Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Norton Security 360 Deluxe 2023
Message
<blockquote data-quote="Trident" data-source="post: 1036218" data-attributes="member: 99014"><p>They communicate via the STAR bus, which is described here: <a href="https://www.broadcom.com/info/symantec/star" target="_blank">Star Malware Protection Technologies</a></p><p></p><p></p><p>Hiding via time-based tactics, such as doing something on a specific date or only after a reboot is a valid concern. The emulator which works between the static analysis scan and SONAR should detect instructions related to that and should “trick” the malware into believing these events have occurred by supplying fake time, date, system uptime and others.</p><p>Behavioural blocking has no time threshold, data is written continuously about every process on disk as it works. </p><p></p><p>From my observations, SONAR doesn’t have issues with executables, it is more iffy with Non-Process Threats that hide behind valid and signed Windows executables. SONAR would either just terminate the attack without even deleting the original file, or it won’t really detect anything. Trend Micro AEGIS and F-Secure DeepGuard work the same way so not sure what’s going on, there is some limitation there that engineers know of.</p></blockquote><p></p>
[QUOTE="Trident, post: 1036218, member: 99014"] They communicate via the STAR bus, which is described here: [URL="https://www.broadcom.com/info/symantec/star"]Star Malware Protection Technologies[/URL] Hiding via time-based tactics, such as doing something on a specific date or only after a reboot is a valid concern. The emulator which works between the static analysis scan and SONAR should detect instructions related to that and should “trick” the malware into believing these events have occurred by supplying fake time, date, system uptime and others. Behavioural blocking has no time threshold, data is written continuously about every process on disk as it works. From my observations, SONAR doesn’t have issues with executables, it is more iffy with Non-Process Threats that hide behind valid and signed Windows executables. SONAR would either just terminate the attack without even deleting the original file, or it won’t really detect anything. Trend Micro AEGIS and F-Secure DeepGuard work the same way so not sure what’s going on, there is some limitation there that engineers know of. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
