The data execution prevention (DEP) policy of the process.
The Address Space Layout Randomization (ASLR) policy of the process.
The policy that turns off the ability of the process to generate dynamic code or modify existing executable code.
The process will receive a fatal error if it manipulates an invalid handle. Useful for preventing downstream problems in a process due to handle misuse.
Disables the ability to use NTUser/GDI functions at the lowest layer.
Returns the mask of valid bits for all the mitigation options on the system. An application can set many mitigation options without querying the operating system for mitigation options by combining bitwise with the mask to exclude all non-supported bits at once.
The policy that prevents some built-in third party extension points from being turned on, which prevents legacy extension point DLLs from being loaded into the process.
The Control Flow Guard (CFG) policy of the process.
The policy of a process that can restrict image loading to those images that are either signed by Microsoft, by the Windows Store, or by Microsoft, the Windows Store and the Windows Hardware Quality Labs (WHQL).
The policy that turns off the ability of the process to load non-system fonts.
The policy that turns off the ability of the process to load images from some locations, such a remote devices or files that have the low mandatory label.