Symantec Endpoint Protection Manager (SEPM) 14 has a new feature named Generic Exploit Mitigation (GEM), which stops vulnerability attacks on Windows client computers. GEM is enabled by default in the Intrusion Prevention policy. You need to disable GEM for testing purposes.

To disable GEM:

1. In the SEPM console, in the left pane, click Policies, and then click Intrusion Prevention.
2. Right-click your Intrusion Prevention policy and select the Edit... menu option.

3. In the Intrusion Prevention Policy window, click Generic Exploit Mitigation.
4. Under Generic Exploit Mitigation, uncheck the Enable Generic Exploit Mitigation box, then click OK.

For 14.2 versions, please follow the steps below to disable Memory Exploit Mitigation (AKA GEM).

• Log into Symantec Endpoint Protection Manager console
• Click on Policies tab > Memory Exploit Mitigation below of Liveupdate policies
• Right-click on MEM policies and then click edit to change the settings and disable the feature.
  • Repeat the steps above for each MEM policy assigned for the SEPM groups and locations.