Serious Discussion How Antivirus Works? Dynamic and Behavioral Detection

Bot

Bot

AI-powered Bot
Apr 21, 2016
4,727
Glad you found the video by Motasem Hamdan helpful! It indeed provides a clear explanation of how dynamic and behavioral detection in antivirus works. If you have any questions or points to discuss, feel free to share.
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,777
Examples.

Avast:
blog.avast.com

Catching malware red-handed: Behavioral threat fingerprinting

With this novel approach, we have introduced an additional layer of threat analysis explainability using deep neural networks, which helps increase the protection that we provide to our over 435 million users.
blog.avast.com blog.avast.com

Bitdefender:

HyperDetect

www.bitdefender.com www.bitdefender.com
www.bitdefender.com

What is Bitdefender Advanced Threat Defense & What does it do?

Here's what it means, how it works, and why it's great to use the Advanced Threat Defense feature included in Bitdefender security solutions for Windows.
www.bitdefender.com www.bitdefender.com

Anomaly Detection - Bitdefender TechZone

Discover the power of Anomaly Detection in cybersecurity. Learn how Bitdefender Labs customizes machine-learning models to safeguard systems with personalized protection.
techzone.bitdefender.com techzone.bitdefender.com

Emsisoft:
www.emsisoft.com

How we use the Swiss cheese model to prevent malware infections

The Swiss cheese model is a useful way of visualizing how accidents occur and why layered protection is critical for preventing both COVID and malware.
www.emsisoft.com www.emsisoft.com

Eset:

ESET Deep Behavioral Inspection enables deeper monitoring of unknown & suspicious processes | ESET

www.eset.com www.eset.com

Microsoft Defender:

1740005009932.png

learn.microsoft.com

Client behavioral blocking - Microsoft Defender for Endpoint

Client behavioral blocking is part of behavioral blocking and containment capabilities at Microsoft Defender for Endpoint
learn.microsoft.com

Kaspersky:

1740003155429.png




ProofPoint:
www.proofpoint.com

Behavioral Analysis & AI/ML for Threat Detection | Proofpoint US

Learn about Proofpoint's Behavioral Analysis uses AI/ML for threat detection. Read this post to go behind the scenes on Proofpoint's newest detection engines.
www.proofpoint.com www.proofpoint.com

Symantec:

What is Behavioral Analysis (SONAR) in Symantec Endpoint Protection?

Behavioral analysis is the real-time protection that detects potentially malicious behavior when applications run on your computers. Behavioral analysis uses heuristics as well as reputation data to detect emerging and unknown threats. Behavioral analysis provides "zero-day" protection because...
techdocs.broadcom.com techdocs.broadcom.com
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: oldschool, piquiteco, badboy and 7 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,777
Microsoft Defender and Kaspersky have excellent behavioral detection based on Machine Learning models. So why Kaspersky AV can score better in Real-World tests?
https://malwaretips.com/threads/the...4-av-test-av-comparatives.134865/post-1117751

The answer is probably included in the video:



As we can see, some FUDs (Fully UnDetectable malware) are detected only after the execution, when some malicious actions are already done. Microsoft decided to fight such malware as follows:
  1. Enabled SmartScreen (in Edge and for Windows Explorer).
  2. Enabled ASR rules (especially the rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria").
  3. Post-execution behavioral detection.
If the user has enabled SmartScreen, the FUDs are mainly blocked, so there is no visible difference between Microsoft Defender (MD) and top AVs.

If SmartScreen is disabled or the user ignores SmartScreen alerts, enabling advanced settings in MD is necessary to prevent efficiently FUDs. If not, then MD uses post-execution behavioral detection which is as good as for Kaspersky, but Kaspersky can efficiently reverse the changes made by the Malware (like encrypted files), and MD often cannot.

Edit.
One could ask: Can such MD post-execution protection be useful?
Yes, it can (although imperfect). The first victim is infected, but others will be protected in a few minutes.
 
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, roger_m, Nunzio_77 and 7 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,777
In the last two years, Panda Free was tested by AV-Comparatives (2 awards per 4 Real-World tests), once by AV-Test (Panda Dome, 1 award). The results were similar to Microsoft.
Panda scored worse in SE Labs tests in the category "Targeted attacks". But at home, the protection should be similar to Microsoft (for similar reasons).

1740161882432.png


So yes, it seems that Panda's behavioral detection can be similar to top AVs. However, behavioral detection is only one of the protection layers.
 
Last edited:
  • Like
Reactions: oldschool
R

roger_m

Level 43
Verified
Top Poster
Content Creator
Dec 4, 2014
3,243
Andy Ful said:
In the last two years, Panda Dome was tested by AV-Comparatives (2 awards per 4 Real-World tests), once by AV-Test (1 award). The results were similar to Microsoft.
Panda scored worse in SE Labs tests in the category "Targeted attacks". But at home, the protection should be similar to Microsoft (for similar reasons).
Click to expand...
While it does well when tests by testing organisations, when it's been tested @Shadowra it does very badly. It also did badly when it was tested in the Malware Hub here. For example in the second test I've linked to, out of 190 malware samples, 50 remained. Panda is slow to add signatures for new threats and I presume it is doing well in tests by testing organisations, because as is often speculated, they aren't testing against the very latest malware.

malwaretips.com

App Review - Do not choice Panda ! (Panda Dome Free vs Panda Dome Complete)

Hello and welcome to this test of Panda! Panda is a Spanish antivirus, focusing on the 100% Cloud. Intended for novices, Panda has unfortunately never passed one of my tests, always making a very infected system. In this test, we compare the free and the paid version of Panda (Panda Dome Free...
malwaretips.com malwaretips.com

malwaretips.com

App Review - Panda Dome Free v22

Hello and welcome to the Panda test! Panda Dome is an antivirus from Spain that has been acquired by WatchGuard. For several years, Panda Security has been offering an antivirus on the cloud while relying on a clear interface. But, Panda has never passed any of my tests, will it manage to...
malwaretips.com malwaretips.com
 
  • Hundred Points
  • +Reputation
  • Like
Reactions: oldschool, Andy Ful and Shadowra
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,777
Panda offers a solution for businesses, Panda Adaptive Defense 360.


www.pcmag.com

Panda Security Adaptive Defense Review

As a malware detection and prevention platform, Panda has significantly improved since we last reviewed it. While it could still be vulnerable to fileless attacks and scripts, since they bypass the 100 percent attestation service, this is still a well-designed and thorough protection platform,
www.pcmag.com www.pcmag.com

1740161109395.png
 
Last edited:

Similar threads

Dr. Wells
    • Like
Serious Discussion Are antiviruses unimportant?
Replies
130
Views
7,183
General Security Discussions
Behold Eck
Behold Eck
Andy Ful
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Machine Learning for Malware Detection (KasperskyLab)
Replies
4
Views
717
General Security Discussions
Andy Ful
Andy Ful
CyberDevil
    • Like
    • Hundred Points
    • +Reputation
Serious Discussion Services to check file security online
Replies
38
Views
2,385
General Security Discussions
CyberDevil
CyberDevil

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top