/Guard: Keeping Windows users more secure


June 1, 2015


Manuel Costa, Austin Donnelly, Richard Black


Microsoft Research Cambridge


/guard is a security mitigation technology that helps to protect programs written in C and C++.

Cyber-attacks are becoming increasingly sophisticated, with attackers proactively seeking out vulnerabilities in software to exploit them before the developer has a chance to fix or even detect them. /guard can help protect customers against these kind of attacks even if they are running software with an unknown or unpatched vulnerability. It accomplishes this by breaking techniques attackers have come to rely on, when exploiting vulnerabilities in software – all without the need for prior knowledge that a vulnerability actually exists. This feature was first included with Visual Studio 2015, and Windows 10 binaries are all built with /guard enabled.

/guard was a collaboration between Microsoft Research Cambridge and the Microsoft Developer Division (the C/C++ compiler team) which then expanded to include the Microsoft Security Engineering Centre and Windows (/guard is an OS platform technique).