Excluded process triggers Data Execution Prevention signature 9990

Technical Articles ID: KB92944
Last Modified: 2022-04-27 02:05:11 Etc/GMT

Environment

Endpoint Security (ENS) Threat Prevention 10.x
Microsoft Data Execution Prevention (DEP)

Problem

When you create an exclusion for a process for Exploit Prevention signature 9990, the application continues to trigger signature 9990.

Solution

This behavior is as designed.

NOTE: Signature 9990 is grayed out in the Signature list. To enable or disable the signature, use the option "Enable Windows Data Execution Prevention" in the Windows Data Execution Prevention row of the policy. As such, the signature settings for signature 9990 must be both enabled or disabled for Block and Report. For more information, see the "Windows Data Execution Prevention (DEP)" section of the Endpoint Security Interface Reference Guide.

To submit a new product idea, go to the Enterprise Customer Product Ideas page.

Click Sign In and enter your ServicePortal User ID and password. If you do not yet have a ServicePortal or Community account, click Register to register for a new account on either website.

For more information about product ideas, see KB60021 - How to submit a Product Idea.

Workaround

This workaround disables all ENS Buffer Overflow and Illegal API Use protection for the associated process.

Select Exploit Prevention event ID 18056 (Buffer Overflow detected and blocked (DEP)) in the Exploit Prevention Events log.
Choose Action, Add Exclusion.
Edit the added exclusion in the associated Exploit Prevention policy.
Remove signature ID 9990 from the exclusion.
Save the exclusion and policy.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Excluded process triggers Data Execution Prevention signature 9990

Environment

Problem

Solution

Workaround

Affected Products

Languages:

Title

Title

Knowledge Center

Excluded process triggers Data Execution Prevention signature 9990

Environment

Problem

Solution

Workaround

Affected Products

Languages:

Choose your region

Title

Title