Impact of Meltdown or Spectre vulnerability on Endpoint Detection and Response
search cancel

Impact of Meltdown or Spectre vulnerability on Endpoint Detection and Response


Article ID: 170741


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform


Need to know if Symantec Endpoint Detection and Response (EDR) or Advance Threat Protection (ATP) is vulnerable to either Meltdown (CVE-2017-5754) or Spectre (CVE-2017-5753 or CVE-2017-5715)


  1. These issues are present in Dell hardware (8840/8880) and in VMWare environments based on vulnerable processors.
  2. Within the operating system of ATP/EDR, these three issues are not exploitable. To exploit these flaws, an attacker must locally compromise the system and execute malicious code.
    ATP is delivered to market with security hardening which prevents execution of non-Symantec code.
  3. In a VMWare environment the issue is exploitable from other virtual guests. While an attack could not be launched from ATP Virtual Edition, an attacking guest on the same virtual host as ATP Virtual Edition could read the memory space of ATP Platform.
    To fully protect against this possibility, patching the physical host stack, VMWare host operating system, and the operating system of each guest is required.
  4. ATP Platform v3.0.5 includes OS patches for these two issues. The OS patches solves #1, #2, and the guest part of the solution for #3.
  5. To mitigate the vulnerabilities on ATP hardware, refer to below Dell article:
    Meltdown/Spectre (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) impact on Dell Products


Note: Dell appliance (8840 and 8880) is not supported from EDR build 4.10 onwards.

Additional Information