Last week upgraded our two SEPMs on Windows Server 2016 to 14 RU1, but now the option to enable Generic Exploit Mitigation is missing from Intrusion Prevent policy. Did it move? I’m asking because I’m seeing some SEP clients report into SEPM that the Generic Exploit Mitigation is disabled and I went to check the policy to ensure it was enable and locked. However it appears to have been either removed or moved in 14 RU1.
According to https://support.symantec.com/en_US/article.HOWTO125837.html, the option to enable and lock Generic Exploit Mitigation is under Policies > Intrusion Prevention and right-click an Intrusion Prevent policy and select Edit. When I go there Generic Exploit Migration on the left is missing. I even created a new policy, but it is still missing. Where can I find the options for Generic Exploit Migration in 14 RU1?
It now has it's own tab in RU1:
If you enrolled in the cloud portal I highly suggest you review this doc to see what's managed by the cloud after enrolling. It should be required reading:
https://help.symantec.com/cs/saep/SAEP/v123362243_v125098829/What-happens-after-you-enroll-a-Symantec-Endpoint-Protection-Manager-domain-into-the-cloud-portal/?locale=EN_US
Was Generic Exploit Mitigation renamed to Memory Exploit Migration under polices in 14 RU1? Or should Generic Exploit Mitigation be under Memory Exploit Migration policy?
I haven't enrolled in the cloud portal and will read up on before deciding to enroll.
Yep - GEM was renamed to MEM and is now a separate policy.
http://www.symantec.com/docs/HOWTO127057
The release notes contain this info, starting on page 8.
http://www.symantec.com/docs/DOC10647
Thanks Brain.
You're welcome.