Jump to content

How does the parser & behavior blocker handle obfuscated malicious scripts ?


hjlbx
 Share

Recommended Posts

Just curious, how does the parser and behavior blocker handle obfuscated malicious scripts ?

Same for in memory-only ?

Or does File Guard simply treat obfuscated scripts as potentially malicious ?

 

 

Link to comment
Share on other sites

I'm not sure how EIS would tell the difference between an 'obfuscated' script and a 'minified' one.  Scripts downloaded for use on webpages are very often minified.  They are fetched faster than larger scripts, and once on your machine will be executed very slightly faster.  Minification certainly obscures what a script does, but does so for good reasons.

Link to comment
Share on other sites

On 7/2/2017 at 1:14 PM, hjlbx said:

Just curious, how does the parser and behavior blocker handle obfuscated malicious scripts ?

The Behavior Blocker handles behavior, and doesn't care too much about the contents of a file. If it tries to do something we monitor for, then the Behavior Blocker kicks in and does its job. ;)

 

On 7/2/2017 at 1:14 PM, hjlbx said:

... does File Guard simply treat obfuscated scripts as potentially malicious ?

I would believe BitDefender has certain heuristics for obfuscated scripts, however obfuscation itself is not a guarantee that something is malicious (most people who write code closed-source code want to obfuscate it in some way to make it more difficult to figure out what it does), so you can't just quarantine everything that is obfuscated.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...