MEMORY EXPLOIT PROTECTION (VMs ONLY)
NOTE:
-
This feature does not support SELinux or AppArmor in Enforced Mode
-
Memory Exploit Protection on Windows can lead to system instability if another security product is enabled on the server. Refer to the Section Working with existing security solution (in the Troubleshooting topic) and contact Virsec technical team for further guidance
INTRODUCTION
Memory Injection or Cross-process injection gives attackers the ability to run malicious code that masquerades as legitimate programs. With code injection, attackers don’t use custom processes that can quickly be detected. Instead, they insert malicious code into common processes (e.g., explorer.exe, regsvr32.exe, svchost.exe, etc.), giving their operations an increased level of stealth and persistence.
VSP Memory Exploit Protection protects against external code executing within an authorized process. It is deployed as a VSP-Host component during Probe installation on VMs (Virtual Machines). This feature can be enabled during the Host Profile creation.