Extended threat protection: how ESET solutions detect hidden malware
Today, the main goal of cybercriminals is to steal user information and money, as well as to use device resources. Besides social engineering methods that allow manipulating user actions, attackers use various technical tricks to avoid detection of their malicious code by security solutions.
To prevent user system infections and protect against threats, ESET products use multi-layered technologies. One such level is the HIPS intrusion prevention system, which monitors for the presence of suspicious processes or objects on the device. Recently, an advanced behavior analysis module was added to the components of the HIPS system. It performs an extensive scan of unknown and suspicious activities on the device, providing effective protection against threats.
Threat protection: what is the purpose of the advanced behavior analysis module?
Analysis of internal processes.
Advanced behavior analysis is an additional module in the Host Intrusion Prevention System (HIPS) that is available in ESET products for home users starting from version 12.1. This module uses heuristic threat detection methods and conducts detailed monitoring of unknown and suspicious processes.
In case of detecting a threat, the advanced behavior analysis module blocks malicious activity and notifies the user. When a suspicious process is detected without signs of malicious behavior, the HIPS system continues to analyze this process using its internal components.
“Advanced ESET behavior analysis, along with other Intrusion Prevention System (HIPS) modules, is an important level of threat protection that allows for the detection and blocking of malicious activity on devices,” comments Ondrej Kubovich, a cybersecurity specialist at ESET.
How does the HIPS system work?
An Intrusion Prevention System (HIPS) is a detection technology designed to monitor and scan events from running processes, files, and registry keys in search of suspicious activity. The main focus is on various types of malicious behavior used to infect the victim’s device or to evade detection by security solutions. The HIPS modules include:
The advanced memory scanner regularly scans the memory for malware.
Protection against exploits is designed to detect anomalies in the execution environment of specific processes that may indicate the presence of threats. This module automatically blocks the threat and subsequently provides the collected metadata to the ESET LiveGrid system for further analysis. The exploit protection module typically checks applications, browsers, document processing programs, email clients, Flash, Java, and others.
Ransomware protection monitors and evaluates all running applications based on their behavior and reputation. In case of detecting signs of ransomware, the technology warns the user and blocks the malicious activity.
Extended behavior analysis allows for a more detailed inspection of the device for unknown and suspicious processes, providing protection against threats hidden in the system.
Intrusion prevention system.
ESET solutions are constantly improved and updated to detect malware that uses obfuscation and encryption methods. It is precisely thanks to the HIPS system and the multi-layered detection mechanism that ESET products provide reliable protection against threats.
Add a Comment