How to Enable Exploits Preventions


In this document, you will see how to prevent malware with CrowdStrike Falcon. Falcon uses multiple methods to prevent and detect malware. These methods include machine learning, exploit blocking, blacklisting, and Indicators of Attack (IOA).  This unified combination of methods protects you against known malware, unknown malware and file-less attacks. This document and attached video will focus on exploit blocking.


Read Video Transcript


Preventing file-less malware with exploit blocking

The Falcon machine learning engine is great at blocking known and unknown malware, but malware does not always come in the form of a file that can be analyzed by machine learning. Malware can be deployed directly into memory using exploit kits. This is why Falcon also includes an exploit blocking function. Each of the exploit protections can be turned on or off in the same window as the machine learning configuration. To turn an exploit mitigation on or off, just slide the toggle for the exploit mitigation you want to change.

First navigate to the “Configuration” app, then select “Prevention Policy”.

Prevention Policy Menu location












On the Prevention Policy page, scroll down to the “Exploit Mitigation” section.

Slide the toggle to the right by clicking on it.  The toggle is changed to green and enabled.  Explore the rest of the exploit settings and adjust accordingly. If you want to disable the prevention for that exploit, slide to toggle to the left and confirm that you’d like to disable. 

Exploit Mitigation toggles






After making all your desired changes a dialogue window will open asking to confirm the changes.

Changes confirmation dialogue box








Here is an example of a detection in the Falcon User Interface as a result of enabling exploit blocking.



CrowdStrike Falcon uses an array of methods to protect you against exploits, known malware, unknown malware and file-less malware. Those methods include:

  • Machine Learning
  • Exploit Blocking
  • Indicators of attack
  • Blacklisting and whitelisting

Falcon uniquely combines these powerful methods into an integrated approach that protects endpoints more effectively against both malware and breaches.

More resources

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial