The Exploit Prevention component detects program code that takes advantage of vulnerabilities on the computer to exploit administrator privileges or to perform malicious activities. For example, exploits can utilize a buffer overflow attack. To do so, the exploit sends a large amount of data to a vulnerable application. When processing this data, the vulnerable application executes malicious code. As a result of this attack, the exploit can start an unauthorized installation of malware.
When there is an attempt to run an executable file from a vulnerable application that was not performed by the user, Kaspersky Endpoint Security blocks this file from running or notifies the user.
Exploit Prevention component settings
Parameter |
Description |
---|---|
On detecting exploit |
|
Enable system process memory protection |
If this toggle button is switched on, Kaspersky Endpoint Security blocks external processes that attempt to access system process memory. |