Kaspersky Internet Security
Helps protect every aspect of your digital life – on PC, Mac & Android
Exploit Prevention (EP), part of Kaspersky Lab’s multi-layered, next generation protection, specifically targets malware that takes advantage of software vulnerabilities. It was designed to add an additional layer of protection for the most frequently targeted programs and technologies. EP provides an efficient and non-intrusive way for blocking and detection of both known and unknown exploits. EP is an integral part of Kaspersky Lab’s behavior-based detection capabilities.
Exploit “kill chains” consist of multiple stages. For example, web-based exploits often utilize drive-by download attacks. Infection starts when a victim visits a compromised website injected with malicious Javascript code. After multiple checks, the victim is finally redirected to a landing page with a Flash, Silverlight, Java or Web Browser exploit. For Microsoft Office or Adobe Reader vulnerabilities, on the other hand, the initial infection vector can be a phishing email or malicious attachment.
After performing the initial delivery stage, the attacker exploits one or more software vulnerabilities to get control of the process execution flow and moves on to the exploitation stage. Due to Operating System built-in security mitigations, directly running arbitrary code is often not possible, so the attacker must first bypass them. Successful exploitation allows for a shellcode execution, where the attacker’s arbitrary code starts to run, finally resulting in a payload execution. Payloads can be downloaded as a file, or even loaded and executed directly from system memory.
No matter how initial steps are performed – the ultimate goal of an attacker is to launch the payload and start the malicious activity. Launching another application or execution thread can be very suspicious, especially if the app in question is known to be lacking such functionality. Exploit Prevention technology monitors those actions, and pauses execution flow of an application, applying additional analysis to check whether the attempted action was legal or not. Program activity that took place before the suspicious code launch (memory changes in particular memory areas, as well as source of the attempted code launch) is used to identify if an action was made by an exploit. Not only that, EP also applies a number of security mitigation to address most of the attacking techniques used in exploits, including Dll Hijacking, Reflective Dll Injection, Heap Spray Allocation, Stack Pivot and so on. Those additional behavioral indicators, provided by an execution tracking mechanism of the Behavior Detection component, allow the technology to block payload execution with confidence.
Helps protect every aspect of your digital life – on PC, Mac & Android
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
Kaspersky Small Office Security protects more of the things that matter to your business – including your money, identity & confidential customer information.
Helps protect every aspect of your digital life – on PC, Mac & Android
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
Kaspersky Small Office Security protects more of the things that matter to your business – including your money, identity & confidential customer information.
Helps protect every aspect of your digital life – on PC, Mac & Android
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
US 9336390 B2
US 9336390 B2
US 9336390 B2
Real World Enterprise Security Exploit Prevention Test (November 2016)
Product Comparative Real-World Protection Test Focus on Exploit and In-The-Wild Malware (April 2016)
Product Comparative Real-World Protection Test Focus on Exploit and In-The-Wild Malware (April 2016)
Real World Enterprise Security Exploit Prevention Test (April 2015)
Real World Enterprise Security Exploit Prevention Test (February 2014)
Ransomware protection on both delivery and execution stages by technologies from Multi-layered protection stack
Multi-layered approach allows effective protection against different types of malware.
Behavior Monitoring with Memory Protection provide the most efficient ways to protect against advanced threats and zero-day malware.
Fileless threat does not store its body directly on disk and requires special attention from security solutions
Ransomware protection on both delivery and execution stages by technologies from Multi-layered protection stack
Multi-layered approach allows effective protection against different types of malware.
Behavior Monitoring with Memory Protection provide the most efficient ways to protect against advanced threats and zero-day malware.
Fileless threat does not store its body directly on disk and requires special attention from security solutions
Ransomware protection on both delivery and execution stages by technologies from Multi-layered protection stack
Multi-layered approach allows effective protection against different types of malware.