Memory protection

Compare list
Kaspersky
ESET
Bitdefender
F-Secure
Malwarebytes
Avast
AVG
Norton
Symantec
McAfee
Windows Defender
Sophos
Cylance
In-depth Comparison


Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
When you say memory protection, are you talking about buffer overflow control and mitigation (like an anti-exploit)?

If so I guess every solution nowadays has some kind of this protection integrated in the behavior blocker/application control/HIPS module, the exception is Cylance Smart Antivirus (home version), it lacks the memory protection module that is present in the enterprise edition.

Ironically, third party antivirus solutions are the premier target of this attack to compromise the system, nullifying some native Windows features.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
When you say memory protection, are you talking about buffer overflow control and mitigation (like an anti-exploit)?

If so I guess every solution nowadays has some kind of this protection integrated in the behavior blocker/application control/HIPS module, the exception is Cylance Smart Antivirus (home version), it lacks the memory protection module that is present in the enterprise edition.

Ironically, third party antivirus solutions are the premier target of this attack to compromise the system, nullifying some native Windows features.

Thanks for this - I'm not referring to anti-exploit, so not protection of the process' own memory space from exploitation techniques (eg buffer overflow), I'm referring to protecting a process memory space from other processes, so anti-injection.

Windows store apps already have protections ( appcontainer ) for injecting onto other processes - so memory protection is less needed in practice these days if one uses only store apps + a browser that uses containerisation but e.g. thunderbird or firefox didn't have such protections last time I checked and once compromised could inject into other processes.

I'd say this is more related to post exploit protection, ie thunderbird gets compromised via exploit, an anti-exe would block the compromised thunderbird process from launching a new process eg cmd.exe but an anti-exe cannot prevent an injection to another process that's already up and running.

I'm aware appguard offers this protection (as well as SRP) but I'm wondering, do any of the full-suite AVs offer it as well ?

3rd party AVs indeed increase the attack surface, even kernel level attack surface, and it's why I use WD - but this is a different topic
 
  • Like
Reactions: roger_m

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top