crowdstrike 内存型无文件攻击 都是属于主动防御范畴

prevention settings里有：

Force ASLR Mitigation：An address space layout randomization(ASLR) bypass attempt was detected and blocked. This may have been part of an attempted exploit.

 

Heap preallocation mitigation：A heap spray attempt was detetected and blocked. This may have been part of an attempted exploit.

 

Force DEP mitigation: A process tha had Force Data Execution Prevention(Force DEP) applied tyied to execute non-executable memory and was blocked.