Detect buffer overflows

If you use role-based administration:
  • You must have the Policy setting - anti-virus and HIPS right to perform this task.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

Buffer overflow detection dynamically analyzes the behavior of programs running on the system in order to detect when an attempt is made to exploit a running process using buffer overflow techniques.

By default, buffer overflows are detected and blocked.

To change the settings for detecting and reporting buffer overflow attacks:

  1. Check which anti-virus and HIPS policy is used by the group or groups of computers you want to configure.
  2. In the Policies pane, double-click Anti-virus and HIPS.
  3. Double-click the policy you want to change.
    The Anti-Virus and HIPS policy dialog box is displayed.
  4. In the On-access scanning panel, make sure the Enable behavior monitoring check box is selected.
  5. Beside Enable behavior monitoring, click Configure. In the Configure Behavior Monitoring dialog box:
    • To alert the administrator and block buffer overflows, select the Detect buffer overflows check box and clear the Alert only, do not block check box.
    • To alert the administrator, but not block buffer overflows, select both the Detect buffer overflows check box and the Alert only, do not block check box.