Kaspersky Security 11.x for Windows Server

Exploit prevention techniques

June 10, 2022

ID 146656

Exploit prevention techniques

Exploit prevention technique


Data Execution Prevention (DEP)

Data execution prevention blocks execution of arbitrary code in protected areas of memory.

Address Space Layout Randomization (ASLR)

Changes to the layout of data structures in the address space of the process.

Structured Exception Handler Overwrite Protection (SEHOP)

Replacement of exception records or replacement of the exception handler.

Null Page Allocation

Prevention of redirecting the null pointer.

LoadLibrary Network Call Check (Anti ROP)

Protection against loading DLLs from network paths.

Executable Stack (Anti ROP)

Blocking of unauthorized execution of areas of the stack.

Anti RET Check (Anti ROP)

Check that the CALL instruction is invoked safely.

Anti Stack Pivoting (Anti ROP)

Protection against relocation of the ESP stack pointer to an executable address.

Simple Export Address Table Access Monitor (EAT Access Monitor & EAT Access Monitor via Debug Register)

Protection of read access to the export address table for kernel32.dll, kernelbase.dll, and ntdll.dll

Heap Spray Allocation (Heapspray)

Protection against allocating memory to execute malicious code.

Execution Flow Simulation (Anti Return Oriented Programming)

Detection of potentially dangerous chains of instructions (potential ROP gadget) in the Windows API component.

IntervalProfile Calling Monitor (Ancillary Function Driver Protection (AFDP))

Protection against escalation of privileges through a vulnerability in the AFD driver (execution of arbitrary code in ring 0 through a QueryIntervalProfile call).

Attack Surface Reduction (ASR)

Blocking the start of vulnerable add-ins via the protected process.

Anti Process Hollowing (Hollowing)

Protection against creating and executing the malicious copies of trusted processes.

Anti AtomBombing (APC)

Global atom table exploit via Asynchronous Procedure Calls (APC).

Anti CreateRemoteThread (RThreadLocal)

Another process has created a thread in protected process.

Anti CreateRemoteThread (RThreadRemote)

Protected process has created a thread in another process.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.