Promotional banner image

Upgrade for Free

Cybercrime is evolving. So is your protection. *Offer for existing members for the remainder of your subscription. Terms apply.

Learn more about Exploit Prevention

Applicable for: Windows

The Exploit Prevention feature in your Norton product helps protect programs and files that are prone to exploit attacks that compromise your security and privacy. It is designed to detect and block attempts to run malicious threats or processes in the system memory that can exploit vulnerable applications on your PC.

A zero-day exploit is a technique that cybercriminals use to take advantage of vulnerabilities in a program in order to perform malicious actions on your computer. Besides slowing down your computer or causing programs to fail, these exploits can expose your personal data and confidential information to cybercriminals.

By default, Norton Exploit Prevention is turned on to help block attacks against vulnerable programs by closing those programs. Your Norton product displays an Attack Blocked notification when it shuts down a program and provides links to information about the attack.

Exploit Prevention techniques

Your Norton product uses proactive exploit prevention techniques to help protect your computer from the latest zero-day attacks. You can turn individual techniques on or off. By default, all techniques are turned on.

We recommend that you keep all individual Exploit Prevention techniques turned on for protection against the widest range of exploits.

The Suspicious Behavior techniques are designed to detect and block suspicious programs that might be injected with malicious code. They include:

  • Suspicious API calls

    Traces WIN32 API functions, which can be used to run malicious code.

  • Suspicious kernel calls

    Traces Windows NT kernel functions, which can be used to run malicious code.

  • Suspicious IO calls

    Traces device input/output operations, which can be used to run modified data.

  • Suspicious network connections

    Traces network connections, which can be used to download malicious code.

System Modifications is designed to detect and block potentially malicious code that attempts to make changes to your Windows operating system. They include:

  • Kernel data modifications

    Checks vulnerable NT kernel data structures, which are responsible for user access privileges.

  • System memory modifications

    Checks process memory modifications, which can be used to run malicious code.

  • System code modifications

    Checks process code modifications, which can be used to run malicious code.

Turn off or turn on Exploit Prevention

  1. Open your Norton device security product.

  2. On the left pane, click Security.

  3. In the Security dashboard, click Advanced Security.

  4. In the Advanced Security window, click Exploit Prevention.

  5. In the Exploit Prevention window, move the switch to Off or On.

    If you choose to turn it off, you must select a duration after which it should automatically turn on.

When Exploit Prevention is turned off, your computer is vulnerable to zero-day attacks and other exploits. Turning off Exploit Prevention may also result in potential security risks that can cause system crashes. We recommend that you keep this feature turned on at all times.

Need more help?

DocID: v20240108180606989
Last modified: 04/24/2025

Was this article helpful?

Download
Manage my account
Buy & renew
Contact us
Community
Support scams
Norton rescue tools
Think you have virus?
Problem launching on Windows