lucaStronks

What types of malicious behavior does the behavior blocker detect?

Recommended Posts

I've been using Emsisoft for quite a while now, and something that has sparked my interest is the behavior blocker.

In my time of using Emsisoft it has already detected multiple programs with different types of malicious behavior such as 'CodeInjector', 'CryptoMalware', 'BrowserSettingsChange' and 'AutorunCreation'.

So I was wondering: what different types of malicious behavior does Emsisoft detect? I found this old blog post (https://blog.emsisoft.com/en/3466/behavior-blocker-how-it-works/) from 2012, but that was a long time ago and it has probably been updated since. Is there an updated list or a more recent documentation somewhere?

Share this post


Link to post
Share on other sites

I've a feeling they won't tell you, at least not in great detail, because doing so might give clues to malware writers about how they detect things.   For example, it's clearly ok for some programs to update certain registry keys - installers do it all the time - but maybe they flag that when there's a good reason not to think that the program is a 'proper installer'.

Share this post


Link to post
Share on other sites
1 hour ago, JeremyNicoll said:

I've a feeling they won't tell you, at least not in great detail, because doing so might give clues to malware writers about how they detect things.   For example, it's clearly ok for some programs to update certain registry keys - installers do it all the time - but maybe they flag that when there's a good reason not to think that the program is a 'proper installer'.

Well, I'm not really asking how, just what. Like I said, they've stated it before, that was just a long time ago. For example knowing that they detect crypto mining doesn't at all help malware developers. Knowing how, however, would, but again that's not what I'm asking :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.