Products to compare
Kaspersky
ESET
Bitdefender
F-Secure
Malwarebytes
Avast
AVG
Norton
Symantec
McAfee
Windows Defender
Sophos
Cylance
Compare
Computer protection (Antivirus engine, Heuristic engine)
Features

Nightwalker

Level 17
Verified
Content Creator
When you say memory protection, are you talking about buffer overflow control and mitigation (like an anti-exploit)?

If so I guess every solution nowadays has some kind of this protection integrated in the behavior blocker/application control/HIPS module, the exception is Cylance Smart Antivirus (home version), it lacks the memory protection module that is present in the enterprise edition.

Ironically, third party antivirus solutions are the premier target of this attack to compromise the system, nullifying some native Windows features.
 

notabot

Level 9
When you say memory protection, are you talking about buffer overflow control and mitigation (like an anti-exploit)?

If so I guess every solution nowadays has some kind of this protection integrated in the behavior blocker/application control/HIPS module, the exception is Cylance Smart Antivirus (home version), it lacks the memory protection module that is present in the enterprise edition.

Ironically, third party antivirus solutions are the premier target of this attack to compromise the system, nullifying some native Windows features.
Thanks for this - I'm not referring to anti-exploit, so not protection of the process' own memory space from exploitation techniques (eg buffer overflow), I'm referring to protecting a process memory space from other processes, so anti-injection.

Windows store apps already have protections ( appcontainer ) for injecting onto other processes - so memory protection is less needed in practice these days if one uses only store apps + a browser that uses containerisation but e.g. thunderbird or firefox didn't have such protections last time I checked and once compromised could inject into other processes.

I'd say this is more related to post exploit protection, ie thunderbird gets compromised via exploit, an anti-exe would block the compromised thunderbird process from launching a new process eg cmd.exe but an anti-exe cannot prevent an injection to another process that's already up and running.

I'm aware appguard offers this protection (as well as SRP) but I'm wondering, do any of the full-suite AVs offer it as well ?

3rd party AVs indeed increase the attack surface, even kernel level attack surface, and it's why I use WD - but this is a different topic
 
  • Like
Reactions: roger_m