Phising, bad URL, script protection

[pallino]

Hello Emsi Team,

How does Emsi protect against Phising sites, bad URL and malicious scripts?

Do you use Emsi engine or /and Bitdefender' s one?

Do you use signature only detection or also heuristic and maybe a BB specific for these areas?

Thank you

[Sintharius]

You might want to read this blogpost: Antivirus software: Protecting your files, at the price of your privacy?

[GT500]

How does Emsi protect against Phising sites, bad URL and malicious scripts?

Technically by filtering DNS requests. We have a large list of malicious and phishing websites that is updated very frequently, and our software will monitor requests by programs on your computer (such as web browsers) to look up the IP addresses of websites, and if a website is found in our list then that attempt to look up its IP address is blocked. No IP address means the attempt to connect to the website fails.

Do you use Emsi engine or /and Bitdefender' s one?

We have our own engine, and we use BitDefender's engine as a second-opinion to enhance protection.

Do you use signature only detection or also heuristic and maybe a BB specific for these areas?

Thank you

We use heuristics in addition to more traditional methods (file hashes for instance). We classify everything in the database (heuristics, hashes, etc) as "signatures", although I understand that some other companies use the term "signatures" to refer to file hashes only.

[pallino]

GT500,

thank you!

With heuristic do you mean Emsi capability of scanning software for suspect code/instructions?

Do you use,Emsi or BD heuristic?

[GT500]

With heuristic do you mean Emsi capability of scanning software for suspect code/instructions?

Heuristics are essentially a way of detecting things that are not already known.

Do you use,Emsi or BD heuristic?

We have our own heuristic rules for our engine, and of course BitDefender has their own heuristic rules for their engine. Both engines are capable of heuristic detection.

[pallino]

Thank you!

[GT500]

You're welcome.

[pallino]

I just read angler exploit kit and about domain shadowing.

Does the heuristic used by Emsi and Bitdefender protect from domain shadowing?

https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396

Thank you

[GT500]

No, that would be something the Surf Protection would have to protect against, since they're just using subdomains on websites where they stole the login credentials to host malicious content.

[pallino]

Thank you!...does surf ptotection use blacklist or also heuristic/BB?

[GT500]

The Surf Protection uses a list of "Host Rules" (websites to be blocked), so essentially a blacklist.

[pallino]

Thank you!

[GT500]

You're quite welcome. Please let me know if you need anything else.