A few weeks ago we updated your machines in the EAP with four new Intercept X exploit mitigation types.
While these features were active in terms of scanning for and detecting of potential exploits, users have not seen any threats blocked based on these mitigation types. After having run this on your machines in silent mode, we are now confident to start blocking detections of these exploits.
As a reminder, these are the new exploit mitigations that are now in blocking mode:
- EFS Guard: Protection against Encrypting File System attacks
- Dynamic Shellcode Protection: Detects and blocks behavior of stagers
- CTF Guard: Protects against a vulnerability in the "CTF" Windows component
- ApiSetGuard: Prevents applications from side-loading a malicious DLL posing as an ApiSet Stub DLL
More details regarding these new features can be found in this announcement.
A tool to test these detection and mitigation types will be made available shortly, and will be announced in the forum.