Jump to content
Drea

Anti-Exploit exclusion

Recommended Posts

@pbust

I just want to make sure I understand this right,

" The Anti-Exploit exclusions are only for detections of exploit techniques in Layer3 (Application Behavior Protection). If the block happens in any of the other 3 layers which deal with memory based exploit mitigations, there is no file or folder to exclude as the block happens earlier in the chain. "

So, you're saying that it is not necessary to add exclusions because an error or virus, etc, has not been detected?  

Edited by celee

Share this post


Link to post
Share on other sites

Welcome to the forum Drea.

MBAE includes 4 layers of protection, from Layer0 to Layer3. Some detections happen in Layers0 or Layer1 which is very early in the attack chain, way before the malware payload is even delivered from the attacker to the machine. Some detections are Layer3, where we block the malware payload from executing on the machine. Only when there is a malware payload blocked by Layer3 can we add exclusions for these types of payloads.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.