deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update exploit-protection-reference.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2021-01-06 18:27:05 -08:00
parent 15da08b047
commit 13afd5971a
1 changed files with 68 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
View File

@ -488,40 +488,40 @@ Simulate execution (SimExec) is a mitigation for 32-bit applications only. This
The APIs intercepted by this mitigation are:
- LoadLibraryA
- LoadLibraryW
- LoadLibraryExA
- LoadLibraryExW
- LdrLoadDll
- VirtualAlloc
- VirtualAllocEx
- NtAllocateVirtualMemory
- VirtualProtect
- VirtualProtectEx
- NtProtectVirtualMemory
- HeapCreate
- RtlCreateHeap
- CreateProcessA
- CreateProcessW
- CreateProcessInternalA
- CreateProcessInternalW
- NtCreateUserProcess
- NtCreateProcess
- NtCreateProcessEx
- CreateRemoteThread
- CreateRemoteThreadEx
- NtCreateThreadEx
- WriteProcessMemory
- NtWriteVirtualMemory
- WinExec
- CreateFileMappingA
- CreateFileMappingW
- CreateFileMappingNumaW
- NtCreateSection
- MapViewOfFile
- MapViewOfFileEx
- MapViewOfFileFromApp
- LdrGetProcedureAddressForCaller
- `LoadLibraryA`
- `LoadLibraryW`
- `LoadLibraryExA`
- `LoadLibraryExW`
- `LdrLoadDll`
- `VirtualAlloc`
- `VirtualAllocEx`
- `NtAllocateVirtualMemory`
- `VirtualProtect`
- `VirtualProtectEx`
- `NtProtectVirtualMemory`
- `HeapCreate`
- `RtlCreateHeap`
- `CreateProcessA`
- `CreateProcessW`
- `CreateProcessInternalA`
- `CreateProcessInternalW`
- `NtCreateUserProcess`
- `NtCreateProcess`
- `NtCreateProcessEx`
- `CreateRemoteThread`
- `CreateRemoteThreadEx`
- `NtCreateThreadEx`
- `WriteProcessMemory`
- `NtWriteVirtualMemory`
- `WinExec`
- `CreateFileMappingA`
- `CreateFileMappingW`
- `CreateFileMappingNumaW`
- `NtCreateSection`
- `MapViewOfFile`
- `MapViewOfFileEx`
- `MapViewOfFileFromApp`
- `LdrGetProcedureAddressForCaller`
If a ROP gadget is detected, the process is terminated.
@ -543,40 +543,40 @@ Validate API invocation (CallerCheck) is a mitigation for return-oriented progra
The APIs intercepted by this mitigation are:
- LoadLibraryA
- LoadLibraryW
- LoadLibraryExA
- LoadLibraryExW
- LdrLoadDll
- VirtualAlloc
- VirtualAllocEx
- NtAllocateVirtualMemory
- VirtualProtect
- VirtualProtectEx
- NtProtectVirtualMemory
- HeapCreate
- RtlCreateHeap
- CreateProcessA
- CreateProcessW
- CreateProcessInternalA
- CreateProcessInternalW
- NtCreateUserProcess
- NtCreateProcess
- NtCreateProcessEx
- CreateRemoteThread
- CreateRemoteThreadEx
- NtCreateThreadEx
- WriteProcessMemory
- NtWriteVirtualMemory
- WinExec
- CreateFileMappingA
- CreateFileMappingW
- CreateFileMappingNumaW
- NtCreateSection
- MapViewOfFile
- MapViewOfFileEx
- MapViewOfFileFromApp
- LdrGetProcedureAddressForCaller
- `LoadLibraryA`
- `LoadLibraryW`
- `LoadLibraryExA`
- `LoadLibraryExW`
- `LdrLoadDll`
- `VirtualAlloc`
- `VirtualAllocEx`
- `NtAllocateVirtualMemory`
- `VirtualProtect`
- `VirtualProtectEx`
- `NtProtectVirtualMemory`
- `HeapCreate`
- `RtlCreateHeap`
- `CreateProcessA`
- `CreateProcessW`
- `CreateProcessInternalA`
- `CreateProcessInternalW`
- `NtCreateUserProcess`
- `NtCreateProcess`
- `NtCreateProcessEx`
- `CreateRemoteThread`
- `CreateRemoteThreadEx`
- `NtCreateThreadEx`
- `WriteProcessMemory`
- `NtWriteVirtualMemory`
- `WinExec`
- `CreateFileMappingA`
- `CreateFileMappingW`
- `CreateFileMappingNumaW`
- `NtCreateSection`
- `MapViewOfFile`
- `MapViewOfFileEx`
- `MapViewOfFileFromApp`
- `LdrGetProcedureAddressForCaller`
If a ROP gadget is detected, the process is terminated.