You disable mitigations for those processes.

So what stops malware from disabling the mitigations? This is the same issue that Firefox had re: requiring all add-ons to be approved and cryptographically signed by them. If it were possible to disable it it'd be useless. So 99.999% of firefox executables simply cannot run anything not first signed by Moz.