260
andrew129260
  • Article Article
Insider Microsoft releasing security mitigation for Common Log Filesystem (CLFS) to Windows 11 Insiders
Replies
0
Views
804
Brink
Brink
  • Article Article
Performing Mitigations for BlackLotus UEFI Bootkit
Replies
12
Views
6K
hsehestedt
hsehestedt

Latest Support Threads

Latest Tutorials

Back
Top Bottom