Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Memory Exploit Mitigation - Standalone Client

daveram1Jun 20, 2018 06:18 PM

I have a use case that a client is a stand alone client. One of the applications is not starting due ...

ℬrίαηJun 20, 2018 06:36 PM

Why didn't it work? Did you disable MEM for the specific app and it just didn't take? What's the exact ...

Mick2009Jun 21, 2018 05:07 AM

Hi daveram1, Thanks for the post. Contents of this article may help: Hardening Windows clients ...

1. Memory Exploit Mitigation - Standalone Client

0 Recommend
daveram1
Posted Jun 20, 2018 06:18 PM

Reply Reply Privately
I have a use case that a client is a stand alone client. One of the applications is not starting due to Memory Exploit Mitigation. It would be easy to change this if it was a managed client. However, with a stand alone client, there are not options to change the defaults or make an exception. I have tried to export a MEM policy from a SEPM and import it. However, this did not seem to work. Anyone else run into this and have a fix?
2. RE: Memory Exploit Mitigation - Standalone Client

0 Recommend
ℬrίαη
Posted Jun 20, 2018 06:36 PM

Reply Reply Privately
Why didn't it work? Did you disable MEM for the specific app and it just didn't take? What's the exact version of the SEP client this occurs on?
3. RE: Memory Exploit Mitigation - Standalone Client

0 Recommend
Mick2009
Posted Jun 21, 2018 05:07 AM

Reply Reply Privately
Hi daveram1,

Thanks for the post. Contents of this article may help:

Hardening Windows clients against memory tampering attacks with a Memory Exploit Mitigation policy
http://www.symantec.com/docs/HOWTO127057

What exact message appears in the logs and which application is affected-? Is there any other software installed at the same time which injects into processes-?

Please do keep this thread up-to-date with your progress!

Copyright 2019. All rights reserved.

Powered by Higher Logic