The two options "Use default (On)" and "On by default" represent how many different settings:
-
-
This blog outlines the scenario that led me to this discovery: https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html … WIBU-protected code may not receive ASLR randomization. However mandatory ASLR will still work. The thing is, unless you have bottom-up randomization set to "On by default", you're still SOL.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks for pointing this out, I didn't realize this. I switched them all over to "On by default". Things I noticed so far: 1) Windows Defender Application Guard (WDAG) will not launch with Control Flow Guard set to "On by default". 2) With one of these set to "On by default", ...
-
Yeah, not all software will be happy with all exploit mitigations truly enabled ("On by default") globally. I suspect that this would require some testing to see what features will be viable with your configuration. "Program settings" gives you granular app-specific settings.
End of conversation
New conversation -
-
-
Yeah, that bit of phraseology in the WDEG UI has to be confusing as heck to someone just using Windows exploit protections for the first time. (Coming from having used the EMET UI quite a bit definitely helps a lot. Although still not really "clear" even then.)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.