The Buffer Overflow technology misuses insufficient control of application's input data. Unless size of read data is limited and controlled, an attacker may overwrite return address of the running program and execute their own code. However, this code is executed from the buffer reserved for data. This is then considered as a non-standard behaviour and detected by the HIPS module. Possible attempts on execution of possibly dangerous actions (process execution, file opening, network connection establishing, etc.) are blocked.

Use the Exceptions button to specify an executable to which this attack type check will not apply. Before setting an exception, check if the attempt is not a real intrusion.

The Code Injection technology is based on misusing of authorization of another running trustworthy process. The infected application (with corresponding authorization) writes a malicious executable code in the memory space of the process or it connects to the dynamic library of the process. By special calling of the operating system, the code is executed. This way the attacker makes their code being executed using the authorization of the trustworthy process.

The HIPS module detects and blocks execution of codes written by special calling of the operating system to the memory of a trustworthy process. In such cases, functionality of attacked application is usually not interfered.

The Code injection technology is used by various legitimate applications — these applications will not function correctly. For such cases, Kerio Personal Firewall allows to define exceptions, i.e. list of applications which can use this technology. Exception for an application can be defined in the Code injection exceptions dialog (opened by the Exceptions option) where a relevant executable file can be browsed.