today I found a software called WehnTrust.

It’s claimed that it introduces ASLR (address space layout randomization) features for Windows XP and Server 2003. This sounds very promising because ASLR adds another protection against buffer overflow attacks besides DEP.
ASLR is included in later Windows operating systems by default. By the way, the software is OpenSource.

I couldn’t find anything about ASLR in the CIS help file. So I don’t know if CIS itself has any ASLR capatibilities.
Can anyone tell me if CIS BO protection is only passive (e.g. recognizing a BO attack) or also active (e.g. doing something like ASLR already)?
If it’s only passive, installing WehnTrust might be a good idea on XP/Server 2003 systems to add another method of protection.

Comodo does not have ASLR capabilities.

I guess BO protection is passive. It detects and then lets the user decide to deny or allow the application to be executed.

Thank you for your response.