Configuring process memory protection settings

Support

Support for business applications

Kaspersky Embedded Systems Security 3.x

Exploit Prevention

Managing Exploit Prevention via the Web Plug-in

Configuring process memory protection settings

October 25, 2023

ID 192831

Save as PDF

To configure Exploit Prevention settings for processes added to the list of protected processes, perform the following actions:

In the main window of the Kaspersky Security Center Web Console, select Devices → Policies & profiles.
Click the policy name you want to configure.
In the <Policy name> window that opens select the Application settings tab.
Select the Real-Time Computer Protection section.
Click Settings in the Exploit Prevention subsection.
Open the Exploit Prevention settings tab.
In the Exploit prevention mode block, configure the following settings:
- Prevent vulnerable processes exploit.
  If this check box is selected, Kaspersky Embedded Systems Security for Windows reduces the risks that vulnerabilities will be exploited in processes in the list of protected processes.
  
  If this check box is cleared, Kaspersky Embedded Systems Security for Windows does not protect device processes from exploits.
  
  By default, the check box is cleared.
  - Terminate on exploit.
    If this mode is selected, Kaspersky Embedded Systems Security for Windows terminates a protected process upon detecting an exploit attempt if an active impact reduction technique has been applied to the process.
  - Notify only.
    If this mode is selected, Kaspersky Embedded Systems Security for Windows reports exploits by displaying a terminal window. The abused process continues to run.
    
    If Kaspersky Embedded Systems Security for Windows detects an exploit in a critical process while the application is running in Terminate on exploit mode, the component switches to Notify only mode.
In the Preventing actions block, configure the following settings:
- Notify about abused processes via Terminal Service.
  If this check box is selected, Kaspersky Embedded Systems Security for Windows displays a terminal window with an explanation of why protection was activated and an indication of the process in which an exploit attempt was detected.
  
  If the check box is cleared, Kaspersky Embedded Systems Security for Windows displays a terminal window when an exploit attempt or termination of an abused process is detected. A terminal window is displayed regardless of the status of the Kaspersky Security Exploit Prevention Service.
  
  By default, the check box is cleared.
- Prevent vulnerable processes exploit even if Kaspersky Security Service is disabled.
  If this check box is selected, Kaspersky Embedded Systems Security for Windows will reduce the risk of vulnerabilities being exploited in processes that have already been started, regardless of whether the Kaspersky Security Service is running. Kaspersky Embedded Systems Security for Windows will not protect processes added after the Kaspersky Security Service is stopped. If the service is restarted, exploit impact reduction will be stopped for all processes.
  
  If this check box is cleared, Kaspersky Embedded Systems Security for Windows does not protect processes from exploits when the Kaspersky Security Service is stopped.
  
  By default, the check box is cleared.
Click the OK button in the Exploit Prevention window.

Kaspersky Embedded Systems Security for Windows saves and applies the configured process memory protection settings.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.