What types of malicious behavior does the behavior blocker detect?

[Mart Worou]

I've been using Emsisoft for quite a while now, and something that has sparked my interest is the behavior blocker.

In my time of using Emsisoft it has already detected multiple programs with different types of malicious behavior such as 'CodeInjector', 'CryptoMalware', 'BrowserSettingsChange' and 'AutorunCreation'.

So I was wondering: what different types of malicious behavior does Emsisoft detect? I found this old blog post (https://blog.emsisoft.com/en/3466/behavior-blocker-how-it-works/) from 2012, but that was a long time ago and it has probably been updated since. Is there an updated list or a more recent documentation somewhere?

[JeremyNicoll]

I've a feeling they won't tell you, at least not in great detail, because doing so might give clues to malware writers about how they detect things.   For example, it's clearly ok for some programs to update certain registry keys - installers do it all the time - but maybe they flag that when there's a good reason not to think that the program is a 'proper installer'.

[Mart Worou]

1 hour ago, JeremyNicoll said:

I've a feeling they won't tell you, at least not in great detail, because doing so might give clues to malware writers about how they detect things.   For example, it's clearly ok for some programs to update certain registry keys - installers do it all the time - but maybe they flag that when there's a good reason not to think that the program is a 'proper installer'.

Well, I'm not really asking how, just what. Like I said, they've stated it before, that was just a long time ago. For example knowing that they detect crypto mining doesn't at all help malware developers. Knowing how, however, would, but again that's not what I'm asking