Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="ForgottenSeer 823865" data-source="post: 853132"><p>this is not anti-exploit, this is default-deny. </p><p></p><p></p><p>To me, delivery is not exploitation, exploitation is the act of abusing a vulnerability. Eternal Blue is an kernel exploit, it abuse a vulnerability. </p><p>Default-deny tools (anti-exe, etc...) don't prevent exploitation of vulnerabilities.</p><p>The only thing they can do, is they will prevent (as you said) either delivery of the exploit or the post-exploitation part of the attack chain (like abusing rundll32.exe, etc....) </p><p></p><p>Anti-Exploit software are HMPA, MBAE, Windows 10 Exploit Protection and some components in suites, which can prevent exploitation of vulnerabilities, which occurs most of the time via memory attacks. </p><p></p><p>There is no such thing as "<strong>basic </strong>anti-exploit", this is just marketing shenanigans made by some vendors to make their solutions more appealing. And many fall for it and parrot it across boards, so unaware people believe that your so-called <strong>basic anti-exploit</strong> (aka Default-Deny) will protect them from in-memory REAL exploits/attacks.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 823865, post: 853132"] this is not anti-exploit, this is default-deny. To me, delivery is not exploitation, exploitation is the act of abusing a vulnerability. Eternal Blue is an kernel exploit, it abuse a vulnerability. Default-deny tools (anti-exe, etc...) don't prevent exploitation of vulnerabilities. The only thing they can do, is they will prevent (as you said) either delivery of the exploit or the post-exploitation part of the attack chain (like abusing rundll32.exe, etc....) Anti-Exploit software are HMPA, MBAE, Windows 10 Exploit Protection and some components in suites, which can prevent exploitation[B] [/B]of vulnerabilities, which occurs most of the time via memory attacks. There is no such thing as "[B]basic [/B]anti-exploit", this is just marketing shenanigans made by some vendors to make their solutions more appealing. And many fall for it and parrot it across boards, so unaware people believe that your so-called [B]basic anti-exploit[/B] (aka Default-Deny) will protect them from in-memory REAL exploits/attacks. [/QUOTE]
Insert quotes…
Verification
Post reply
Top