Windows 10 Redstone 3 IAF/EAF

#30500 by zerosum0x0
Mon Jun 26, 2017 6:08 am

Windows 10 Redstone 3 adds the following to EPROCESS:

   +0x82c MitigationFlags2Values : <unnamed-tag>
      +0x000 EnableExportAddressFilter : Pos 0, 1 Bit
      +0x000 AuditExportAddressFilter : Pos 1, 1 Bit
      +0x000 EnableExportAddressFilterPlus : Pos 2, 1 Bit
      +0x000 AuditExportAddressFilterPlus : Pos 3, 1 Bit
      +0x000 EnableRopStackPivot : Pos 4, 1 Bit
      +0x000 AuditRopStackPivot : Pos 5, 1 Bit
      +0x000 EnableRopCallerCheck : Pos 6, 1 Bit
      +0x000 AuditRopCallerCheck : Pos 7, 1 Bit
      +0x000 EnableRopSimExec : Pos 8, 1 Bit
      +0x000 AuditRopSimExec  : Pos 9, 1 Bit
      +0x000 EnableImportAddressFilter : Pos 10, 1 Bit
      +0x000 AuditImportAddressFilter : Pos 11, 1 Bit

How to enable these?

Username

zerosum0x0

Posts

11

Joined

Fri Mar 31, 2017 1:52 pm

Location

USA

Re: Windows 10 Redstone 3 IAF/EAF

#30503 by zerosum0x0
Wed Jun 28, 2017 12:41 am

They added this today: https://blogs.technet.microsoft.com/mmp ... rs-update/

Looks like you can set these and other settings in a new "Windows Defender Security Center" panel.

Username

zerosum0x0

Posts

11

Joined

Fri Mar 31, 2017 1:52 pm

Location

USA

Re: Windows 10 Redstone 3 IAF/EAF

#31240 by FakeAVHunter
Sun Feb 04, 2018 4:02 pm

I Like Windows 10 Redstone :D

Username

FakeAVHunter

Posts

161

Joined

Thu Feb 01, 2018 6:20 pm

Location

Romania

Contact