Exploit Prevention

The Exploit Prevention component detects program code that takes advantage of vulnerabilities on the computer to exploit administrator privileges or to perform malicious activities. For example, exploits can utilize a buffer overflow attack. To do so, the exploit sends a large amount of data to a vulnerable program. When processing this data, the vulnerable program executes malicious code. As a result of this attack, the exploit can start an unauthorized installation of malware.

When there is an attempt to run an executable file from a vulnerable application that was not performed by the user, Kaspersky Endpoint Security blocks this file from running or notifies the user.

Exploit Prevention component settings

Parameter

Description

On detecting exploit

  • Block operation. If this option is selected, on detection of an exploit Kaspersky Endpoint Security blocks the actions attempted by the exploit.
  • Inform. If this option is selected and an exploit is detected, Kaspersky Endpoint Security does not block the actions of the exploit but adds information about this exploit to the list of active threats.

System processes memory protection

If this toggle button is switched on, Kaspersky Endpoint Security blocks external processes that attempt to access system process memory.

See also: Managing the application via the local interface

Enabling and disabling Exploit Prevention

Selecting an action to take when an exploit is detected

Enabling and disabling system processes memory protection

Page top