New Dynamic Application Containment feature - What's you take on it?

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,239
OS
Windows 10
Antivirus
Default-Deny
#2
Majority of the organizations doesn't have any way to prevent patient zero because usually cyber security solutions are working only after execution. Ones that do have the capability has to block everything that is not known. It's very common that these more advanced technologies fail also because malwares can hide it's malicious attributes when ran in virtual image.
Ok, so they use "patient zero" for zero-days malwares.

They say malwares hide their malicious behavior in virtualized environment, which is true.

introduced new innovations Dynamic Application Containment and machine learning capability Real Protect to it's intelligent endpoint security solution.
Dynamic Application Containment allows you to run unknown files in contained mode, but if the file starts to do malicious acts such as encrypt other files or generate new executable files it'll be automatically blocked and you have prevented patient zero without business interruption.
Look like a policy-based sandbox based on "Ai" behavioral algorithms for blocking.
 

vemn

Level 6
AV-Tester
Joined
Feb 11, 2017
Messages
267
#3
Ok, so they use "patient zero" for zero-days malwares.

They say malwares hide their malicious behavior in virtualized environment, which is true.

Look like a policy-based sandbox based on "Ai" behavioral algorithms for blocking.
Yes it's a policy-based container I think.
Compared to others which are browser-based or "endpoint-sandboxing", this is on app or processes. Is there any other of the same kind?

I think Symantec also launched something similar.

Really curious how these work