Forum Discussion

Deleted's avatar
Deleted
Apr 10, 2020

Maximum Anti-Exploit hardening for new Edge

I would like to hear your Anti-Exploit settings for new Chromium-Edge.

From MalwareTips.com forum i got the following:

 

(* will break Chrome or extensions)

ACG (off)*
BLII (on)
BRI (on)
BUF (on)
CIG (on) - also allow loading of images signed by Microsoft Store
CFG (on) - Strict (Off)*
DEP (on) - ATL (on)
Dep (on)
Win32k (off)*
Child Process (off)
EAF (off)*
Mandatory ASLR (on) - Stripped (on)
IAF (off)*
BottomUp ASLR (on)
SimExec (off)*
CallerCheck (off)*
SEHOP (on)
VHU (on)
VHI (on)
VIDI (on)
StackPivot (off)

 

Edit: Also someone say the settings are needed for "MicrosoftEdgeCP.exe" too.

  • The default one is recommended for Microsoft Edge, if you made any changes and it cause crashing, make sure report it through Feedback form.
    • Deleted's avatar
      Deleted
      That's not what i asked here, but you're of course right.

      I'm also disappointing that - after now one week, nobody else answer here.
      • Reza_Ameri-Archived's avatar
        Reza_Ameri-Archived
        Bronze Contributor
        The general formula is to have them all on , so it protects you against all exploits . However due to lack of compatibility or other issues, if you enable them, they might crash the application. So set the values which you just posted and try it out and turn on others one by one and see if there is any issue or they perform as expected?

Resources