cancel
Showing results for 
Search instead for 
Did you mean: 

I have problem with Exploit Prevention

Jump to solution
I have problem with Exploit Prevention block the ( C:\PROGRAM FILES (X86)\MICRO SOFT OFFICE\ROO T\OFFICE16\ OUTLOOK.EX E
1 Solution

Accepted Solutions
vnaidu
Level 11
Report Inappropriate Content
Message 3 of 3

Re: I have problem with Exploit Prevention

Jump to solution

Outlook is protected by Exploit Protection in ENS and Buffer overflow in VSE.

 

I would recommend that you follow the below steps.

How to determine whether Exploit Prevention is blocking the application

  • The issue no longer occurs after disabling one of the following Exploit Prevention features at Endpoint Security Threat Prevention policy, Exploit Prevention Category:
    • Generic Privilege Escalation Prevention (GPEP) - This feature is disabled by default. 
    • Windows Data Execution Prevention (DEP) and DEP exclusions - DEP is disabled by default.
    • Signatures - Only High severity signatures are enabled by default.
    • Application Protection Rules - Explicitly named processes are monitored by default; you might have added additional processes on your own.
  • The ExploitPrevention_Activity log indicates that the application was blocked.

How to prevent Exploit Prevention from blocking an application

  • For Generic Privilege Escalation Prevention, disable the feature.
  • For Windows Data Execution Prevention, add an exclusion for the process being monitored or disable DEP.
  • For Signatures, set the relevant signature to Report only, or disable both Block and Report.
  • For Application Protection Rules, disable the rule blocking the applicable process.

I hope the above information helps.

Let me know in case of further issues.

Regards,

Venu
2 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: I have problem with Exploit Prevention

Jump to solution

Please submit the query to ENS/HIPS group.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
vnaidu
Level 11
Report Inappropriate Content
Message 3 of 3

Re: I have problem with Exploit Prevention

Jump to solution

Outlook is protected by Exploit Protection in ENS and Buffer overflow in VSE.

 

I would recommend that you follow the below steps.

How to determine whether Exploit Prevention is blocking the application

  • The issue no longer occurs after disabling one of the following Exploit Prevention features at Endpoint Security Threat Prevention policy, Exploit Prevention Category:
    • Generic Privilege Escalation Prevention (GPEP) - This feature is disabled by default. 
    • Windows Data Execution Prevention (DEP) and DEP exclusions - DEP is disabled by default.
    • Signatures - Only High severity signatures are enabled by default.
    • Application Protection Rules - Explicitly named processes are monitored by default; you might have added additional processes on your own.
  • The ExploitPrevention_Activity log indicates that the application was blocked.

How to prevent Exploit Prevention from blocking an application

  • For Generic Privilege Escalation Prevention, disable the feature.
  • For Windows Data Execution Prevention, add an exclusion for the process being monitored or disable DEP.
  • For Signatures, set the relevant signature to Report only, or disable both Block and Report.
  • For Application Protection Rules, disable the rule blocking the applicable process.

I hope the above information helps.

Let me know in case of further issues.

Regards,

Venu
Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.