OS: Windows 10 Pro 22H2 64-bit
BOINC: 8.02 - not running as a service
Project: World Community Grid

Regarding Windows 10/11's Exploit Protection Settings, which replace the [discontinued] EMET: I recently learned that "Use default (On)" is not the same as "On by default" in Windows Exploit Protection system-wide settings. The wording is not the best. The former is optional, and the latter is mandatory.

Since turning a bunch of settings to "On by default" and rebooting, I can't run any tasks in BOINC / World Community Grid anymore. (Using the latest 8.0.2). I have changed:

* Control flow guard (CFG)
* Force randomization for images (Mandatory ASLR)
* Randomize memory allocations (Bottom-up ASLR)
* High-entropy ASLR
* Validate exception chains (SEHOP)
* Validate heap integrity

So when downloading a Mapping Cancer Markers (MCM1) task, it gives me an error immediately. So in "Program settings" in Exploit protection, you can whitelist exe's and turn off individual protections just so the app will work.

I've turned off ALL of these settings for "boinc.exe" and MCM1 tasks still fail immediately. It won't let me whitelist "wcgrid_mcm1_map_7.61_windows_x86_64" since it only allows the exe extension.

So I totally thought boinc.exe was the wrapper executable that runs all the science applications underneath it. I haven't tried with boinctray.exe or boincmgr.exe but I think those are just for the Graphical User Interface of BOINC Manager and have nothing to do with running the actual science apps, no?

Still getting the computation error immediately, even after whitelisting the following executables:

boinc.exe
boinccmd.exe
boincmgr.exe
boinctray.exe

I have the following 7 system overrides for all of the above:

* Control flow guard (CFG)
* Data Execution Prevention (DEP)
* Force randomization for images (Mandatory ASLR)
* Randomize memory allocations (Bottom-up ASLR)
* High-entropy ASLR
* Validate exception chains (SEHOP)
* Validate heap integrity

I've also restarted BOINC/BOINC Manager/etc. before testing with a new task.

I've confirmed that -- at least in the GUI -- I can only add files with a "exe" extension, meaning I can't specifically whitelist the "wcgrid_mcm1_map_7.61_windows_x86_64" MCM1 science application. But I thought "boinc.exe" was basically the wrapper executable that runs all the science binaries underneath it, so I was hoping that turning off exploit mitigations on that exe would solve the problem.

So anyone here have any guidance or solutions on 1) which exe to whitelist; and 2) which specific mitigations to disable that are causing the crash?

Thank you.

(Cross-posted from WCG Forums)
The tl;dr is that it's the individual science application that has to be excluded in the Windows Exploit settings, not any of the BOINC application executables (boinc.exe, boinctray.exe, boincmgr.exe, boinccmd.exe, etc.). But since the Windows GUI forces you to only select applications ending in "exe," it wouldn't let me add the science application that was crashing. But if you use the PowerShell command, it'll force add it to the list. You can then use the Windows GUI like usual.

Full text below. This example specifically refers to the World Community Grid's Mapping Cancer Markers application, but the solution can be applied to any science application in any BOINC project that crashes. In this case, it was "Bottom Up ASLR" that was causing the memory crash.

---------------
Got it!!!

I was curious why ARP1 was working just fine but MCM1 would error out, all else being equal. I even deleted the exclusions for boinc.exe, boinctray.exe, boincmgr.exe, and boinccmd.exe. All gone, meaning the protections are active for BOINC as a whole.

So since ARP1 worked and MCM1 gave an error, that meant I really needed to figure out a way to exclude the science application itself. But since the science application's name is wcgrid_mcm1_map_7.61_windows_x86_64 and not wcgrid_mcm1_map_7.61_windows_x86_64.exe, if you use the GUI way (mouse, keyboard, etc.), Windows does not let you make a new exclusion. It's hell-bent on exe only.

So I did a quick web search and found that MS article, and there's a PowerShell way to enable/disable all that stuff.

From this Microsoft documentation article Enable exploit protection, it describes multiple ways to enable, disable, or fine-tune the Windows Exploit protections, both for individual apps as well as system-wide.

So the first thing I did was turn off 4 of the protections for MCM1 using this command:

Set-ProcessMitigation -Name wcgrid_mcm1_map_7.61_windows_x86_64 -Disable CFG, BottomUp, SEHOP, TerminateOnError

MCM1 worked!!! But since I am stubborn and wanted to narrow it down to the EXACT root cause (while still turning on as much protection as possible), I did more trial and error. It turns out that "Bottom up ASLR" is the protection that causes MCM1 to crash. It doesn't like that.

So here are the steps to add an exclusion.

1. Open up a PowerShell command prompt as Administrator.
2. Use this command: Set-ProcessMitigation -Name wcgrid_mcm1_map_7.61_windows_x86_64 -Disable BottomUp

(Of course, exit out of BOINC Manager before you do this.)

Working great!

I assume if any individual science applications crash, then we have to exclude the science application for that particular sub-project.

Feels good to beat something up and find an answer even if it's frustrating as heck in the meantime. Hope this helps any other security nerds who are running Windows and trying to max out security settings. Most people have them turned off so none of this applies.

In reply to SoCrunchy's message of 2 May 2025:

So I totally thought boinc.exe was the wrapper executable that runs all the science applications underneath it. I haven't tried with boinctray.exe or boincmgr.exe but I think those are just for the Graphical User Interface of BOINC Manager and have nothing to do with running the actual science apps, no?

None of them have anything to do with running the science applications as such.
The BOINC Manager is just that- a manager. It determines what project to run, and which Task to process & when.
It's up to each application to actually process the work. A project might have a single application, it might have a dozen (or more).

Personally, just whitelisting C:\ProgramData\BOINC is a whole lot easier.

---

Grant
Darwin NT.

Personally, just whitelisting C:\ProgramData\BOINC is a whole lot easier.

FYI only individual applications can be whitelisted, not entire folders. Sorta like Microsoft EMET, which Windows Exploit Protection replaces.

I think the protection works by DLL injection or something, but I don't remember.

I tried to edit the Original Post (and the title) to put "Solved," but this forum must have a time limit on post and thread edits. I figured it out though.

As far as I know- the time limit for editing posts is 60 minutes (one hour) after the initial posting. (So- 'obviously', since your initial posting was @ 1:49:49 UTC, you would have until 2:49:49 to make any edits to that specific post.)

---

https://boinc.berkeley.edu/dl/

Editing posts is an hour. Outside that hour, a thread starter can add a post, edit that post and then edit the thread title as well. Or he can click the Red X underneath one of his posts and via the message box that comes up report his post to the moderators and ask that they change the thread title.