Advanced Anti-Exploit
Powered by machine learning, Advanced Anti-Exploit is a proactive technology that stops zero-day attacks carried out through evasive exploits.
Advanced Anti-Exploit catches the latest exploits in real-time and mitigates memory corruption vulnerabilities that can evade other security solutions. It protects the most commonly used applications, such as browsers, Microsoft Office or Adobe Reader, as well as others that you may think of. It watches over system processes and protects against security breaches and hijacking existing processes.
Components
Advanced Anti-Exploit uses the following components:
GravityZone Virtual Appliance
Security agent (Bitdefender Endpoint Security Tools installed on Windows & Linux endpoints)
Prerequisites
For the Advanced Anti-Exploit feature to operate on an endpoint, the following prerequisites need to be met:
The BEST agent needs to be deployed on the endpoint using an installation package that has the Advanced Anti-Exploit module included.
A policy that has Advanced Anti-Exploit enabled needs to be applied to the endpoint.
Your company needs to have a license that includes the Advanced Anti-Exploit feature.
Install and configure Advanced Anti-Exploit
Verify Advanced Anti-Exploit activity
Depending on how you configured your policy, the module will take one of the following actions when suspicious activity is detected from an application:
Kill process: ends immediately the exploited process.
Block process: prevents the malicious process from accessing unauthorized resources.
Report only: GravityZone reports the event without taking any mitigation action. You can view the event details in the Advanced Anti-Exploit notification, and in Blocked Applications and Security Audit reports.
Block and report: prevents the malicious process from accessing unauthorized resources and GravityZone reports the event. You can view the event details in the Advanced Anti-Exploit notification, and in Blocked Applications and Security Audit reports.