Edit

PROCESS_MITIGATION_CHILD_PROCESS_POLICY structure (ntddk.h)

  • Article

Stores policy information about creating child processes.

Syntax

typedef struct _PROCESS_MITIGATION_CHILD_PROCESS_POLICY {
  union {
    ULONG Flags;
    struct {
      ULONG NoChildProcessCreation : 1;
      ULONG AuditNoChildProcessCreation : 1;
      ULONG AllowSecureProcessCreation : 1;
      ULONG ReservedFlags : 29;
    } DUMMYSTRUCTNAME;
  } DUMMYUNIONNAME;
} PROCESS_MITIGATION_CHILD_PROCESS_POLICY, *PPROCESS_MITIGATION_CHILD_PROCESS_POLICY;

Members

DUMMYUNIONNAME

DUMMYUNIONNAME.Flags

DUMMYUNIONNAME.DUMMYSTRUCTNAME

DUMMYUNIONNAME.DUMMYSTRUCTNAME.NoChildProcessCreation

If set, the process cannot create child processes.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditNoChildProcessCreation

If set, causes audit events to be generated when child processes are created by the process. If both NoChildProcessCreation and AuditNoChildProcessCreation are set, NoChildProcessCreation takes precedence over audit setting.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AllowSecureProcessCreation

Denies creation of child processes unless the child process is a secure process and if creation was previously blocked. It allows a process to spawn a child process on behalf of another process that cannot itself create child processes. See PROCESS_CREATION_CHILD_PROCESS_OVERRIDE in UpdateProcThreadAttribute.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.ReservedFlags

Reserved.

Requirements

Requirement Value
Minimum supported client Windows 10, version 1709
Minimum supported server Windows Server 2016
Header ntddk.h