Privacy and Security Check if Process is using Hardware-enforced Stack Protection in Windows 11

  • Thread starter Thread starter Brink
  • Start date Published: Start date Updated Updated:

Task_Manager_banner.png

This tutorial will show you how to check if a process is using Hardware-enforced Stack Protection in Windows 10 an Windows 11.

Hardware-enforced Stack Protection offers robust protection against Return Oriented Programming (ROP) exploits since it maintains a record of the intended execution flow of a program.

The Kernel Mode Hardware Enforced Stack Protection security feature is applicable to Windows 11, version 22H2 and above, and provides additional security enhancement for kernel code.

You can use Task Manager to understand the state of enforcement of processes for Hardware-enforced Stack Protection.

Reference:
techcommunity.microsoft.com

Understanding Hardware-enforced Stack Protection | Microsoft Community Hub

ROP (Return Oriented Programming) based control flow attacks have become a common form of attack. In this post, we will describe our efforts to harden...
techcommunity.microsoft.com techcommunity.microsoft.com

Here's How:

1 Open Task Manager (Ctrl+Shift+Esc).

2 Open the Details page in Task Manager. (see screenshot below)

Task_Manager_Hardware-enforced_Stack_Protection-1.png

3 Add the Hardware-enforced Stack Protection column to the "Processes" window in Task Manager if not already added. (see screenshot below)

www.elevenforum.com

Add or Remove Columns in Task Manager in Windows 11

This tutorial will show you how to add or remove columns for details in Task Manager for your account in Windows 11. Task Manager can be used to view and manage your processes, performance statistics, app history, startup apps, users, process details, and services in Windows 11. Starting with...
www.elevenforum.com www.elevenforum.com

Task_Manager_Hardware-enforced_Stack_Protection-2.png

4 Look in the Hardware-enforced Stack Protection column to see if each process you want is currently utilizing the Hardware-enforced Stack Protection security feature or not. (see screenshot below)

Disabled = Process is not protected by Hardware-enforced Stack Protection.

Compatible modules only = Compatibility mode. Compatibility mode provides a more flexible enforcement of stacks, at module granularity. When a return address mismatch occurs in this mode, it is checked to see if 1) it is not in an image binary (from dynamic code) or 2) in a module that is not compiled for /CETCOMPAT. If either hold true, the execution is allowed to continue.

All modules = Strict mode. Strictly enforces stack protections and will terminate the process if the intended return address is also not on the stack.


Task_Manager_Hardware-enforced_Stack_Protection-3.png



That's it,
Shawn Brink


Related Tutorials

 
Last edited:
Click to expand...
Intel (VMX) Virtualization Technology disabled, but
1.jpg
 

My Computer

System One

  • OS
    Microsoft Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI MS-7D98
    CPU
    Intel Core i5-13490F
    Motherboard
    MSI B760 GAMING PLUS WIFI
    Memory
    2 x 16 Patriot Memory (PDP Systems) PSD516G560081
    Graphics Card(s)
    GIGABYTE GeForce RTX 4070 WINDFORCE OC 12G (GV-N4070WF3OC-12GD)
    Sound Card
    Bluetooth Аудио
    Monitor(s) Displays
    INNOCN 15K1F
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD_BLACK SN770 250GB
    KINGSTON SNV2S1000G (ELFK0S.6)
    PSU
    Thermaltake Toughpower GF3 1000W
    Case
    CG560 - DeepCool
    Cooling
    ID-COOLING SE-224-XTS / 2 x 140Mm Fan - rear and top; 3 x 120Mm - front
    Keyboard
    Corsair K70 RGB TKL
    Mouse
    Corsair KATAR PRO XT
    Internet Speed
    100 Mbps
    Browser
    Firefox
    Antivirus
    Microsoft Defender Antivirus
    Other Info
    https://www.userbenchmark.com/UserRun/66553205
Is there a way to disable this completely? I have core isolation / memory integrity, smartscreen, smartapp priority, and windows defender all turned off by the way. I don't need anything related to security

It is very consuming how there are instances of Chrome/Firefox for example saying it is off and other instances says compatible modules only
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Razer Blade 16
    CPU
    AMD Ryzen AI 9 HX 370
    Motherboard
    Razer
    Memory
    64 GB LPDDR5X 8000 MHz RAM
    Graphics Card(s)
    GeForce RTX 5090 24 GB GDDR7 VRAM
    Sound Card
    Six Speaker System THX Spatial Audio
    Monitor(s) Displays
    AOC Q27G3XMN 27" QHD Mini LED Monitor
    Screen Resolution
    QHD (2560x1440)
    Hard Drives
    WD_BLACK SN850X 4TB+8TB SSD
    PSU
    280W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads + llano RGB Laptop Cooling Pad V12
    Keyboard
    SteelSeries Apex 7 TKL - Mechanical Gaming Keyboard (external)
    Mouse
    Razer Basilisk V3 X HyperSpeed
    Internet Speed
    1 GBPS Down / 330 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Premium Security
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
Spartan said:
Is there a way to disable this completely? I have core isolation / memory integrity, smartscreen, smartapp priority, and windows defender all turned off by the way. I don't need anything related to security

It is very consuming how there are instances of Chrome/Firefox for example saying it is off and other instances says compatible modules only
Click to expand...

Hello mate, :-)

Yes, you can disable it below if wanted.

www.elevenforum.com

Enable or Disable Kernel-mode Hardware-enforced Stack Protection in Windows 11

This tutorial will show you how to enable or disable Kernel-mode Hardware-enforced Stack Protection for all users in Windows 11. Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article Article
Privacy and Security Enable or Disable System Guard Secure Launch for Firmware Protection in Windows 11
Replies
2
Views
8K
Brink
Brink
  • Article Article
Privacy and Security Enable or Disable Kernel-mode Hardware-enforced Stack Protection in Windows 11
Replies
1
Views
61K
Cliff S
Cliff S
  • Article Article
Accounts Enable or Disable Administrator Protection for Admin Approval Mode in Windows 11
Replies
16
Views
11K
andrew129260
andrew129260
  • Article Article
Devices Check if HDD, SSD, or NVMe Disk Drive in Windows 11
Replies
1
Views
5K
mecanicogolf
mecanicogolf
  • Article Article
Privacy and Security Verify Local Security Authority (LSA) Protection in Windows 11
Replies
0
Views
6K
Brink
Brink
  • Article Article
System Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows 11
Replies
4
Views
14K
Marcus Vinicus
Marcus Vinicus
  • Article Article
Devices Check If PC Has a Neural Processing Unit (NPU) in Windows 11
Replies
11
Views
10K
Haydon
Haydon

Latest Support Threads

Latest Tutorials

Back
Top Bottom