Exploit prevention

This feature is available only if you have the Advanced Security protection pack enabled. For more information, see https://www.acronis.com/en-us/products/cloud/cyber-protect/security/
The availability of this feature depends on the service quotas that are enabled for your account.

Exploit prevention detects and prevents infected processes from spreading and exploiting the software vulnerabilities on a systems. When an exploit is detected, the software can generate an alert and stop the process suspected of exploit activities.

Exploit prevention is available only with agent versions 12.5.23130 (21.08, released in August 2020) or later.

Default setting: Enabled for newly created protection plans, and Disabled for existing protection plans, created with previous agent versions.

Exploit prevention is not supported for Linux.

You can select what should the program do when an exploit is detected, and which exploit prevention methods are applied by the program.

To configure Exploit prevention

  1. In the Create protection plan window, expand the Antivirus & Antimalware protection module.
  2. Click Exploit prevention.
  3. In the Action on detection section, select one of the available options:

    4. Default setting: Stop the process

    • Notify only

      The software will generate an alert about the process suspected of exploit activities.

    • Stop the process

      The software will generate an alert and stop the process suspected of exploit activities.

  4. In the Enabled exploit prevention techniques section, select from the available options that you want to be applied:

    5. Default setting: All methods are enabled

    • Memory protection

      Detects and prevents suspicious modifications of the execution rights on memory pages. Malicious processes apply such modifications to page properties, to enable the execution of shell codes from non-executable memory areas like stack and heaps.

    • Return-oriented programming (ROP) protection

      Detects and prevents attempts for use of the ROP exploit technique.

    • Privilege escalation protection

      Detects and prevents attempts for elevation of privileges made by an unauthorized code or application. Privilege escalation is used by malicious code to gain full access of the attacked machine, and then perform critical and sensitive tasks. Unauthorized code is not allowed to access critical system resources or modify system settings.

    • Code injection protection

      Detects and prevents malicious code injection into remote processes. Code injection is used to hide malicious intent of an application behind clean or benign processes, to evade detection by antimalware products.

  5. Click Done to apply the selected options to your protection plan.

Processes that are listed as trusted processes in the Exclusions list will not be scanned for exploits.