Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
FileWhat is fileless malware and how do you protect against it?
Message
<blockquote data-quote="93803123" data-source="post: 834355"><p>The only way to assuredly protect against fileless malware is to block file types and the underlying interpreters on a full-time basis. Sometimes, even libraries (DLLs) need to be blocked. These steps cover both disk and memory, not to mention the vast majority of exploits. Anti-exectuables that allow something to launch and then hold it in a suspended state are susceptible to bypasses. And AV, behavioral monitoring and sandboxing have all proven to fail in corner cases. Coders cannot foresee everything that is possible. So they deserve a reasonable amount of understanding. A good best-effort is good enough. Unreasonable expectations are not acceptable.</p><p></p><p>That's not to say one is much better than the other. The determinate is how paranoid the user is. If they want the highest security, then they use SRP. If they want usability with high security, then they use one of the more popular security software. Afterall, in the end we are sometimes talking about differences as small as 0.2 or 0.1 %. It's pointless to argue over such tiny, practically meaningless differences.</p><p></p><p>Here at engineering user lab, SRP always works best. But whatever, you have a lot of solid options available to you.</p></blockquote><p></p>
[QUOTE="93803123, post: 834355"] The only way to assuredly protect against fileless malware is to block file types and the underlying interpreters on a full-time basis. Sometimes, even libraries (DLLs) need to be blocked. These steps cover both disk and memory, not to mention the vast majority of exploits. Anti-exectuables that allow something to launch and then hold it in a suspended state are susceptible to bypasses. And AV, behavioral monitoring and sandboxing have all proven to fail in corner cases. Coders cannot foresee everything that is possible. So they deserve a reasonable amount of understanding. A good best-effort is good enough. Unreasonable expectations are not acceptable. That's not to say one is much better than the other. The determinate is how paranoid the user is. If they want the highest security, then they use SRP. If they want usability with high security, then they use one of the more popular security software. Afterall, in the end we are sometimes talking about differences as small as 0.2 or 0.1 %. It's pointless to argue over such tiny, practically meaningless differences. Here at engineering user lab, SRP always works best. But whatever, you have a lot of solid options available to you. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
