Web lists-archives.com

Windows Defender Exploit Guard

Hi all,

I've seen some reports, and encountered some problems myself, with the
new "Windows Defender Exploit Guard" [1] w.r.t. Cygwin.  This enables
a number of anti-exploit protections, at least some of which might be
a problem for Cygwin--in particular "Force randomization for images
(Mandatory ASLR)" as the name suggests forces address space
randomization even for DLLs, for example, with a fixed image base.
Possibly some others are also a problem for Cygwin but I'm not sure.

Fortunately, these settings can be customized on a per-executable
basis, and this can be done programmatically with powershell:

Maybe for Cygwin we will want to include something like a companion
script to rebase that applies the necessary exploit protection
exceptions for Cygwin binaries... :(


[1] https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard

Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple