Picture 579

Figure – Memory Exploit Protection Workflow


  1. Create Host Profile – Create Host Profile with “Memory Exploit Protection” enabled. Refer Section Create Profile for more information

    Picture 580

  2. Attacker Process Terminated – In cases where Protect mode is enabled, the attacker process is terminated when an attack is detected

  3. Incident Reported – For both Protect and Detect modes, whenever an attack is detected, an incident is generated with the type Memory Integrity. Navigate to Monitor > Incidents in the left navigation pane to view the incident. A sample is depicted below

    Picture 581

  4. Add to Exclusion List (Optional) – If a particular process does not need monitoring, it can be added to the Exclusion list using the below link on the incident. Complete file name must be added to the Exclusion list. It is also case-sensitive



    Regex-based exclusions are not supported currently


    1. Click Add to Exclusions on the incident

      Picture 582

    2. Select whether the Profile or Global Exclusion List must be appended. Click LAUNCH EXCLUSION LIST

      Picture 583

    3. The values are pre-populated. Click SAVE

      Picture 586