RF guard is enabled

ID PE058 Level INFO Category Security

Description

Return flow guard is enabled. This technology had been experimental for some time and did not materialize in the later Windows 10/11 versions. It is recommended to turn off the return flow guard to prevent the linker from generating excessive unused metadata for the image.

Return flow guard was removed in Windows 10 Build 15031.

Mitigation

If using Visual C++:

  • Make sure you do not pass /guard:rf, /guard:rfinstr or /guard:rfstrict options to the compiler or the linker.

Arguments

This rule has no output arguments.