for Windows, macOS, and Linux
The Exploit Prevention component detects program code that takes advantage of vulnerabilities on a computer to exploit administrator privileges or to perform malicious activities. For example, exploits can utilize a buffer overflow attack. To do so, the exploit sends a large amount of data to a vulnerable application. When processing this data, the vulnerable application executes malicious code. As a result of this attack, the exploit can start an unauthorized installation of malware. When there is an attempt to run an executable file from a vulnerable application that was not performed by the user, Kaspersky Endpoint Security blocks this file from running or notifies the user.
The Exploit Prevention component additionally monitors network ports for application processes that may threaten the security of the computer. The application gets information about such processes with anti-virus databases.
For the Exploit Prevention component to work, the Behavior Detection component must be enabled. For optimal performance of the Exploit Prevention component, we recommend also enabling the Web Threat Protection component.
Exploit Prevention settings
|
Settings |
OS |
Description |
|---|---|---|
|
Action on threat detection |
|
Inform or prompt for action. If this item is selected, when Kaspersky Endpoint Security detects an exploit, it logs an entry containing information about the exploit and adds information about this exploit to the list of active threats. Block. If this item is selected, on detecting an exploit, Kaspersky Endpoint Security blocks the operations of this exploit and makes a log entry with information about this exploit. |
|
System process memory protection |
|
If this toggle button is switched on, Kaspersky Endpoint Security blocks external processes that attempt to access system process memory. |