Exploit Prevention

The Exploit Prevention component detects program code that takes advantage of vulnerabilities on the computer to exploit administrator privileges or to perform malicious activities. For example, exploits can utilize a buffer overflow attack. To do so, the exploit sends a large amount of data to a vulnerable application. When processing this data, the vulnerable application executes malicious code. As a result of this attack, the exploit can start an unauthorized installation of malware. When there is an attempt to run an executable file from a vulnerable application that was not performed by the user, Kaspersky Endpoint Security blocks this file from running or notifies the user.

Exploit Prevention component settings

Parameter

Description

On detecting exploit

Block operation. If this item is selected, on detecting an exploit, Kaspersky Endpoint Security blocks the operations of this exploit and makes a log entry with information about this exploit.

Notify. If this item is selected, when Kaspersky Endpoint Security detects an exploit it logs an entry containing information about the exploit and adds information about this exploit to the list of active threats.

Enable system process memory protection

If this toggle button is switched on, Kaspersky Endpoint Security blocks external processes that attempt to access system process memory.

See also: Managing the application via the local interface

Enabling and disabling Exploit Prevention

Selecting an action to take when an exploit is detected

System processes memory protection

Page top