deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

space characters

Browse Source
This commit is contained in:
Iaan D'Souza-Wiltshire
2017-12-07 14:38:32 -08:00
parent a685cfa876
commit a3c256b175
1 changed files with 69 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
View File

@ -86,29 +86,29 @@ The table in this section indicates the availability and support of native mitig
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
-|:-:|:-:
Arbitrary<EFBFBD>code<EFBFBD>guard<EFBFBD>(ACG) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>As<EFBFBD>"Memory<EFBFBD>Protection<EFBFBD>Check"
Block<EFBFBD>remote<EFBFBD>images | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br/>As<EFBFBD>"Load<EFBFBD>Library<EFBFBD>Check"
Block<EFBFBD>untrusted<EFBFBD>fonts | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Data<EFBFBD>Execution<EFBFBD>Prevention<EFBFBD>(DEP) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Export<EFBFBD>address<EFBFBD>filtering<EFBFBD>(EAF) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Force<EFBFBD>randomization<EFBFBD>for<EFBFBD>images<EFBFBD>(Mandatory<EFBFBD>ASLR) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
NullPage<EFBFBD>Security<EFBFBD>Mitigation | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>Included<EFBFBD>natively<EFBFBD>in<EFBFBD>Windows<EFBFBD>10 | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Randomize<EFBFBD>memory<EFBFBD>allocations<EFBFBD>(Bottom-Up<EFBFBD>ASLR) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Simulate<EFBFBD>execution<EFBFBD>(SimExec) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>API<EFBFBD>invocation<EFBFBD>(CallerCheck) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>exception<EFBFBD>chains<EFBFBD>(SEHOP) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>stack<EFBFBD>integrity<EFBFBD>(StackPivot) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Certificate<EFBFBD>trust<EFBFBD>(configurable<EFBFBD>certificate<EFBFBD>pinning) | No<EFBFBD>longer<EFBFBD>supported<EFBFBD>by<EFBFBD>the<EFBFBD>industry<EFBFBD>as<EFBFBD>newer<EFBFBD>mitigations<EFBFBD>provide<EFBFBD>better<EFBFBD>protection<EFBFBD>with<EFBFBD>fewer<EFBFBD>errors | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Heap<EFBFBD>spray<EFBFBD>allocation | Ineffective<EFBFBD>against<EFBFBD>modern<EFBFBD>browser<EFBFBD>exploits,<EFBFBD>newer<EFBFBD>mitigations<EFBFBD>provide<EFBFBD>better<EFBFBD>protection | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Block<EFBFBD>low<EFBFBD>integrity<EFBFBD>images | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Code<EFBFBD>integrity<EFBFBD>guard | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Disable<EFBFBD>extension<EFBFBD>points | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Disable<EFBFBD>Win32k<EFBFBD>system<EFBFBD>calls | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Do<EFBFBD>not<EFBFBD>allow<EFBFBD>child<EFBFBD>processes | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Import<EFBFBD>address<EFBFBD>filtering<EFBFBD>(IAF) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>handle<EFBFBD>usage | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>heap<EFBFBD>integrity | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>image<EFBFBD>dependency<EFBFBD>integrity | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Arbitrary code guard (ACG) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br />As "Memory Protection Check"
Block remote images | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br/>As "Load Library Check"
Block untrusted fonts | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Data Execution Prevention (DEP) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Export address filtering (EAF) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
NullPage Security Mitigation | [!include[Check mark yes](images/svg/check-yes.md)]<br />Included natively in Windows 10 | [!include[Check mark yes](images/svg/check-yes.md)]
Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Simulate execution (SimExec) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate API invocation (CallerCheck) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate exception chains (SEHOP) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate stack integrity (StackPivot) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Certificate trust (configurable certificate pinning) | No longer supported by the industry as newer mitigations provide better protection with fewer errors | [!include[Check mark yes](images/svg/check-yes.md)]
Heap spray allocation | Ineffective against modern browser exploits, newer mitigations provide better protection | [!include[Check mark yes](images/svg/check-yes.md)]
Block low integrity images | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Code integrity guard | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Disable extension points | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Disable Win32k system calls | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Do not allow child processes | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Import address filtering (IAF) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate handle usage | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
