cancel
Showing results for 
Search instead for 
Did you mean: 

I have problem with Exploit Prevention

Jump to solution
I have problem with Exploit Prevention block the ( C:\PROGRAM FILES (X86)\MICRO SOFT OFFICE\ROO T\OFFICE16\ OUTLOOK.EX E
1 Solution

Accepted Solutions
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: I have problem with Exploit Prevention

Jump to solution

Outlook is protected by Exploit Protection in ENS and Buffer overflow in VSE.

 

I would recommend that you follow the below steps.

How to determine whether Exploit Prevention is blocking the application

  • The issue no longer occurs after disabling one of the following Exploit Prevention features at Endpoint Security Threat Prevention policy, Exploit Prevention Category:
    • Generic Privilege Escalation Prevention (GPEP) - This feature is disabled by default. 
    • Windows Data Execution Prevention (DEP) and DEP exclusions - DEP is disabled by default.
    • Signatures - Only High severity signatures are enabled by default.
    • Application Protection Rules - Explicitly named processes are monitored by default; you might have added additional processes on your own.
  • The ExploitPrevention_Activity log indicates that the application was blocked.

How to prevent Exploit Prevention from blocking an application

  • For Generic Privilege Escalation Prevention, disable the feature.
  • For Windows Data Execution Prevention, add an exclusion for the process being monitored or disable DEP.
  • For Signatures, set the relevant signature to Report only, or disable both Block and Report.
  • For Application Protection Rules, disable the rule blocking the applicable process.

I hope the above information helps.

Let me know in case of further issues.

Regards,

Venu
2 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: I have problem with Exploit Prevention

Jump to solution

Please submit the query to ENS/HIPS group.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: I have problem with Exploit Prevention

Jump to solution

Outlook is protected by Exploit Protection in ENS and Buffer overflow in VSE.

 

I would recommend that you follow the below steps.

How to determine whether Exploit Prevention is blocking the application

  • The issue no longer occurs after disabling one of the following Exploit Prevention features at Endpoint Security Threat Prevention policy, Exploit Prevention Category:
    • Generic Privilege Escalation Prevention (GPEP) - This feature is disabled by default. 
    • Windows Data Execution Prevention (DEP) and DEP exclusions - DEP is disabled by default.
    • Signatures - Only High severity signatures are enabled by default.
    • Application Protection Rules - Explicitly named processes are monitored by default; you might have added additional processes on your own.
  • The ExploitPrevention_Activity log indicates that the application was blocked.

How to prevent Exploit Prevention from blocking an application

  • For Generic Privilege Escalation Prevention, disable the feature.
  • For Windows Data Execution Prevention, add an exclusion for the process being monitored or disable DEP.
  • For Signatures, set the relevant signature to Report only, or disable both Block and Report.
  • For Application Protection Rules, disable the rule blocking the applicable process.

I hope the above information helps.

Let me know in case of further issues.

Regards,

Venu
ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.