Well, I have Control Flow Guard, Data Execution Prevention, Forced Randomization for images, randomizing memory allocations, validate exception chains and heap integrity all enabled.
I wound up exceptioning Arbitrary Code Guard to OFF, blocking images with low integrity as well, remote images, fonts that "aren't trusted", Code Integrity Guard, the CFG, DEP, disabling deactivation of addon-mechanisms allowing for DLL injections, Win32k calls, subprocesses, EAF, forced randomizaion, hardwarebased stack protection, IAF, memory allocation, and SimExec. You can experiment as well.