@ -135,55 +135,55 @@ Validate
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
-|:-:|:-:
Arbitrary<EFBFBD>code<EFBFBD>guard<EFBFBD>(ACG) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>As<EFBFBD>"Memory<EFBFBD>Protection<EFBFBD>Check"
Block<EFBFBD>low<EFBFBD>integrity<EFBFBD>images | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Block<EFBFBD>remote<EFBFBD>images | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br/>As<EFBFBD>"Load<EFBFBD>Library<EFBFBD>Check"
Block<EFBFBD>untrusted<EFBFBD>fonts | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Certificate<EFBFBD>trust<EFBFBD>(configurable<EFBFBD>certificate<EFBFBD>pinning) | No<EFBFBD>longer<EFBFBD>supported<EFBFBD>by<EFBFBD>the<EFBFBD>industry<EFBFBD>as<EFBFBD>newer<EFBFBD>mitigations<EFBFBD>provide<EFBFBD>better<EFBFBD>protection<EFBFBD>with<EFBFBD>fewer<EFBFBD>errors | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Code<EFBFBD>integrity<EFBFBD>guard | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Data<EFBFBD>Execution<EFBFBD>Prevention<EFBFBD>(DEP) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Disable<EFBFBD>extension<EFBFBD>points | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Disable<EFBFBD>Win32k<EFBFBD>system<EFBFBD>calls | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Do<EFBFBD>not<EFBFBD>allow<EFBFBD>child<EFBFBD>processes | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Export<EFBFBD>address<EFBFBD>filtering<EFBFBD>(EAF) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Force<EFBFBD>randomization<EFBFBD>for<EFBFBD>images<EFBFBD>(Mandatory<EFBFBD>ASLR) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Heap<EFBFBD>spray<EFBFBD>allocation | Ineffective<EFBFBD>against<EFBFBD>modern<EFBFBD>browser<EFBFBD>exploits,<EFBFBD>newer<EFBFBD>mitigations<EFBFBD>provide<EFBFBD>better<EFBFBD>protection | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Import<EFBFBD>address<EFBFBD>filtering<EFBFBD>(IAF) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
NullPage<EFBFBD>Security<EFBFBD>Mitigation | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>Included<EFBFBD>natively<EFBFBD>in<EFBFBD>Windows<EFBFBD>10 | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Randomize<EFBFBD>memory<EFBFBD>allocations<EFBFBD>(Bottom-Up<EFBFBD>ASLR) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Simulate<EFBFBD>execution<EFBFBD>(SimExec) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>API<EFBFBD>invocation<EFBFBD>(CallerCheck) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>exception<EFBFBD>chains<EFBFBD>(SEHOP) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>handle<EFBFBD>usage | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>heap<EFBFBD>integrity | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>image<EFBFBD>dependency<EFBFBD>integrity | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>stack<EFBFBD>integrity<EFBFBD>(StackPivot) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Arbitrary code guard (ACG) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br />As "Memory Protection Check"
Block low integrity images | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Block remote images | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br/>As "Load Library Check"
Block untrusted fonts | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Certificate trust (configurable certificate pinning) | No longer supported by the industry as newer mitigations provide better protection with fewer errors | [!include[Check mark yes](images/svg/check-yes.md)]
Code integrity guard | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Data Execution Prevention (DEP) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Disable extension points | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Disable Win32k system calls | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Do not allow child processes | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Export address filtering (EAF) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Heap spray allocation | Ineffective against modern browser exploits, newer mitigations provide better protection | [!include[Check mark yes](images/svg/check-yes.md)]
Import address filtering (IAF) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
NullPage Security Mitigation | [!include[Check mark yes](images/svg/check-yes.md)]<br />Included natively in Windows 10 | [!include[Check mark yes](images/svg/check-yes.md)]
Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Simulate execution (SimExec) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate API invocation (CallerCheck) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate exception chains (SEHOP) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate handle usage | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate stack integrity (StackPivot) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
