Memory Exploit Mitigation Heap Stacks blocking Office/Acrobat

I need a solution

Windows 7 SP1 Enterprise
Patched to May Security patches for all programs
Symantec Endpoint Protection 14.0.3897.1101
Exploit/IPS definitions June 8th, R1 and June 12th R2.

Blocked Attack: Memory Heap Spray attack against C:Program Files (x86)AdobeAcrobat 2015AcrobatAcrobat.exe
Blocked Attack: Memory Heap Spray attack against C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE

Since late last week I have been seeing issues with memory exploit/IPS signatures shutting down legitimate programs before they can load, some common examples below:

Adobe Acrobat
Microsft Office Word
Microsoft Office Excel
Internet Explorer

This is when opening the program, not when opening a document or when browsing to a webpage. This seems to only impact windows 7

So far I have experienced this on the following IPS definition versions:

June 8th R1

June 12th R2

The June 8th R61 definitions stopped the issue

Support told me to upgrade Office 2013 to 2016 throughout my entire organization and to not use IE, we do not have this option.

Any other users experiencing this? If so have you found a safe version of IPS defintions to use until this is fixed?



Leave a Reply