Applicable for: Windows
The Exploit Prevention feature in your Norton product helps protect programs and files that are prone to exploit attacks that compromise your security and privacy. It is designed to detect and block attempts to run malicious threats or processes in the system memory that can exploit vulnerable applications on your PC.
A zero-day exploit is a technique that cybercriminals use to take advantage of vulnerabilities in a program in order to perform malicious actions on your computer. Besides slowing down your computer or causing programs to fail, these exploits can expose your personal data and confidential information to cybercriminals.
By default, Norton Exploit Prevention is turned on to help block attacks against vulnerable programs by closing those programs. Your Norton product displays an Attack Blocked notification when it shuts down a program and provides links to information about the attack.
Your Norton product uses proactive exploit prevention techniques to help protect your computer from the latest zero-day attacks. You can turn individual techniques on or off. By default, all techniques are turned on.
We recommend that you keep all individual Exploit Prevention techniques turned on for protection against the widest range of exploits.
The Suspicious Behavior techniques are designed to detect and block suspicious programs that might be injected with malicious code. They include:
Suspicious API calls
Traces WIN32 API functions, which can be used to run malicious code.
Suspicious kernel calls
Traces Windows NT kernel functions, which can be used to run malicious code.
Suspicious IO calls
Traces device input/output operations, which can be used to run modified data.
Suspicious network connections
Traces network connections, which can be used to download malicious code.
System Modifications is designed to detect and block potentially malicious code that attempts to make changes to your Windows operating system. They include:
Kernel data modifications
Checks vulnerable NT kernel data structures, which are responsible for user access privileges.
System memory modifications
Checks process memory modifications, which can be used to run malicious code.
System code modifications
Checks process code modifications, which can be used to run malicious code.
Open your Norton device security product.
On the left pane, click Security.
In the Security dashboard, click Advanced Security.
In the Advanced Security window, click Exploit Prevention.
In the Exploit Prevention window, move the switch to Off or On.
If you choose to turn it off, you must select a duration after which it should automatically turn on.
Was this article helpful?