# Table WDEG yes > EMET no > Emet > yes
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
-|:-:|:-:
Block<EFBFBD>low<EFBFBD>integrity<EFBFBD>images | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Code<EFBFBD>integrity<EFBFBD>guard | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Disable<EFBFBD>extension<EFBFBD>points | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Disable<EFBFBD>Win32k<EFBFBD>system<EFBFBD>calls | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Do<EFBFBD>not<EFBFBD>allow<EFBFBD>child<EFBFBD>processes | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Import<EFBFBD>address<EFBFBD>filtering<EFBFBD>(IAF) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>handle<EFBFBD>usage | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>heap<EFBFBD>integrity | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Validate<EFBFBD>image<EFBFBD>dependency<EFBFBD>integrity | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>no](images/svg/check-no.md)]
Heap<EFBFBD>spray<EFBFBD>allocation | Ineffective<EFBFBD>against<EFBFBD>modern<EFBFBD>browser<EFBFBD>exploits,<EFBFBD>newer<EFBFBD>mitigations<EFBFBD>provide<EFBFBD>better<EFBFBD>protection | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Certificate<EFBFBD>trust<EFBFBD>(configurable<EFBFBD>certificate<EFBFBD>pinning) | No<EFBFBD>longer<EFBFBD>supported<EFBFBD>by<EFBFBD>the<EFBFBD>industry<EFBFBD>as<EFBFBD>newer<EFBFBD>mitigations<EFBFBD>provide<EFBFBD>better<EFBFBD>protection<EFBFBD>with<EFBFBD>fewer<EFBFBD>errors | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
NullPage<EFBFBD>Security<EFBFBD>Mitigation | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>Included<EFBFBD>natively<EFBFBD>in<EFBFBD>Windows<EFBFBD>10 | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Block<EFBFBD>untrusted<EFBFBD>fonts | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Data<EFBFBD>Execution<EFBFBD>Prevention<EFBFBD>(DEP) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Export<EFBFBD>address<EFBFBD>filtering<EFBFBD>(EAF) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Force<EFBFBD>randomization<EFBFBD>for<EFBFBD>images<EFBFBD>(Mandatory<EFBFBD>ASLR) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Randomize<EFBFBD>memory<EFBFBD>allocations<EFBFBD>(Bottom-Up<EFBFBD>ASLR) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Simulate<EFBFBD>execution<EFBFBD>(SimExec) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>API<EFBFBD>invocation<EFBFBD>(CallerCheck) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>exception<EFBFBD>chains<EFBFBD>(SEHOP) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Validate<EFBFBD>stack<EFBFBD>integrity<EFBFBD>(StackPivot) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]
Arbitrary<EFBFBD>code<EFBFBD>guard<EFBFBD>(ACG) | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br<EFBFBD>/>As<EFBFBD>"Memory<EFBFBD>Protection<EFBFBD>Check"
Block<EFBFBD>remote<EFBFBD>images | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)] | [!include[Check<EFBFBD>mark<EFBFBD>yes](images/svg/check-yes.md)]<br/>As<EFBFBD>"Load<EFBFBD>Library<EFBFBD>Check"
Block low integrity images | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Code integrity guard | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Disable extension points | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Disable Win32k system calls | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Do not allow child processes | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Import address filtering (IAF) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate handle usage | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)]
Heap spray allocation | Ineffective against modern browser exploits, newer mitigations provide better protection | [!include[Check mark yes](images/svg/check-yes.md)]
Certificate trust (configurable certificate pinning) | No longer supported by the industry as newer mitigations provide better protection with fewer errors | [!include[Check mark yes](images/svg/check-yes.md)]
NullPage Security Mitigation | [!include[Check mark yes](images/svg/check-yes.md)]<br />Included natively in Windows 10 | [!include[Check mark yes](images/svg/check-yes.md)]
Block untrusted fonts | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Data Execution Prevention (DEP) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Export address filtering (EAF) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Simulate execution (SimExec) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate API invocation (CallerCheck) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate exception chains (SEHOP) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Validate stack integrity (StackPivot) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
Arbitrary code guard (ACG) | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br />As "Memory Protection Check"
Block remote images | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]<br/>As "Load Library Check"