Enabling and disabling exploit prevention

An exploit is a software code that exploits vulnerabilities in a system or software to perform a malicious act on a device. Exploits are often used to install malware on the device without the user’s knowledge. Most often the exploits attack browsers, as well as Adobe® Flash®, Java and Microsoft Office applications.

Exploit prevention includes the following methods:

• Control of executable files launches from vulnerable applications and browsers.
• Control of suspicious actions of vulnerable applications.
• Application actions monitoring.
• Tracking the source of the malicious code.
• Prevention of software vulnerabilities exploitation.

The lists of applications with detected vulnerabilities are updated together with Kaspersky Security application databases.

Exploit Prevention is enabled by default. You can disable Exploit Prevention, if necessary.

To enable or disable Exploit Prevention in Kaspersky Security Center:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
5. In the policy properties window, select the System Watcher section in the list on the left.
6. In the right part of the window, in the General settings section, do one of the following:
   • Select the Enable Exploit Prevention check box if you want Kaspersky Security to monitor executable files that are run by vulnerable applications.

     If Kaspersky Security detects that an executable file from a vulnerable application was run by something other than the user, it blocks this file from running.

   • Clear the Enable Exploit Prevention check box if you do not want Kaspersky Security to monitor executable files that are run by vulnerable applications.
7. Click the Apply button.

To enable or disable Exploit Prevention in the local interface:

1. On the protected virtual machine, open the application settings window.
2. In the left part of the window, in the Anti-Virus protection section, select System Watcher.

   In the right part of the window, the System Watcher component’s settings are displayed.

   If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

3. Do one of the following:
   • Select the Enable Exploit Prevention checkbox if you want Kaspersky Security to monitor executable files that are run by vulnerable applications.

     If Kaspersky Security detects that an executable file from a vulnerable application was run by something other than the user, it blocks this file from running.

   • Clear the Enable Exploit Prevention check box if you do not want Kaspersky Security to monitor executable files that are run by vulnerable applications.
4. To save changes, click the Save button.

Page top