Jump to content

about EAM BB


ParhaM
 Share

Recommended Posts

Hi

so i had a Q about EAM Behavior Blocker cause i can't just find any white paper etc to see how it works actually
the Q is that does EAM BB learn how malwares act and stuff like machine learning u know.. the main concern is so we submit an undetected malware to the Emsisoft malware analysts, they will detect it as malware and will add it to the database, so EAM will detect the malware itself from now on, but what about the upcoming malwares with the "same" behavioural algorithm you know? does the behavior blocker learn the algorithms as well? so it can be a self progress or something as well ?

Regards,

  • Upvote 1
Link to comment
Share on other sites

The Behavior Blocker uses a set of rules that we can update at any time. We base those rules on what kind of behavior we see from real-world malware, so if something is submitted that isn't triggering the Behavior Blocker then we can quickly update the rules to make sure that the behavior it exhibits is detected in the future.

  • Upvote 1
Link to comment
Share on other sites

6 hours ago, GT500 said:

The Behavior Blocker uses a set of rules that we can update at any time. We base those rules on what kind of behavior we see from real-world malware, so if something is submitted that isn't triggering the Behavior Blocker then we can quickly update the rules to make sure that the behavior it exhibits is detected in the future.

Is Behavior Blocker able to create its own rules without YOU? I mean, is it possible BB use machine learning or artificial intelligence? I think, Using these technologies for BB may reduce the false positive and detect Zero-Day malware.

Anti-Malware software cannot have effective protection and detection as long as it is dependent on its creators. Do you agree with me?

Link to comment
Share on other sites

Have a read of this blog batman, it may give you more info.

Quote

Solutions that use a combination of protection technologies will likely provide better security than a product that is entirely AI-based. For example, Emsisoft leverages the power of AI and machine learning as well as other protection technologies such as behavioral analysis and signature checkers.

https://blog.emsisoft.com/en/35668/the-pros-cons-and-limitations-of-ai-and-machine-learning-in-antivirus-software/

Link to comment
Share on other sites

2 minutes ago, stapp said:

I read this. But according to Arthur's reply:
Behavior Blocker does not create new rules independently and without their intervention. Rules send to Behavior Blocker by the update

Link to comment
Share on other sites

Fabian Wosar ( @Fabian Wosar ) posted quite a lot of detail (about himself and his approach to things) and about how Emsisoft do things in a discussion about a year ago, here: https://malwaretips.com/threads/i-am-head-of-research-at-emsisoft-ask-me-anything.90999/   I can't remember if the BB was discussed or not but I had the impression that there are AI-like tools being used by the people who build the rule sets.

Link to comment
Share on other sites

20 hours ago, Batman said:

I read this. But according to Arthur's reply:
Behavior Blocker does not create new rules independently and without their intervention. Rules send to Behavior Blocker by the update

The rules I'm talking about are different from the ones created when you click an option in a dialog. The Behavior Blocker uses our Anti-Malware Network to facilitate automation of setting allow/deny rules for things that do trigger behavioral detection, however detection rules are set by our malware analysts based on their research.

  • Thanks 1
  • Confused 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...