Exploit Prevention Content version update 12972 for Endpoint Security and Host Intrusion Prevention is now available.
This update was posted to the update repository on June 14, 2023.
Summary of this release:
- New Signature 6254: Malware Behavior : Qbot Malware Activity Detected (applicable on Endpoint Security only)
- New Signature 6255: T1562.010 - Powershell Downgrade Attack Detected (applicable on Endpoint Security only)
- New Signature 6256: T1562 - AMSI Bypass - DllGetClassObject Memory Patch (applicable on both Endpoint Security and HIPS)
- New Signature 6257: T1218.010 - Malware Activity : Emotet Detected (applicable on Endpoint Security only)
- New Signature 6258: T1218.010 - Malware Activity : Emotet Detected II (applicable on Endpoint Security only)
- New Signature 6259: T1220 - Malware Activity : Astaroth Detected (applicable on Endpoint Security only)
For more information, see the Release Notes.