Exploit Mitigation, has a ton of features that are applied to applications, not all applications desire the same level of protection hence we introduced "Templates" here.
- Browsers, specific settings for browsers.
- HitmanPro, additional protection for HitmanPro
- Java, specific settings for Java processes.
- Media, specific settings for Media players etc.
- Office, specific settings for Office suites e.g. Word, LibreOffice, PDF readers etc.
- Other, specific settings for remaining applications or things you would like to manually add to the Exploit-Mitigation protections.
- Plugins, specific settings for browser plugins
- Test, specific settings for Tester tools.
Protections available on Exploit Mitigations
- Application Lockdown, stops attacks that bypass mitigations.
- Control-Flow integrity, stops ROP attacks.
- IAT Filtering, guards the Import Address Table.
- JIT Guard, prevents abuse of browser JIT memory.
- Stack Pivot, stops abuse of the stack pointer.
- Stack Exec, stops attacker's code on the stack.
- SEHOP, stops abuse of the exception handler.
- Load Library, stops modules loaded from network paths.
- Enforce DEP, prevents abuse of buffer overflows.
- Mandatory ASLR, prevents predictable code locations.
- Bottom up ASLR, Improves code location randomisation.
- Null page, stops exploits that jump via page 0
- Dynamic Heap Spray, stops exploits that start via the heap.