|
Detection Methods |
|
Behavior Analysis The behavioral analysis technology Dr.Web Process Heuristic protects systems against latest, most dangerous malicious programs that are capable of avoiding detection by traditional signature-based analysis and heuristic routines. Dr.Web Process Heuristic analyzes the behavior of each running program in real time by comparing it with Dr.Web Cloud which is constantly updated. It determines whether the program is dangerous and then takes whatever measures are necessary to neutralize the threat. This data protection technology helps minimize losses resulting from the actions of unknown malware—and consumes very few of the protected system resources. Dr.Web Process Heuristic monitors any attempts to modify the system: •Detects malicious processes that modify files (for example, actions of encryption ransomware) •Prevents malware from injecting its code into the processes of other applications •Protects critical system areas from being modified by malware •Detects and stops the execution of malicious, suspicious or unreliable scripts and processes •Prevents malware from modifying boot sectors so that malicious code cannot be executed on the computer •Blocks changes in the Windows Registry to make sure that the safe mode will not be disabled •Prevents malware from changing launch permissions •Prevents new or unknown drivers from being downloaded without the user’s consent •Prevents malware and certain other applications, such as anti-antiviruses, from adding their entries into the Windows Registry, so that they could be launched automatically •Locks registry sections containing information about virtual device drivers, ensuring that no new virtual devices are created. •Prevents malware from disrupting system routines Exploit prevention Dr.Web Process Heuristic includes the Dr.Web ShellGuard technology which protects system from programs that exploit vulnerabilities. Exploits are malicious objects that take advantage of software flaws in order to gain control over a targeted application or the operating system. Dr.Web ShellGuard protects common applications installed on computers running Windows: •Web browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and Vivaldi Browser) •MS Office applications including MS Office 2016 •System applications •Applications that use Java, Flash and PDF •Media players (software) To detect malicious actions, Dr.Web ShellGuard uses information stored by the anti-virus locally as well as reputation data from Dr.Web Cloud which includes: •Information about the routines used by programs with malicious intentions •Information about files that are 100% clean •Information about the compromised digital signatures of well-known software developers •Information about digital signatures used by adware and riskware •Protection routines used by specific applications |