This document lists the Mitigation Options and their purpose in the Settings screen when you create a New Enhanced Mitigation Action.
To get to the Enhanced Mitigation, do the following steps:
In the Security Manager Console, click the Policies tab.
In the file library in the left pane,
Data Execute Prevention (DEP)
...
MandatoryASLR randomizes the location where modules are loaded in memory, limiting the ability of attackers to point to predetermined memory addresses. Modules are forced to load at randomized addresses for a target process regardless of the flags it was compiled with so that exploits using ROP and relying on predictable mappings will fail.
Bottom-Up Address Space Layout Randomization (BottomUpASLR)
...
BottomUpASLR improves the Mandatory ASLR mitigation by randomizing the base address of bottom-up allocations (including heaps, stacks, and other memory allocations).
(top)Load Library Protection (LoadLib)
...
LoadLib stops the loading of modules located in UNC paths, which is a common technique in Return Oriented Programming (ROP) attacks.
ROP Caller Check (Caller)
...
Caller checks stop the execution of critical functions if they are reached via a ' RET ' instruction instead of a CALL instruction, which is a common technique in Return Oriented Programming (ROP) attacks.
ROP Simulate Exec Flow (SimExecFlow)
...
SimExecFlow reproduces the execution flow after the return address, trying to detect Return Oriented Programming (ROP) attacks.
(rop)Stack Pivot (StackPivot) - Checks if the stack pointer is changed to pint point to attacker-controlled memory areas, which is a common technique in Return Oriented Programming (ROP) attacks. This mitigation also validates the stack register present in the context structure of certain APIs.
Attack Surface Reduction (ASR) - Prevents defined modules from being loaded in the address space of the protected process.
...