I am in the process of implementing Exploit Guard in our W10 corporate image. I configured it using the GPO "Use a common set of exploit protection settings" that makes use of a XML file. Initially Chrome.exe was not included in the XML file.
I realized that when I opened Chrome, an event ID 10 appeared in
Application and Service Logs -> Microsoft -> Windows -> Security Mitigations -> Kernel mode
Process '\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe' (PID 9740) was blocked from making system calls to Win32k.sys.
I even explicitly included chrome.exe as an exception in the Program Setting list, forcing OFF in the setting "Disable Win32 system calls". To do that I just added this code to the XML file
<AppConfig Executable="chrome.exe"> <SystemCalls> DisableWin32kSystemCalls="false"/> </AppConfig>
But nothing changes, the same event ID appears. One interesting thing is that Chrome seems to work fine, not error windows or crashes.
Any idea how to solve this situation?