Exploit Prevention Content version update 12731 for Endpoint Security (ENS) and Host Intrusion Prevention (HIPS) is now available.
This update was posted to the update repository on March 15, 2023.
Summary of this release:
- New Signature 6248 - T1562 - AMSI Bypass - AmsiScanBuffer Memory Patch (Applicable on ENS and HIPS)
- New Signature 6249 - Malware Behavior: Bumblebee Malware Activity Detected (Applicable on ENS and HIPS)
- New Signature 6250 - Unusual Registry Read Operation by Powershell (Applicable on ENS and HIPS)
- New Expert Rule coverage for CVE-2023-23398
For more information, see the Release Notes.