Jump to content

Behavioral Analysis


Malcontent

Recommended Posts

I'm glad to hear that Behavioral Blocking is coming in the future. How about Behavioral Analysis as well? It would help increase protection against of 0-day malware. It would also be helpful while offline.

 

 

Also, any time frame for when behavioral blocking will be available? Months? Year?

 

Thanks for listening

Link to comment
Share on other sites

<br />Hmm... Can you tell me what Behavior Analysis does that Behavior Blocker doesnt? :-) <br />Cheers!<br /><br /><br /><br />
<br /><br /><br />

 

My understanding is that when a program is executed, it is ran in a mini virtual machine to see if it does anything suspicious.

 

It's something like Panda's TruPrevent technology.

 

http://research.pandasecurity.com/how-truprevent-works-i/

Link to comment
Share on other sites

Guest Armin Pasalic

I would just add this kind of Engine: A Virtuel box. Isolates UNKNOWN! files from system. If it is .exe/installers they will be sandboxed, but you install it in a kind of "Virtuel box." In there, you have a behavior analysis/blocker, and it will watch the behavior what the FILE would have done if it was malicous. It then submits files to the Experts..

That's the way I would have done, but of course viruses can pass this too. ^^

Cheers!

 

 

Link to comment
Share on other sites

I would just add this kind of Engine: A Virtuel box. Isolates UNKNOWN! files from system. If it is .exe/installers they will be sandboxed, but you install it in a kind of "Virtuel box." In there, you have a behavior analysis/blocker, and it will watch the behavior what the FILE would have done if it was malicous. It then submits files to the Experts..

That's the way I would have done, but of course viruses can pass this too. ^^

Cheers!

 

 

That's program pretty much already exists. It's call Comodo Internet Security.

Link to comment
Share on other sites

Yeah, but we are not talking about Comodo now. It was just a suggestion for Immunet. rolleyes.gif

 

 

That's fine, it's just you described a sandbox as if it were a new concept. Personally, I would rather see a great behavior blocker added than hips/sandbox.

 

If Immunet were to use an existing program as a model, I would hope they go the Prevx route. Probably the lowest resources (ram, virtual mem, cpu, etc) of anything out there, while having awesome detection. Just price the program better than Prevx does.

Link to comment
Share on other sites

Guest Armin Pasalic

I admit, PrevX is a great product. I suggested an idea: "Immunet Manuel Cleaning" like in PrevX. laugh.gif

But... Behavior Analysis/blocker can fail 70% if the virus makers knows how to slip through.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...