Turn on Mandatory ASLR in Windows Security

%3CLINGO-SUB%20id%3D%22lingo-sub-1241569%22%20slang%3D%22en-US%22%3ERe%3A%20Turn%20on%20Mandatory%20ASLR%20in%20Windows%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1241569%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310193%22%20target%3D%22_blank%22%3E%40HotCakeX%3C%2FA%3E%26nbsp%3B.%20I%20have%20already%20configured%20more%26nbsp%3B%20sophiscated%20security%20settings%20.%20No%20other%20antivirus%20product%26nbsp%3B%20installed.%26nbsp%3B%20here%20are%20the%20screenshots%20of%20asus%20laptop%20with%20i5%207200u%20cpu%20with%20nvidia%20940mx%20gpu%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1241627%22%20slang%3D%22en-US%22%3ERe%3A%20Turn%20on%20Mandatory%20ASLR%20in%20Windows%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1241627%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F322694%22%20target%3D%22_blank%22%3E%40RAJUMATHEMATICSMSC%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat's%20exactly%20the%20same%20settings.%3C%2FP%3E%3CP%3Ethe%20reason%20I%20didn't%20show%20other%20settings%20is%20because%20they%20are%20turned%20on%20by%20default.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1260121%22%20slang%3D%22en-US%22%3ERe%3A%20Turn%20on%20Mandatory%20ASLR%20in%20Windows%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1260121%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20why%20are%20these%20features%20(Mandatory%20ASLR%20and%20Memory%20Integrity%20in%20Core%20Isolation)%20not%20enabled%20by%20default%3F%3CBR%20%2F%3E%3CBR%20%2F%3ESame%20also%20for%20Windows%20Defender%20running%20in%20Sandbox%2C%20which%20is%20avaiable%20since%20october%202018!%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F10%2F26%2Fwindows-defender-antivirus-can-now-run-in-a-sandbox%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F10%2F26%2Fwindows-defender-antivirus-can-now-run-in-a-sandbox%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1260179%22%20slang%3D%22en-US%22%3ERe%3A%20Turn%20on%20Mandatory%20ASLR%20in%20Windows%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1260179%22%20slang%3D%22en-US%22%3EThe%20only%20reason%20i%20can%20think%20about%20is%20that%20those%20features%20are%20not%20compatible%20with%20all%20hardware.%3CBR%20%2F%3E%3CBR%20%2F%3EMemory%20integrity%20could%20have%20problem%20with%20some%20drivers.%3CBR%20%2F%3Econtrolled%20folder%20access%20could%20cause%20problem%20with%20legitimate%20safe%20software%20that%20WD%20fails%20to%20allow%2Ftrust.%3CBR%20%2F%3Emandatory%20ASLR%20has%20problem%20with%20some%20portable%20software.%3CBR%20%2F%3EI%20have%20experienced%20all%20of%20these%20problems%20at%20some%20point%20in%20time.%3CBR%20%2F%3E%3CBR%20%2F%3Eso%20I%20think%20Microsoft%20is%20just%20trying%20not%20to%20cause%20issues%20and%20keep%20things%20balanced%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1186989%22%20slang%3D%22en-US%22%3ETurn%20on%20Mandatory%20ASLR%20in%20Windows%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1186989%22%20slang%3D%22en-US%22%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20been%20using%20it%20for%20quite%20a%20while%20now%2C%20it%20caused%20no%20problems%20or%20errors%20with%20any%20legitimate%20programs%2C%20games%2C%20anti%20cheat%20systems%20etc%20other%20than%20with%20some%20%22custom%22%20made%20portable%20programs.%20it's%20Off%20by%20default%2C%20when%20you%20turn%20it%20on%2C%20you%20will%20have%20to%20restart%20your%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAddress%20space%20layout%20randomization%3C%2FP%3E%3CP%3EAddress%20space%20layout%20randomization%20(ASLR)%20is%20a%20computer%20security%20technique%20involved%20in%20preventing%20exploitation%20of%20memory%20corruption%20vulnerabilities.%20In%20order%20to%20prevent%20an%20attacker%20from%20reliably%20jumping%20to%2C%20for%20example%2C%20a%20particular%20exploited%20function%20in%20memory%2C%20ASLR%20randomly%20arranges%20the%20address%20space%20positions%20of%20key%20data%20areas%20of%20a%20process%2C%20including%20the%20base%20of%20the%20executable%20and%20the%20positions%20of%20the%20stack%2C%20heap%20and%20libraries.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Linux%20%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FPaX%23History%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EPaX%3C%2FA%3E%20project%20first%20coined%20the%20term%20%22ASLR%22%2C%20and%20published%20the%20first%20design%20and%20%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FPatch_(computing)%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Eimplementation%20of%20ASLR%3C%2FA%3E%20in%20July%202001%20as%20a%20%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAddress_space_layout_randomization%23KASLR%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Epatch%3C%2FA%3E%20for%20the%20%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAddress_space_layout_randomization%23cite_note-1%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ELinux%20kernel%3C%2FA%3E.%20It%20is%20seen%20as%20a%20complete%20implementation%2C%20providing%20also%20a%20patch%20for%20kernel%20stack%20randomization%20since%20October%202002.-ERR%3AREF-NOT-FOUND-%5B1%5D%3C%2FP%3E%3CP%3EThe%20first%20mainstream%20operating%20system%20to%20support%20ASLR%20by%20default%20was%20the%20%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTimeline_of_OpenBSD%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOpenBSD%3C%2FA%3E%20version%20%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAddress_space_layout_randomization%23cite_note-OpenBSD-firstASLR-2%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3E3.4%3C%2FA%3E%20in%202003%2C%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAddress_space_layout_randomization%23cite_note-OpenBSD_Innovations-ASLR-PIE-3%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3E%5B2%5D%3C%2FA%3E-ERR%3AREF-NOT-FOUND-%5B3%5D%20followed%20by%20Linux%20in%202005.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAddress_space_layout_randomization%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Fen.wikipedia.org%2Fwiki%2FAddress_space_layout_randomization%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fsrd%2F2017%2F11%2F21%2Fclarifying-the-behavior-of-mandatory-aslr%2F%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fsrd%2F2017%2F11%2F21%2Fclarifying-the-behavior-of-mandatory-aslr%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOther%20options%20that%20are%20tuned%20off%20by%20default%20and%20you%20should%20enable%20to%20make%20your%20Windows%20device%20more%20secure%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20the%20increasing%20number%20of%20threats%20in%20cyber%20security%20and%20new%20ransomwares%2C%20If%20you%20are%20only%20relying%20on%20Windows%2010's%20built%20in%20security%20and%20not%20using%20any%203rd%20party%20AV%20such%20as%20Kaspersky%2C%20you%20must%20enable%20these%20features%20to%20keep%20yourself%20secure.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20everyone%20stay%20safe!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1186989%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Econtrolled%20folder%20access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ecore%20isolation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emandatory%20ASLR%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ememory%20integrity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Evirtual%20security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Defender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Honored Contributor

