How to Block Exploits with CrowdStrike Falcon Endpoint Protection

Introduction

In this document, you will see how to prevent malware with Falcon. Falcon uses multiple methods to prevent and detect malware. These methods include Machine Learning, exploit blocking, blacklisting and Indicators of attack. This unified combination of methods protects you against known malware, unknown malware and file-less malware. This document and attached video will focus on exploit blocking.

Video

Read Video Transcript

Instructions

Preventing file-less malware with exploit blocking

The Falcon machine learning engine is great at blocking known and unknown malware, but malware does not always come in the form of a file that can be analyzed by machine learning. Malware can be deployed directly into memory using exploit kits. This is why Falcon also includes an exploit blocking function. Each of the exploit protection can be turned on or off in the same window as the machine learning configuration. To turn an exploit mitigation on or off, just slide the toggle for the exploit mitigation you want to change.

First navigate to the “Configuration” app, then in the “Prevention Policy”.

prevention-policy

Next, scroll down to the “Exploit Mitigation” section

exploit-mitigation

Next, let’s slide the toggle to the right by clicking the slider on the far right. A dialogue window will open asking to confirm the changes.

aslr-policy-change

 

The toggle is changed to green and enabled. Explore the rest of the exploit settings and adjust accordingly.

change-accepted

If you want to disable the prevention for that exploit, slide to toggle to the left and confirm that you’d like to disable.

Here is an example of detection in the Falcon User Interface as a result of enabling exploit blocking.

blocked-exploit

Conclusion: Using a unified array of methods for malware prevention

Falcon uses an array of methods to protect you against exploits, known malware, unknown malware and file-less malware. Those methods include:

  • Machine Learning
  • Exploit Blocking
  • Indicators of attack
  • Blacklisting and whitelisting

Falcon uniquely combines these powerful methods into an integrated approach that protects endpoints more effectively against both malware and breaches.

More Resources

 

Stop Breaches with CrowdStrike Falcon request a live demo