The same Intercept X features that protect your endpoints are now also activated for the Windows Servers participating in the Server Protection EAP have are now also blocking exploits.
While these features were active in terms of scanning for and detecting of potential exploits, admins have not seen any threats blocked based on these mitigation types. After having run this on your servers in silent mode, we are now confident to start blocking detections of these exploits.
As a reminder, these are the new exploit mitigations that are now in blocking mode:
- EFS Guard: Protection against Encrypting File System attacks
- Dynamic Shellcode Protection: Detects and blocks behavior of stagers
- CTF Guard: Protects against a vulnerability in the "CTF" Windows component
- ApiSetGuard: Prevents applications from side-loading a malicious DLL posing as an ApiSet Stub DLL
More details regarding these new features can be found in this announcement.