This policy setting enables process mitigation options on svchost.exe processes.
If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them.
This includes a policy requiring all binaries loaded in these processes to be signed by microsoft, as well as a policy disallowing dynamically-generated code.
If you disable or do not configure this policy setting, these stricter security settings will not be applied.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | System\CurrentControlSet\Control\SCMConfig |
Value Name | EnableSvchostMitigationPolicy |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |