system
15
Well, I think that depends on a number of factors. First off, a newly discovered and newly exploited vulnerability may not get detected when first released to “the wild”. So if such a vulnerability can be eliminated proactively by patching the OS before an exploit starts circulating then that’s ideal.
Once an exploit is identified, most top-tier AV/IS products will detect and block that exploit. So an AV can and will offer some protection against exploits of OS vulnerabilities. See:
2012 Consumer AV/EPP Comparative Analysis - Exploit Protection
https://www.nsslabs.com/reports/2012-consumer-avepp-comparative-analysis-exploit-protection
Additionally, products such as EMET may afford some protection against new exploits of unpatched vulnerabilities by disrupting the typical methods used by exploits to attack most Windows vulnerabilties. It appears that Kaspersky for one also attempts similar interceptions and disruptions of common exploit behavior via Automatic Exploit Prevention.
See:
Automatic Exploit Prevention Technology
www.kaspersky.com/downloads/pdf/kaspersky_lab_whitepaper_automatic_exploit_prevention_eng_final.pdf
www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Exploit-Prevention-Test1.pdf