exploit-protection-policy
May 22, 2024
·
1 min read

Exploit-Protection-policy provides a production-hardened Exploit Protection (EP) policy tailored for Windows 10 and Windows 11 systems. It combines multiple industry-standard security baselines with advanced restrictions to maximize security without breaking compatibility with everyday applications.
This policy has been tested in air-gapped systems to protect endpoints from advanced threat vectors while maintaining productivity.
Merged Security Baselines
- DISA STIG Exploit Protection v3.
- Microsoft Security Baseline Exploit Protection policy (specifically aligned for enterprise systems).
- milgradesec’s custom Exploit Protection rule configurations.
Key Protections Enforced
- System-Wide Mitigations: Enforces fundamental protections such as Control Flow Guard (CFG), Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Heap Protection by default.
- Advanced Payload Controls: Restricts execution vectors using Export Address Filtering (EAF/EAF+), Import Address Filtering (IAF), and Return-Oriented Programming (ROP) mitigations.
- Image & Code Integrity Restrictions: Blocks loading of low-integrity or remote images, preventing malicious library injection.
- Application-Specific Tuning: Includes pre-configured exceptions and application rules to balance high-security containment with software compatibility.
