Buffer Overflow Protection tab

Option definitions

Prevent buffer overflow exploits from executing arbitrary code on your computer.

Option Definition
Settings for Select Workstation or Server from the drop-down list.
Note: This option is only available via ePolicy Orchestrator.
Buffer overflow settings Enable buffer overflow protection — Enable the buffer overflow protection feature, then select the protection level.
  • Warning mode — Sends a warning when a buffer overflow is detected. No other action is taken.

    This mode is useful when the full impact of a buffer overflow is not known. Use the feature in Warning Mode for a short while and review the log file during that time to help determine whether to change to Protection Mode.

  • Protection mode — Blocks buffer overflows as they are detected and terminates the detected thread.

    This can also result in termination of the application.

Client system warning Show the messages dialog box when a buffer overflow is detected — Displays the On-Access Scan Messages dialog box when a detection occurs.
Buffer overflow exclusions Specify the exclusion information:

The exclusion names are case-sensitive.

  • Process — Specify the process name that owns the writable memory that is making the call.

    Type the process name alone or include its path.

    If you type the process name only, such as for OUTLOOK.EXE, that process is excluded whenever it is executed, no matter where it is located. If you type the process name including the path, such as C:\Program files\OUTLOOK.EXE, that process is excluded only when it is executed from the specified path. Wildcards are not allowed.

  • Module (optional) — If applicable, type the name of the module that owns the writable memory. This is information is not required.
  • API — Specify the API being called.

    The API is required only if the module is specified.