deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update exploit-protection-reference.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2021-01-06 18:27:05 -08:00
parent 15da08b047
commit 13afd5971a
1 changed files with 68 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
View File

@ -488,40 +488,40 @@ Simulate execution (SimExec) is a mitigation for 32-bit applications only. This
The APIs intercepted by this mitigation are: The APIs intercepted by this mitigation are:
- LoadLibraryA - `LoadLibraryA`
- LoadLibraryW - `LoadLibraryW`
- LoadLibraryExA - `LoadLibraryExA`
- LoadLibraryExW - `LoadLibraryExW`
- LdrLoadDll - `LdrLoadDll`
- VirtualAlloc - `VirtualAlloc`
- VirtualAllocEx - `VirtualAllocEx`
- NtAllocateVirtualMemory - `NtAllocateVirtualMemory`
- VirtualProtect - `VirtualProtect`
- VirtualProtectEx - `VirtualProtectEx`
- NtProtectVirtualMemory - `NtProtectVirtualMemory`
- HeapCreate - `HeapCreate`
- RtlCreateHeap - `RtlCreateHeap`
- CreateProcessA - `CreateProcessA`
- CreateProcessW - `CreateProcessW`
- CreateProcessInternalA - `CreateProcessInternalA`
- CreateProcessInternalW - `CreateProcessInternalW`
- NtCreateUserProcess - `NtCreateUserProcess`
- NtCreateProcess - `NtCreateProcess`
- NtCreateProcessEx - `NtCreateProcessEx`
- CreateRemoteThread - `CreateRemoteThread`
- CreateRemoteThreadEx - `CreateRemoteThreadEx`
- NtCreateThreadEx - `NtCreateThreadEx`
- WriteProcessMemory - `WriteProcessMemory`
- NtWriteVirtualMemory - `NtWriteVirtualMemory`
- WinExec - `WinExec`
- CreateFileMappingA - `CreateFileMappingA`
- CreateFileMappingW - `CreateFileMappingW`
- CreateFileMappingNumaW - `CreateFileMappingNumaW`
- NtCreateSection - `NtCreateSection`
- MapViewOfFile - `MapViewOfFile`
- MapViewOfFileEx - `MapViewOfFileEx`
- MapViewOfFileFromApp - `MapViewOfFileFromApp`
- LdrGetProcedureAddressForCaller - `LdrGetProcedureAddressForCaller`
If a ROP gadget is detected, the process is terminated. If a ROP gadget is detected, the process is terminated.
@ -543,40 +543,40 @@ Validate API invocation (CallerCheck) is a mitigation for return-oriented progra
The APIs intercepted by this mitigation are: The APIs intercepted by this mitigation are:
- LoadLibraryA - `LoadLibraryA`
- LoadLibraryW - `LoadLibraryW`
- LoadLibraryExA - `LoadLibraryExA`
- LoadLibraryExW - `LoadLibraryExW`
- LdrLoadDll - `LdrLoadDll`
- VirtualAlloc - `VirtualAlloc`
- VirtualAllocEx - `VirtualAllocEx`
- NtAllocateVirtualMemory - `NtAllocateVirtualMemory`
- VirtualProtect - `VirtualProtect`
- VirtualProtectEx - `VirtualProtectEx`
- NtProtectVirtualMemory - `NtProtectVirtualMemory`
- HeapCreate - `HeapCreate`
- RtlCreateHeap - `RtlCreateHeap`
- CreateProcessA - `CreateProcessA`
- CreateProcessW - `CreateProcessW`
- CreateProcessInternalA - `CreateProcessInternalA`
- CreateProcessInternalW - `CreateProcessInternalW`
- NtCreateUserProcess - `NtCreateUserProcess`
- NtCreateProcess - `NtCreateProcess`
- NtCreateProcessEx - `NtCreateProcessEx`
- CreateRemoteThread - `CreateRemoteThread`
- CreateRemoteThreadEx - `CreateRemoteThreadEx`
- NtCreateThreadEx - `NtCreateThreadEx`
- WriteProcessMemory - `WriteProcessMemory`
- NtWriteVirtualMemory - `NtWriteVirtualMemory`
- WinExec - `WinExec`
- CreateFileMappingA - `CreateFileMappingA`
- CreateFileMappingW - `CreateFileMappingW`
- CreateFileMappingNumaW - `CreateFileMappingNumaW`
- NtCreateSection - `NtCreateSection`
- MapViewOfFile - `MapViewOfFile`
- MapViewOfFileEx - `MapViewOfFileEx`
- MapViewOfFileFromApp - `MapViewOfFileFromApp`
- LdrGetProcedureAddressForCaller - `LdrGetProcedureAddressForCaller`
If a ROP gadget is detected, the process is terminated. If a ROP gadget is detected, the process is terminated.