Hi all,
We have added a new exploit mitigation for APC violations.
- APC protection – This detects abuse of Application Procedure Calls often used as part of the new (2016) Atom Bombing exploit technique and more recently used as the method of spreading the Wanna Cry worm. Adversaries can abuse these calls to get another process to execute their code.
You will see the new mitigation in your threat protection policies, this setting will be applied to all Servers in the EAP that have the policy applied to them.
Intercept X for Server Early Access is available on 2008R2 and above.
Please share any feedback about this, or any of the features running in this beta.
Stephen
This thread was automatically locked due to age.