pallino Posted July 10, 2015 Report Share Posted July 10, 2015 Hello Emsi Team, How does Emsi protect against Phising sites, bad URL and malicious scripts? Do you use Emsi engine or /and Bitdefender' s one? Do you use signature only detection or also heuristic and maybe a BB specific for these areas? Thank you Link to comment Share on other sites More sharing options...
Sintharius Posted July 10, 2015 Report Share Posted July 10, 2015 You might want to read this blogpost: Antivirus software: Protecting your files, at the price of your privacy? Link to comment Share on other sites More sharing options...
GT500 Posted July 10, 2015 Report Share Posted July 10, 2015 How does Emsi protect against Phising sites, bad URL and malicious scripts? Technically by filtering DNS requests. We have a large list of malicious and phishing websites that is updated very frequently, and our software will monitor requests by programs on your computer (such as web browsers) to look up the IP addresses of websites, and if a website is found in our list then that attempt to look up its IP address is blocked. No IP address means the attempt to connect to the website fails. Do you use Emsi engine or /and Bitdefender' s one? We have our own engine, and we use BitDefender's engine as a second-opinion to enhance protection. Do you use signature only detection or also heuristic and maybe a BB specific for these areas? Thank you We use heuristics in addition to more traditional methods (file hashes for instance). We classify everything in the database (heuristics, hashes, etc) as "signatures", although I understand that some other companies use the term "signatures" to refer to file hashes only. Link to comment Share on other sites More sharing options...
pallino Posted July 11, 2015 Author Report Share Posted July 11, 2015 GT500, thank you! With heuristic do you mean Emsi capability of scanning software for suspect code/instructions? Do you use,Emsi or BD heuristic? Link to comment Share on other sites More sharing options...
GT500 Posted July 14, 2015 Report Share Posted July 14, 2015 With heuristic do you mean Emsi capability of scanning software for suspect code/instructions? Heuristics are essentially a way of detecting things that are not already known. Do you use,Emsi or BD heuristic? We have our own heuristic rules for our engine, and of course BitDefender has their own heuristic rules for their engine. Both engines are capable of heuristic detection. Link to comment Share on other sites More sharing options...
pallino Posted July 16, 2015 Author Report Share Posted July 16, 2015 Thank you! Link to comment Share on other sites More sharing options...
GT500 Posted July 16, 2015 Report Share Posted July 16, 2015 You're welcome. Link to comment Share on other sites More sharing options...
pallino Posted July 23, 2015 Author Report Share Posted July 23, 2015 I just read angler exploit kit and about domain shadowing. Does the heuristic used by Emsi and Bitdefender protect from domain shadowing? https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396 Thank you Link to comment Share on other sites More sharing options...
GT500 Posted July 24, 2015 Report Share Posted July 24, 2015 No, that would be something the Surf Protection would have to protect against, since they're just using subdomains on websites where they stole the login credentials to host malicious content. Link to comment Share on other sites More sharing options...
pallino Posted July 24, 2015 Author Report Share Posted July 24, 2015 Thank you!...does surf ptotection use blacklist or also heuristic/BB? Link to comment Share on other sites More sharing options...
GT500 Posted July 25, 2015 Report Share Posted July 25, 2015 The Surf Protection uses a list of "Host Rules" (websites to be blocked), so essentially a blacklist. Link to comment Share on other sites More sharing options...
pallino Posted July 27, 2015 Author Report Share Posted July 27, 2015 Thank you! Link to comment Share on other sites More sharing options...
GT500 Posted July 28, 2015 Report Share Posted July 28, 2015 You're quite welcome. Please let me know if you need anything else. Link to comment Share on other sites More sharing options...
Recommended Posts