Note: This problem has been solved. Solution is a few posts down.

One of my machines runs Windows 10 Pro 22H2 (64-bit of course). For those of you with interests and backgrounds in IT Security or cybersecurity in general, you might have heard of Microsoft Enhanced Mitigation Experience Toolkit (EMET) in the Windows 7, Windows 8.x, and I believe Windows XP days. It offered a bunch of settings to add more protection for individual applications run on a system and can also fine-tune which ones are enabled or disabled. Individual executables may not be compiled to support Mandatory ASLR and other mitigations, for example, and have to be whitelisted, or the app generally crashes immediately when it's opened.

Starting with Windows 10 and 11 (as well as Windows Server line, I believe), Microsoft discontinued EMET and slowly included those protections built into the operating system. They're found in Windows Security --> App & browser control --> Exploit protection --> Exploit protection settings for those interested.

One setting (DEP) that's been around the longest is also found in Advanced System Settings (which brings up "System Properties with multiple tabs for Computer Name, Hardware, Advanced, System Protection, Remote) --> Advanced tab --> Performance (click on Settings) --> Data Execution Prevention. It's generally pretty safe to change the setting to "Turn on DEP for all programs and services except those I select" instead of just the default "Turn on DEP for Essential Windows programs and services only." I've found this setting to not give me any issues across all apps, ever, and is pretty safe to turn on to harden some security on your system. Downside is many exploits/hacking methods attack memory in more advanced ways, hence why Mandatory ASLR, Bottom-up ASLR, SEHOP, Control Flow Guard (CFG), etc. are stronger protections.

Anyway I recently turned on more protections system-wide in Exploit protection --> System settings. I learned that there IS a difference between "Use default (On)" and "On by default" even though they sound like they have the same meaning. Silly Microsoft devs and their word choice. Anyway, the "On by default" setting is stronger and means what it says and forces it across all applications (makes it mandatory) instead of making it optional.

---------------

So back to my new issue. Since turning a bunch of settings to "On by default" and rebooting, I can't run any tasks in BOINC / World Community Grid anymore. (Using the latest 8.0.2). I have changed:

* Control flow guard (CFG)
* Force randomization for images (Mandatory ASLR)
* Randomize memory allocations (Bottom-up ASLR)
* High-entropy ASLR
* Validate exception chains (SEHOP)
* Validate heap integrity

So when downloading a Mapping Cancer Markers (MCM1) task, it gives me an error immediately. So in "Program settings" in Exploit protection, you can whitelist exe's and turn off individual protections just so the app will work.

I've turned off ALL of these settings for "boinc.exe" and MCM1 tasks still fail immediately. It won't let me whitelist "wcgrid_mcm1_map_7.61_windows_x86_64" since it only allows the exe extension.

So I totally thought boinc.exe was the wrapper executable that runs all the science applications underneath it. I haven't tried with boinctray.exe or boincmgr.exe but I think those are just for the Graphical User Interface of BOINC Manager and have nothing to do with running the actual science apps, no?

So anyone here have any guidance or solutions on 1) which exe to whitelist; and 2) which specific mitigations to disable that are causing the crash?

I feel like most users don't mess with these protection settings so I may have more luck getting answers in the official BOINC forum, but I thought I would try here first.

Thanks!