When you browse the Internet for security tips and suggestions, you will notice that they sound alike on the majority of sites. Use antivirus and a firewall, update your system all the time, don't click on links in emails, and so on.
Today I'm going to discuss a topic that you won't find in the majority of security tips for Windows. SEHOP, which stands for Structured Exception Handler Overwrite Protection, is a security feature that Microsoft integrated into Windows Vista and Windows Server 2008. It is enabled by default on Server 2008 but disabled in Vista. SEHOP was included in the next iteration of Windows client and server as well, again enabled on Server 2008 R2 and disabled on Windows 7.
The feature prevents attackers from exploiting certain software vulnerabilities to successfully attack a system. It is basically a mitigation technique to prevent successful exploits of vulnerable software on the PC. Even if you update your PC and software as soon as updates get released, you may still have vulnerable software on it when attackers find vulnerabilities that are not known yet for instance.
If you are interested to find out more about SEHOP, I suggest you check out an article on Microsoft's Technet website that explains the concept in detail.
Before I'm going to explain how you can enable SEHOP for all applications, it needs to be noted that there may be application incompatibilities. Microsoft notes that most programs should be compatible with SEHOP. Because of that, Microsoft has created options to enable or disable validation for processes individually and for all applications.
Probably the easiest way to get started is to enable SEHOP for all applications and turn it off for applications that are not fully compatible (which you will notice when working with them in Windows).
A Fix It is available that you can run on your computer to enable SEHOP for all applications. You can download it directly from this link.
The Fix It tool creates a System Restore point before it enables SEHOP for all processes on the system. A restart of the PC is required afterwards before the changes take effect.
If you prefer to enable it in the Registry manually, you can do so as well:
To disable SEHOP again, you simply change the value from 0 to 1.
If you are experiencing issues with select processes after enabling SEHOP, you may want to disable the security feature for those processes. For that, you again need to open the Registry Editor and navigate to the following key:
If you do not know, you can either find out if you are running a 32-bit or 64-bit system, or simply try to locate the Wow6432Node key in the Registry. If it exists, you are running a 64-bit version of Windows.
Under that key you may find a list of processes, and it is here that you need to add the processes that you want to enable or disable SEHOP for.
If you like our content, and would like to help, please consider making a contribution: