Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WiseVector Free AI Driven Security
Message
<blockquote data-quote="WiseVector" data-source="post: 786268" data-attributes="member: 76851"><p>Hi [USER=56957]In2an3_PpG[/USER] ,</p><p></p><p>1. The officially documented mechanism is not enough. There are a lot of API need to be protected, but you cannot protect them in kernel mode with PatchGuard enabled, especially in 64 bit. Actually, many AV (Comodo for example) hooks API in user mode even when they already have a kernel mode driver. They use APC to inject dll into a new process when driver gets notification.</p><p></p><p>2. PowerShell is powerful, that's right. You can use P/Invoke to the Windows API. However, you cannot execute a PowerShell script by simply double-clicking on it. You need a loader (pe, js, vbs, etc.). That means AVs can block PowerShell malwares in the early stage.</p><p>Our idea is to automatically extract complex patterns from a program's behavior graph, and then AI will decide whether to terminate this </p><p>program at a specific point in time. The point is try not to wait until the malicious PowerShell code to run, and it will be implemented in the next version of WiseVector.</p><p></p><p>Regards</p><p>Eason</p><p>WiseVector</p></blockquote><p></p>
[QUOTE="WiseVector, post: 786268, member: 76851"] Hi [USER=56957]In2an3_PpG[/USER] , 1. The officially documented mechanism is not enough. There are a lot of API need to be protected, but you cannot protect them in kernel mode with PatchGuard enabled, especially in 64 bit. Actually, many AV (Comodo for example) hooks API in user mode even when they already have a kernel mode driver. They use APC to inject dll into a new process when driver gets notification. 2. PowerShell is powerful, that's right. You can use P/Invoke to the Windows API. However, you cannot execute a PowerShell script by simply double-clicking on it. You need a loader (pe, js, vbs, etc.). That means AVs can block PowerShell malwares in the early stage. Our idea is to automatically extract complex patterns from a program's behavior graph, and then AI will decide whether to terminate this program at a specific point in time. The point is try not to wait until the malicious PowerShell code to run, and it will be implemented in the next version of WiseVector. Regards Eason WiseVector [/QUOTE]
Insert quotes…
Verification
Post reply
Top
