Hi all, my name is Josep! Glad to meet you all.

[Josep_FinalAVSecurity]

Long time geek, and currently building a cybersecurity startup with a small team in the UK. So it feels like this forum should a perfect place to hangout, share and learn.
Best!

 

[harlan4096]

Welcome to MWTips, and thanks for joining ! Hope You enjoy our community !

Feel free to read the forum rules: Forum Rules

 

[Victor M]

Welcome to MT ! Good luck on your venture !

EDIT: Your software is kind of like Comodo. They have what they call 'autocontainment'.

 

[Dave Russo]

Welcome to a great site with great people

 

[Digmor Crusher]

Welcome

 

[cartaphilus]

Welcome Josep...question are you related to this individual?

 

[oldschool]

Welcome to MT. Stay safe, not paranoid!

 

[Halp2001]

Hello and welcome to MalwareTips.

 

[Viking]

Hello and welcome to MalwareTips!

 

[Shadowra]

Welcome !

 

[Josep_FinalAVSecurity]

Welcome to MT ! Good luck on your venture !

EDIT: Your software is kind of like Comodo. They have what they call 'autocontainment'.

Hi Victor, yes, the principle behind our product is somewhat similar to Comodo's auto-containment rules (Rules For Auto-Containment, Sandbox Security Software | Comodo Client Security), but our approach is more fine-grained and comprehensive. Let me substantiate my claim

1. Our product does not check a file reputation when an executable file is launched, but when a process memory space is created by the operating system and also for each image loaded such process' memory space continuously, not just at launch time. This catches the very common malware scenarios of i) injected DLLs on the fly and ii) the loading of compromised system DLLs. Comodo's approach misses this.

2. We do not take just a go/no-go decision at launch time, but continuously monitor the process (if a malicious DLL is loaded/injected, that process will be demoted).

3. Running an application in 'containment' as Comodo does prevents it from accessing the file system, for instance, which often would render that application useless. For instance, imagine a free (digitally unsigned) game downloaded from the web. It needs to store some cache data and likely store some game status info to your hard drive. If you try to run it in Comodo 'containment', it will likely crash and/or not keep your game session history. Our real-time sandboxing is more fine-grained, for instance allowing 'contained'/non-trusted processes to create (non-executable) files on a file system but, mot importantly, not allowing modification of any files it does not 'own' (this required quite a complex implementation in the filesystem mini-filter driver, but it works!).

If case it helps, you may want to take a look at a technical blog we posted in our website that explains all this in a bit more detail: Technical Blog: The FinalAV Security Framework | FinalAV Security

Anyway, we do not claim to be the only ones attempting this approach, but certainly each product has its own techniques and nuances, and we think our design choices should be valuable to some people

 

[Sorrento]

Welcome to MT

 

[icotonev]

Hello and welcome to MalwareTips..!

 

[Brownie2019]

Bem Vindo! Welcome! Willkommen!

 

[stonjean633]

Welcome Josep...question are you related to this individual?

Love this. Josepppp!

Welcome to MWT

 

[anirbandutta01]

Welcome to MalwareTips community.