Exploit Prevention monitors code that exploits vulnerabilities on your device to gain administrative privileges or perform malicious actions. Exploits can, for example, use a buffer overflow attack. Such an attack involves sending a lot of data to the vulnerable application. When the vulnerable application processes this data, it executes malicious code. As a result of this attack, the exploit can initiate unauthorized installation of malware. If an attempt to run an executable file from a vulnerable application was not made by the user, Kaspersky Endpoint Security blocks the execution of this file or informs the user. By default, Exploit Prevention is disabled.
Exploit Prevention requires enabling Behavior Detection and the updatable kernel module. For optimal operation of the Exploit Prevention component, we recommend also enabling the Web Threat Protection component.
The KESL container functionality is not available when using Kaspersky Endpoint Security in Light Agent mode for protecting virtual environments.
You can enable or disable Exploit Prevention, and select the action that the application performs when an exploit is detected.