App DisabledExceptionChainValidation

OSquery

Check Applications not supporting SEHOP:

Query

select * from registry where key like 'HKEY_LOCAL_MACHINE\SOFTWARE\%Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%\DisableExceptionChainValidation'

Additional Query Info

  • Interval: 86400

JSON

{
  "queries": {
    "App DisabledExceptionChainValidation": {
      "query": "select * from registry where key like 'HKEY_LOCAL_MACHINE\SOFTWARE\%Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%\DisableExceptionChainValidation'",
      "interval": "86400",
      "platform": "",
      "version": "",
      "description": "Check Applications not supporting SEHOP",
      "value": ""
    }
  }
}