Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Exploit Prevention

Exploit prevention techniques

Kaspersky Security 11.x for Windows Server
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Exploit prevention techniques

June 10, 2022

ID 146656

Save as PDF

Exploit prevention techniques

Exploit prevention technique

Description

Data Execution Prevention (DEP)

Data execution prevention blocks execution of arbitrary code in protected areas of memory.

Address Space Layout Randomization (ASLR)

Changes to the layout of data structures in the address space of the process.

Structured Exception Handler Overwrite Protection (SEHOP)

Replacement of exception records or replacement of the exception handler.

Null Page Allocation

Prevention of redirecting the null pointer.

LoadLibrary Network Call Check (Anti ROP)

Protection against loading DLLs from network paths.

Executable Stack (Anti ROP)

Blocking of unauthorized execution of areas of the stack.

Anti RET Check (Anti ROP)

Check that the CALL instruction is invoked safely.

Anti Stack Pivoting (Anti ROP)

Protection against relocation of the ESP stack pointer to an executable address.

Simple Export Address Table Access Monitor (EAT Access Monitor & EAT Access Monitor via Debug Register)

Protection of read access to the export address table for kernel32.dll, kernelbase.dll, and ntdll.dll

Heap Spray Allocation (Heapspray)

Protection against allocating memory to execute malicious code.

Execution Flow Simulation (Anti Return Oriented Programming)

Detection of potentially dangerous chains of instructions (potential ROP gadget) in the Windows API component.

IntervalProfile Calling Monitor (Ancillary Function Driver Protection (AFDP))

Protection against escalation of privileges through a vulnerability in the AFD driver (execution of arbitrary code in ring 0 through a QueryIntervalProfile call).

Attack Surface Reduction (ASR)

Blocking the start of vulnerable add-ins via the protected process.

Anti Process Hollowing (Hollowing)

Protection against creating and executing the malicious copies of trusted processes.

Anti AtomBombing (APC)

Global atom table exploit via Asynchronous Procedure Calls (APC).

Anti CreateRemoteThread (RThreadLocal)

Another process has created a thread in protected process.

Anti CreateRemoteThread (RThreadRemote)

Protected process has created a thread in another process.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats
Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.