Managing vulnerability exploitation
Hackers use many malicious techniques such as heap spraying and process hollowing to exploit vulnerabilities on workstations. Threat protection rules on Stormshield Endpoint Security Evolution make it possible to detect these attack techniques and/or block them effectively.
Depending on the severity of threats, some protections are available only in audit rule sets or only in protection rule sets, while some are relevant in both cases.
In protection rule sets, incidents are always generated for most rules. In audit rule sets, this is an option that you can choose to enable or disable.
The Stormshield Default Policy implements a specific number of protection and audit rules, but you can create your own custom rules. For every rule type, you can define:
- Default behavior,
- Specific behavior for certain applications.
For more information on audit and protection rule sets, and default and specific behavior, refer to Understanding security policies.
Security rules can be disabled at any time. For more information, refer to the section Disabling security rules.