Jump to content
Malcontent

Behavioral Analysis

Recommended Posts

I'm glad to hear that Behavioral Blocking is coming in the future. How about Behavioral Analysis as well? It would help increase protection against of 0-day malware. It would also be helpful while offline.

 

 

Also, any time frame for when behavioral blocking will be available? Months? Year?

 

Thanks for listening

Share this post


Link to post
Share on other sites
Guest Armin Pasalic

Hmm... Can you tell me what Behavior Analysis does that Behavior Blocker doesnt? :-)

Cheers!

 

 

 

Share this post


Link to post
Share on other sites
<br />Hmm... Can you tell me what Behavior Analysis does that Behavior Blocker doesnt? :-) <br />Cheers!<br /><br /><br /><br />
<br /><br /><br />

 

My understanding is that when a program is executed, it is ran in a mini virtual machine to see if it does anything suspicious.

 

It's something like Panda's TruPrevent technology.

 

http://research.pandasecurity.com/how-truprevent-works-i/

Share this post


Link to post
Share on other sites
Guest Armin Pasalic

I would just add this kind of Engine: A Virtuel box. Isolates UNKNOWN! files from system. If it is .exe/installers they will be sandboxed, but you install it in a kind of "Virtuel box." In there, you have a behavior analysis/blocker, and it will watch the behavior what the FILE would have done if it was malicous. It then submits files to the Experts..

That's the way I would have done, but of course viruses can pass this too. ^^

Cheers!

 

 

Share this post


Link to post
Share on other sites

I would just add this kind of Engine: A Virtuel box. Isolates UNKNOWN! files from system. If it is .exe/installers they will be sandboxed, but you install it in a kind of "Virtuel box." In there, you have a behavior analysis/blocker, and it will watch the behavior what the FILE would have done if it was malicous. It then submits files to the Experts..

That's the way I would have done, but of course viruses can pass this too. ^^

Cheers!

 

 

That's program pretty much already exists. It's call Comodo Internet Security.

Share this post


Link to post
Share on other sites
Guest Armin Pasalic

Yeah, but we are not talking about Comodo now. It was just a suggestion for Immunet. rolleyes.gif

Share this post


Link to post
Share on other sites

Yeah, but we are not talking about Comodo now. It was just a suggestion for Immunet. rolleyes.gif

 

 

That's fine, it's just you described a sandbox as if it were a new concept. Personally, I would rather see a great behavior blocker added than hips/sandbox.

 

If Immunet were to use an existing program as a model, I would hope they go the Prevx route. Probably the lowest resources (ram, virtual mem, cpu, etc) of anything out there, while having awesome detection. Just price the program better than Prevx does.

Share this post


Link to post
Share on other sites
Guest Armin Pasalic

I admit, PrevX is a great product. I suggested an idea: "Immunet Manuel Cleaning" like in PrevX. laugh.gif

But... Behavior Analysis/blocker can fail 70% if the virus makers knows how to slip through.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...