hjlbx

How does the parser & behavior blocker handle obfuscated malicious scripts ?

Recommended Posts

Just curious, how does the parser and behavior blocker handle obfuscated malicious scripts ?

Same for in memory-only ?

Or does File Guard simply treat obfuscated scripts as potentially malicious ?

 

 

Share this post


Link to post
Share on other sites

I'm not sure how EIS would tell the difference between an 'obfuscated' script and a 'minified' one.  Scripts downloaded for use on webpages are very often minified.  They are fetched faster than larger scripts, and once on your machine will be executed very slightly faster.  Minification certainly obscures what a script does, but does so for good reasons.

Share this post


Link to post
Share on other sites
On 7/2/2017 at 1:14 PM, hjlbx said:

Just curious, how does the parser and behavior blocker handle obfuscated malicious scripts ?

The Behavior Blocker handles behavior, and doesn't care too much about the contents of a file. If it tries to do something we monitor for, then the Behavior Blocker kicks in and does its job. ;)

 

On 7/2/2017 at 1:14 PM, hjlbx said:

... does File Guard simply treat obfuscated scripts as potentially malicious ?

I would believe BitDefender has certain heuristics for obfuscated scripts, however obfuscation itself is not a guarantee that something is malicious (most people who write code closed-source code want to obfuscate it in some way to make it more difficult to figure out what it does), so you can't just quarantine everything that is obfuscated.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.