This policy setting enables Hardware-enforced Stack Protection for kernel-mode code. Kernel-mode data stacks are hardened with hardware-based shadow stacks, which store intended return address targets to ensure that program control flow is not tampered. The recommended state for this setting is: Enabled: Enabled in enforcement mode.Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\System\Device Guard\Turn On Virtualization Based Security: Kernel-mode Hardware-enforced Stack Protection(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!ConfigureKernelShadowStacksLaunch