![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 47%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
3,085 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, When you enable it in audit mode, it doesn’t prevent or block anything, it just logs potential security issues. When you enable it in enforcement mode, it actively blocks code that looks like it’s trying to exploit the stack. The logs for this feature are located in the Windows Event Viewer under the following path: “Applications and Services Logs” -> “Microsoft” -> “Windows” -> “KernelMitigationPolicy” -> “Operational”. If you don’t see any logs, make sure that logging is enabled for KernelMitigationPolicy. Right-click on “Operational” under “KernelMitigationPolicy”, then click “Properties” and make sure “Enable logging” is checked. As for the potential system crash, it’s not likely that enabling it in enforcement mode would cause a system crash. However, it could potentially cause certain applications or drivers to stop working if they use programming techniques that look like ROP attacks. If you encounter issues, you can always switch back to audit mode or disable the feature. Best Regards, Hania Lian
If the Answer is helpful, please click "Accept Answer" and upvote it.