Created
October 20, 2017 13:29
-
-
Save wdormann/a033ece40ed29aeca68b85dadc604ee3 to your computer and use it in GitHub Desktop.
EG profile converted from EMET, which causes Win10 BSOD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <MitigationPolicy> | |
| <SystemConfig> | |
| <DEP Enable="true" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="true" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="true" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="true" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="true" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </SystemConfig> | |
| <AppConfig Executable="*\Internet Explorer\iexplore.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="mshtml.dll;flash*.ocx;jscript*.dll;vbscript.dll;vgx.dll;" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\Windows NT\Accessories\wordpad.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\OUTLOOK.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\WINWORD.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\EXCEL.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\POWERPNT.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\MSACCESS.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\MSPUB.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\INFOPATH.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\VISIO.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\VPREVIEW.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\LYNC.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\PPTVIEW.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\OFFICE1*\OIS.EXE"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\Adobe\*\Reader\AcroRd32.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="AcroRd32.dll;Acrofx32.dll;AcroForm.api;" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\Adobe\Acrobat*\Acrobat\Acrobat.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="AcroRd32.dll;Acrofx32.dll;AcroForm.api;" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\Java\jre*\bin\java.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\Java\jre*\bin\javaw.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| <AppConfig Executable="*\Java\jre*\bin\javaws.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" /> | |
| <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> | |
| <StrictHandle Enable="false" /> | |
| <SystemCalls DisableWin32kSystemCalls="false" Audit="false" /> | |
| <ExtensionPoints DisableExtensionPoints="false" /> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" Audit="false" /> | |
| <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" Audit="false" AuditStoreSigned="false" AuditEnforceModuleDependencySigning="false" /> | |
| <Fonts DisableNonSystemFonts="false" Audit="false" /> | |
| <ImageLoad AuditPreferSystem32="false" AuditLowLabelImageLoads="false" AuditRemoteImageLoads="false" PreferSystem32="false" BlockLowLabelImageLoads="false" BlockRemoteImageLoads="false" /> | |
| <Payload EAFModules="" EnableExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="false" AuditEnableRopSimExec="false" /> | |
| <SEHOP Enable="false" TelemetryOnly="false" Audit="false" /> | |
| <Heap TerminateOnError="false" /> | |
| <ChildProcess DisallowChildProcessCreation="false" Audit="false" /> | |
| </AppConfig> | |
| </MitigationPolicy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment