Bug applies to both 4.1u1 & 5.1 (OS: XP Pro x64 )
Consider this from the "Popular Software.xml" file (4.1u1)
<Product Name="Skype">
<Version Arch="x86" Path="*\Skype\Phone\Skype.exe">
<Mitigation Name="EAF" Enabled="false" />
</Version>
</Product>
For some reason this will also disable SEHOP, in fact any change from the default settings will disable SEHOP, for instance this (from 5.1 popular) will also do it even though it's adding rather than subtracting:
<Product Name="Internet Explorer">
<Version Path="*\Internet Explorer\iexplore.exe">
<Mitigation Name="EAF+" Enabled="true">
<eaf_modules>mshtml.dll;flash*.ocx;jscript*.dll;vbscript.dll;vgx.dll</eaf_modules>
</Mitigation>
<Mitigation Name="ASR" Enabled="true">
<asr_modules>npjpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll</asr_modules>
<!-- 0 = Local; 1 = Intranet; 2 = Trusted; 3 = Internet; 4 = Untrusted; -->
<asr_zones>1;2</asr_zones>
</Mitigation>
</Version>
</Product>
If one adds <Mitigation Name="SEHOP" Enabled="true"/> as the last mitigation for the application, the effect can be overridden, for example:
<Product Name="Skype">
<Version Arch="x86" Path="*\Skype\Phone\Skype.exe">
<Mitigation Name="EAF" Enabled="false" />
<Mitigation Name="SEHOP" Enabled="true"/>
</Version>
</Product>