I was looking at Umbra's security configuration guide and noticed that he recommends that your antivirus should include a behavior blocker. I was wondering if anyone knows if 360 Total Security has a behavior blocker built in or not?
Actually they don't have any behavior blocker. They have some Components like Registry Protection, File Modification Protection & things like that. The Problem with these Components is that they Block Legitimate Programs as well. For ex. It blocked my Windows Manager 1 Click Cleaner while it was Removing dead Registry keys.
Being a Programmer other Problem that i face while using 360 is that it Blocks my each & every C/C++ Program that i create with my Compiler(you won't have to face this Problem if you are using Turbo C). You'll have to White list your Projects.
"The Behavior Blocker is an integral part of the Defense+ engine and is responsible for authenticating every executable image that is loaded into the memory. The Behavior Blocker intercepts all files before they are loaded into memory and intercepts prefetching/caching attempts for those files. It calculates the hash of the executable at the point it attempts to load into the memory. It then compares this hash with the list of known / recognized applications that are on the Comodo safe list. If the hash matches the one on record for the executable, then the application is safe and the Behavior Blocker allows it to run. If no matching hash is found on the safelist, then the executable is 'unrecognized' and is run inside the auto-sandbox. You will be notified via an alert when this happens."
Among the system protection features in Qihoo I found "Malicious Behavior Blocking" that usually generates these warnings:
"Modifying startup item" , "Modifying sensitive system setting" and "Modifying key COM component."
These messages, which should be about Behavior Blocking, honestly seem to me related to the blocking access to the Windows Registry.
In my opinion the definition of Qihoo about BB is not what I mean.
"360 HIPS adopts a proactive defense technology that focuses on monitoring behaviors and actions performed by malware rather than its programming code signature or digital fingerprint. Generally, even if malware evades detection by our cloud-based security and QVM technologies, it must still perform certain actions to achieve its creator's intentions, such as modifying system settings and accessing confidential information. 360 HIPS proactive defense technology monitors a computer's running processes during procedures such as web browsing, downloading, software installation and data transmission and assesses these actions based on a pre-determined algorithm. If a process is deemed to be dangerous, the user is notified and information relating to that process is transmitted to our central servers for further processing. This proactive defense technology takes advantage of the collective intelligence and processing power of our cloud architecture to accurately and efficiently determine whether an action performed by a program is malicious."