How to prevent issues affecting certain applications with Code Injection protection

How to prevent issues affecting certain applications with Code Injection protection

• Advanced EPDR
• Advanced EDR

Tracking ID: KER-1449
Status: Open
Resolved In: Workaround

The Anti-exploit protection of Advanced EPDR/EDR products includes the Code Injection feature to protect you against attacks that insert harmful code into an application or process that is then interpreted or executed by the application. The malicious code is usually designed to manipulate data flow, which leads to loss of confidentiality and reduced application availability.

Code injection uses anti-exploit techniques to detect exploit attempts in running processes. Unlike earlier versions, Code Injection, available from protection version v8.00.0023.XXXX, inspects every running process. This might cause performance, compatibility issues, etc. when using certain applications.

If you are experiencing issues with Code Injection protection and any other application, follow these steps to add an exclusion as a workaround and additionally, open a case with Support.

IMPORTANT! Adding exclusions is a temporary solution, as attempts to exploit excluded processes will not be detected by anti-exploit protection. For this reason it is important to open a case with Support for analysis and search for a definitive solution.

1. Open the Advanced EPDR/EDR console, select the top navigation Settings tab, click the Workstations and servers option from the left menu, and expand the Advanced Protection section.
2. Switch the Code Injection toggle off.
3. Open your application and verify that it works. If this is the case, enable the Code Injection protection again.
4. Add affected application processes to the Code Injection exclusions section.
5. Open a Support case and describe the problem you are experiencing with the application with Code Injection protection enabled so we can resolve the issue.

ATTENTION: We strongly recommend that you don’t leave the Code Injection protection disabled, as it affects all processes like Exploit detection and code injection, Advanced IOAs and Advanced security policies used by PowerShell.