Exploit Prevention Content version update 13503 for Endpoint Security and Host Intrusion Prevention is now available.
This update was posted to the update repository on September 11, 2024.
Summary of the Release:
- New Signature 6288: T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild (ENS)
- New Signature 6289: T1202 - Indirect Command Execution Using Forfiles.exe (ENS)
- New Signature 6227: Microsoft Exchange Server trying to execute webshell (HIPS)
- New Signature 6233: ADSelfService Plus Authentication ByPass Attempt (HIPS)
- Signature 6054 modified to reduce false-positives
For more information, see the Release Notes.