Maximum Anti-Exploit hardening for new Edge

%3CLINGO-SUB%20id%3D%22lingo-sub-1305960%22%20slang%3D%22en-US%22%3ERe%3A%20Maximum%20Anti-Exploit%20hardening%20for%20new%20Edge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1305960%22%20slang%3D%22en-US%22%3EThe%20default%20one%20is%20recommended%20for%20Microsoft%20Edge%2C%20if%20you%20made%20any%20changes%20and%20it%20cause%20crashing%2C%20make%20sure%20report%20it%20through%20Feedback%20form.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316592%22%20slang%3D%22en-US%22%3ERe%3A%20Maximum%20Anti-Exploit%20hardening%20for%20new%20Edge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316592%22%20slang%3D%22en-US%22%3EThat's%20not%20what%20i%20asked%20here%2C%20but%20you're%20of%20course%20right.%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20also%20disappointing%20that%20-%20after%20now%20one%20week%2C%20nobody%20else%20answer%20here.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1318026%22%20slang%3D%22en-US%22%3ERe%3A%20Maximum%20Anti-Exploit%20hardening%20for%20new%20Edge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1318026%22%20slang%3D%22en-US%22%3EThe%20general%20formula%20is%20to%20have%20them%20all%20on%20%2C%20so%20it%20protects%20you%20against%20all%20exploits%20.%20However%20due%20to%20lack%20of%20compatibility%20or%20other%20issues%2C%20if%20you%20enable%20them%2C%20they%20might%20crash%20the%20application.%20So%20set%20the%20values%20which%20you%20just%20posted%20and%20try%20it%20out%20and%20turn%20on%20others%20one%20by%20one%20and%20see%20if%20there%20is%20any%20issue%20or%20they%20perform%20as%20expected%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1297669%22%20slang%3D%22en-US%22%3EMaximum%20Anti-Exploit%20hardening%20for%20new%20Edge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1297669%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20like%20to%20hear%20your%20Anti-Exploit%20settings%20for%20new%20Chromium-Edge.%3C%2FP%3E%3CP%3EFrom%20MalwareTips.com%20forum%20i%20got%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(*%20will%20break%20Chrome%20or%20extensions)%3C%2FP%3E%3CP%3EACG%20(off)*%3CBR%20%2F%3EBLII%20(on)%3CBR%20%2F%3EBRI%20(on)%3CBR%20%2F%3EBUF%20(on)%3CBR%20%2F%3ECIG%20(on)%20-%20also%20allow%20loading%20of%20images%20signed%20by%20Microsoft%20Store%3CBR%20%2F%3ECFG%20(on)%20-%20Strict%20(Off)*%3CBR%20%2F%3EDEP%20(on)%20-%20ATL%20(on)%3CBR%20%2F%3EDep%20(on)%3CBR%20%2F%3EWin32k%20(off)*%3CBR%20%2F%3EChild%20Process%20(off)%3CBR%20%2F%3EEAF%20(off)*%3CBR%20%2F%3EMandatory%20ASLR%20(on)%20-%20Stripped%20(on)%3CBR%20%2F%3EIAF%20(off)*%3CBR%20%2F%3EBottomUp%20ASLR%20(on)%3CBR%20%2F%3ESimExec%20(off)*%3CBR%20%2F%3ECallerCheck%20(off)*%3CBR%20%2F%3ESEHOP%20(on)%3CBR%20%2F%3EVHU%20(on)%3CBR%20%2F%3EVHI%20(on)%3CBR%20%2F%3EVIDI%20(on)%3CBR%20%2F%3EStackPivot%20(off)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdit%3A%20Also%20someone%20say%20the%20settings%20are%20needed%20for%20%22MicrosoftEdgeCP.exe%22%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1297669%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnti-Exploit%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEdge%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehardening%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Deleted
Not applicable

I would like to hear your Anti-Exploit settings for new Chromium-Edge.

From MalwareTips.com forum i got the following:

 

(* will break Chrome or extensions)

ACG (off)*
BLII (on)
BRI (on)
BUF (on)
CIG (on) - also allow loading of images signed by Microsoft Store
CFG (on) - Strict (Off)*
DEP (on) - ATL (on)
Dep (on)
Win32k (off)*
Child Process (off)
EAF (off)*
Mandatory ASLR (on) - Stripped (on)
IAF (off)*
BottomUp ASLR (on)
SimExec (off)*
CallerCheck (off)*
SEHOP (on)
VHU (on)
VHI (on)
VIDI (on)
StackPivot (off)

 

Edit: Also someone say the settings are needed for "MicrosoftEdgeCP.exe" too.

4 Replies
The default one is recommended for Microsoft Edge, if you made any changes and it cause crashing, make sure report it through Feedback form.
That's not what i asked here, but you're of course right.

I'm also disappointing that - after now one week, nobody else answer here.
The general formula is to have them all on , so it protects you against all exploits . However due to lack of compatibility or other issues, if you enable them, they might crash the application. So set the values which you just posted and try it out and turn on others one by one and see if there is any issue or they perform as expected?
Sadly no one here have the knowledge to answer my question with more then generally answer's.

I ask myself who else have this knowledge if not the people from this forum ?!
www.000webhost.com