hjlbx

How does the parser & behavior blocker handle obfuscated malicious scripts ?

Recommended Posts

Just curious, how does the parser and behavior blocker handle obfuscated malicious scripts ?

Same for in memory-only ?

Or does File Guard simply treat obfuscated scripts as potentially malicious ?

 

 

Share this post


Link to post
Share on other sites

I'm not sure how EIS would tell the difference between an 'obfuscated' script and a 'minified' one.  Scripts downloaded for use on webpages are very often minified.  They are fetched faster than larger scripts, and once on your machine will be executed very slightly faster.  Minification certainly obscures what a script does, but does so for good reasons.

Share this post


Link to post
Share on other sites
On 7/2/2017 at 1:14 PM, hjlbx said:

Just curious, how does the parser and behavior blocker handle obfuscated malicious scripts ?

The Behavior Blocker handles behavior, and doesn't care too much about the contents of a file. If it tries to do something we monitor for, then the Behavior Blocker kicks in and does its job. ;)

 

On 7/2/2017 at 1:14 PM, hjlbx said:

... does File Guard simply treat obfuscated scripts as potentially malicious ?

I would believe BitDefender has certain heuristics for obfuscated scripts, however obfuscation itself is not a guarantee that something is malicious (most people who write code closed-source code want to obfuscate it in some way to make it more difficult to figure out what it does), so you can't just quarantine everything that is obfuscated.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.