Annotation 2020-02-21 172757.png

 

I've been using it for quite a while now, it caused no problems or errors with any legitimate programs, games, anti cheat systems etc other than with some "custom" made portable programs. it's Off by default, when you turn it on, you will have to restart your device.

 

Address space layout randomization

Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.

 

The Linux PaX project first coined the term "ASLR", and published the first design and implementation of ASLR in July 2001 as a patch for the Linux kernel. It is seen as a complete implementation, providing also a patch for kernel stack randomization since October 2002.[1]

The first mainstream operating system to support ASLR by default was the OpenBSD version 3.4 in 2003,[2][3] followed by Linux in 2005.

 

https://en.wikipedia.org/wiki/Address_space_layout_randomization

 

https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/

 

 

Other options that are tuned off by default and you should enable to make your Windows device more secure

 

Memory Integrity in Core IsolationMemory Integrity in Core Isolation

 

CFA - Controlled Folder AccessCFA - Controlled Folder Access

 

With the increasing number of threats in cyber security and new ransomwares, If you are only relying on Windows 10's built in security and not using any 3rd party AV such as Kaspersky, you must enable these features to keep yourself secure.

 

Hope everyone stay safe!

4 Replies
Highlighted

@HotCakeX . I have already configured more  sophiscated security settings . No other antivirus product  installed.  here are the screenshots of asus laptop with i5 7200u cpu with nvidia 940mx gpu 

 

 

 

Highlighted

@RAJUMATHEMATICSMSC 

That's exactly the same settings.

the reason I didn't show other settings is because they are turned on by default.

 

Highlighted

So why are these features (Mandatory ASLR and Memory Integrity in Core Isolation) not enabled by default?

Same also for Windows Defender running in Sandbox, which is avaiable since october 2018!:

https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandb...

Highlighted
The only reason i can think about is that those features are not compatible with all hardware.

Memory integrity could have problem with some drivers.
controlled folder access could cause problem with legitimate safe software that WD fails to allow/trust.
mandatory ASLR has problem with some portable software.
I have experienced all of these problems at some point in time.

so I think Microsoft is just trying not to cause issues and keep things balanced