PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Exploit Protection: system-level mitigation, Validate exception chains (SEHOP) must be on

3f0d630e-d744-450e-8e8a-6478118649fb

Exploit protection enables mitigations against potential threats at the system and application level. Several mitigations, including "Validate exception chains (SEHOP)", are enabled by default at the system level. SEHOP (structured exception handling overwrite protection) ensures the integrity of an exception chain during exception dispatch. If this is turned off, Windows may be subject to various exploits.

Remediation

Ensure exploit Protection system-level mitigation, "Validate exception chains (SEHOP)", is turned on. The default configuration in Exploit Protection is "On by default" which meets this requirement.

Open "Windows Defender Security Center"
|_ Select "App & browser control".
|_ Select "Exploit protection settings".
|_ Under "System settings", configure "Validate exception chains (SEHOP)" to "On by default" or "Use default ()".

STIG: Server:
https://rmfdb.com/rules/SV-103405r1_rule

NIST 800-53: SI-18
CSCv7: 8.3
Shared Assessments SIG 2022: P.10, P.10.3, P.10.3.1, P.10.3.2



Tags

stig-medium-server nist800-53-server server sig-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.