Jump to content

Botnet Protection?


Amir
 Share

Recommended Posts

Hi there

I'm back after 2 years😀

I was comparing Emsisoft with Eset in malwaretips and one  of members said a thing i'm not sure it's true:

"...and it has botnet detection etc which I am pretty sure Emsisoft doesn't have"

Does Emsisoft really not detect Botnets?

Link to comment
Share on other sites

17 hours ago, Amir said:

Does Emsisoft really not detect Botnets?

Not in such a way that EAM would notify you that your computer is connecting to a botnet. That being said malware would be doing this and EAM should detect the malware (at the very least with the Behavior Blocker), and if we know the address of the command and control server EAM can block that with Surf Protection.

Link to comment
Share on other sites

44 minutes ago, GT500 said:

Not in such a way that EAM would notify you that your computer is connecting to a botnet. That being said malware would be doing this and EAM should detect the malware (at the very least with the Behavior Blocker), and if we know the address of the command and control server EAM can block that with Surf Protection.

I see but

Isn't it better if you add a botnet protection as a separate component?

Link to comment
Share on other sites

27 minutes ago, Amir said:

Isn't it better if you add a botnet protection as a separate component?

There'd be no need for an extra component for that. It would be pretty much just saying "botnet" in notifications, and calling the change "botnet protection".

Granted I'm not sure how feasible that would be. We don't have control over BitDefender detection names, and on top of that we have (if I remember right) millions of malicious hosts that aren't categorized in such a way that we can quickly and easily reclassify only the botnet related hosts in order to make such a change.

Also, I think the Behavior Blocker will take action against any such programs with a "backdoor activity" notification (or something to that effect).

  • Thanks 1
Link to comment
Share on other sites

Hello @Amir

To implement blocking of botnets, you need to analyze the protocols of data exchange over the network that use malicious programs. well-known Security solution providers usually know the control servers of well-known botnets and will block access to them.
Backdoors, trapdoors try to avoid detection and can doze for a long time to the opportunity. An analysis of behavior and malicious activity will reveal suspicious activity. If the outgoing traffic of the user's PC will exceed the incoming several times, then even in the simplest scenario this will be regarded as malicious activity and blocking will turn on.

  • Thanks 1
Link to comment
Share on other sites

20 hours ago, Amigo-A said:

you need to analyze the protocols of data exchange over the network

That's something that EAM doesn't do. It requires using a man-in-the-middle attack to decrypt encrypted traffic, and since that can reduce your security when online we have thus far preferred not to do it.

EAM will monitor network traffic via WFP (Windows Filtering Platform) in order to monitor things like DNS requests, however it doesn't decrypt traffic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...