Recommended Posts

Hi

so i had a Q about EAM Behavior Blocker cause i can't just find any white paper etc to see how it works actually
the Q is that does EAM BB learn how malwares act and stuff like machine learning u know.. the main concern is so we submit an undetected malware to the Emsisoft malware analysts, they will detect it as malware and will add it to the database, so EAM will detect the malware itself from now on, but what about the upcoming malwares with the "same" behavioural algorithm you know? does the behavior blocker learn the algorithms as well? so it can be a self progress or something as well ?

Regards,

  • Upvote 1

Share this post


Link to post
Share on other sites

The Behavior Blocker uses a set of rules that we can update at any time. We base those rules on what kind of behavior we see from real-world malware, so if something is submitted that isn't triggering the Behavior Blocker then we can quickly update the rules to make sure that the behavior it exhibits is detected in the future.

  • Upvote 1

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

The Behavior Blocker uses a set of rules that we can update at any time. We base those rules on what kind of behavior we see from real-world malware, so if something is submitted that isn't triggering the Behavior Blocker then we can quickly update the rules to make sure that the behavior it exhibits is detected in the future.

Is Behavior Blocker able to create its own rules without YOU? I mean, is it possible BB use machine learning or artificial intelligence? I think, Using these technologies for BB may reduce the false positive and detect Zero-Day malware.

Anti-Malware software cannot have effective protection and detection as long as it is dependent on its creators. Do you agree with me?

Share this post


Link to post
Share on other sites

Have a read of this blog batman, it may give you more info.

Quote

Solutions that use a combination of protection technologies will likely provide better security than a product that is entirely AI-based. For example, Emsisoft leverages the power of AI and machine learning as well as other protection technologies such as behavioral analysis and signature checkers.

https://blog.emsisoft.com/en/35668/the-pros-cons-and-limitations-of-ai-and-machine-learning-in-antivirus-software/

Share this post


Link to post
Share on other sites
2 minutes ago, stapp said:

I read this. But according to Arthur's reply:
Behavior Blocker does not create new rules independently and without their intervention. Rules send to Behavior Blocker by the update

Share this post


Link to post
Share on other sites

Fabian Wosar ( @Fabian Wosar ) posted quite a lot of detail (about himself and his approach to things) and about how Emsisoft do things in a discussion about a year ago, here: https://malwaretips.com/threads/i-am-head-of-research-at-emsisoft-ask-me-anything.90999/   I can't remember if the BB was discussed or not but I had the impression that there are AI-like tools being used by the people who build the rule sets.

Share this post


Link to post
Share on other sites
20 hours ago, Batman said:

I read this. But according to Arthur's reply:
Behavior Blocker does not create new rules independently and without their intervention. Rules send to Behavior Blocker by the update

The rules I'm talking about are different from the ones created when you click an option in a dialog. The Behavior Blocker uses our Anti-Malware Network to facilitate automation of setting allow/deny rules for things that do trigger behavioral detection, however detection rules are set by our malware analysts based on their research.

  • Thanks 1
  • Confused 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.