Recommended Posts

Can EAM with current behavior blocker protect users from various exploits?

If not, are you planning to include this kind of protection in the future?

Share this post


Link to post
Share on other sites
Guest Tempus

Hi

Today I have been trying out Emsisoft anti malware ability to protect against exploits. ( Inspired by your question Siketa ) Please notice that this is just a hopeless amateurs test :). I went to some honeypots in the attempt to find some exploits, and I manage to find 4 samples that worked. I installed a older version of java and adobe flash player and adobe reader, to simulate a poorly patched system. (I was using IE 11 without activex filtering and with smartscreen disabled.) Emsisoft caught 3 samples before the behaviour blocker kicked in . But in one of the samples the behaviour blocker popped up, telling me that it has found suspicious behaviour. Something about " using another program (adobe reader...the exploit seemed to be wrapped in opencandy) ". So it was nice to see that it reacted, on one of the samples. My humble experiences with " exploits" is that, if one has an updated and patched windows system, and have his or hers software update. Then one will be in generally, pretty good protected against exploits. I think that the probability to run into a truly zero day exploit is very small, but of cause, the chance is there. Even though it was not the most solid test, due to me having troubles to find exploits that was working. Then I fell that the well balanced behavior blocker worked when there was suspicious activity. (when the exploit was trying to use another software on my system). But still, it will be very interesting to see what Emsisoft will respond to your good quistion.

Share this post


Link to post
Share on other sites

We don't target exploits specifically at this point. So there aren't any exploit mitigation features in EAM. However, exploits used for drive by attacks will usually drop a payload which will be detected by the behavior blocker.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.