Exploit Prevention

Exploit Prevention monitors code that exploits vulnerabilities on your device to gain administrative privileges or perform malicious actions. Exploits can, for example, use a buffer overflow attack. Such an attack involves sending a lot of data to the vulnerable application. When the vulnerable application processes this data, it executes malicious code. As a result of this attack, the exploit can initiate unauthorized installation of malware. If an attempt to run an executable file from a vulnerable application was not made by the user, Kaspersky Endpoint Security blocks the execution of this file or informs the user. By default, Exploit Prevention is disabled.

Exploit Prevention requires enabling Behavior Detection and the updatable kernel module. For optimal operation of the Exploit Prevention component, we recommend also enabling the Web Threat Protection component.

You can enable or disable Exploit Prevention and manage component settings:

• Select the action that the application will perform when an exploit is detected:
• Configure exclusions of objects from scans. A scan exclusion is a set of conditions. When these conditions are met, the application does not scan the objects for viruses and other malware. You can exclude from scans:
  • Objects by the name of the threats detected in them
  • Files and directories at the specified paths
  • Files with the specified hash

In this Help section Configuring Exploit Prevention in the Web Console Configuring Exploit Prevention in the Administration Console Configuring Exploit Prevention on the command line

Page top