{"id":77557,"date":"2014-01-07T20:00:22","date_gmt":"2014-01-07T14:30:22","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=77557"},"modified":"2014-01-07T20:00:22","modified_gmt":"2014-01-07T14:30:22","slug":"quick-heal-advanced-behavior-based-malware-detection-system","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/quick-heal-advanced-behavior-based-malware-detection-system\/","title":{"rendered":"Quick Heal Advanced Behavior Based Malware Detection System"},"content":{"rendered":"<p>In an earlier <a href=\"https:\/\/bit.ly\/1bNihWY\" target=\"_blank\">post<\/a>, we had shared some quick facts about the new and improved Quick Heal 2014 product series; particularly about its Advanced DNAScan technology. In this post, we will understand how this technology works.<\/p>\n<p>Gone are the days when malware were a mere recreation or whims of computer enthusiasts. At the present time, they are the biggest threat to the digital assets of people. Malware are being used as cash cows by cybercrooks. Malicious programs are being used for stealing passwords, spreading spams, identity theft, and virtually anything that has monetary profit in it.<\/p>\n<p>Not only are malware increasing at an alarming rate, they are becoming more robust and sophisticated with time. Cybercriminals keep on modifying and updating their malware code, to evade detection by security software.<\/p>\n<p><span style=\"font-size: 18px; color: #006699; font-family: Georgia;\">While there is no silver bullet for the nuisance of malware, Quick Heal does have a solution<\/span><br \/>\nBefore, Quick Heal was running the DNAScan technology. The technology works by detecting new threats heuristically and doesn\u2019t depend on signature database. It analyses scanned files, and traces suspicious attributes of program. If the suspicious score exceeds a predefined threshold value, then the program is detected as potentially malicious, and is submitted to Quick Heal lab for further analysis. However, as discussed, modern malware are becoming more complex, and using advance detection evasion techniques. Thus, detecting such programs with signature-based technology or even heuristically is becoming a challenging task.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/bit.ly\/1gBSSSe\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-77560 aligncenter\" alt=\"behavior_based_detection\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2014\/01\/behavior_based_detection.png\" width=\"412\" height=\"412\" \/><\/a><\/p>\n<p>To overcome such challenges Quick Heal introduced the Advanced Behavior based Detection System in its 2014 product series. This system is built to monitor and track runtime activities performed by each program running in the computer. This is done in real time. The system then compares their activities against a set of malware behavior models. If the behavior of any program matches with any of the predefined malware model then that program is flagged as malicious, and appropriate action is taken to block it.<\/p>\n<p><span style=\"font-size: 18px; color: #ff6600;\">Advanced Behavior Based Detection System &#8211; General Overview:<\/span><br \/>\nWhenever any program is trying to execute on a user\u2019s machine it is first intercepted by our Virus Protection Module. It scans the program for various malware signatures, generic detections, malware family-based detections and other heuristic detections. If any of the detections gets matched, the program is flagged as malicious and it is blocked.<\/p>\n<p>If the program is not identified as malicious, then it is indicated to our Behavior Analysis Module which continuously monitors the activities carried out by it. If the program tries to carry one or more of the following suspicious activities, then it is immediately indicated as malicious:<\/p>\n<p><strong>&#8211;<\/strong> Dropping executable files in system folder<\/p>\n<p><strong>&#8211;<\/strong> Adding auto-execution entries in the registry<\/p>\n<p><strong>&#8211;<\/strong> Injecting code in system processes<\/p>\n<p>Depending on the user settings, our Behavior Analysis Module will automatically quarantine the program or prompt the user to take an appropriate action.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-77404 aligncenter\" alt=\"BDS_3_Alert_Prompt\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2013\/12\/BDS_3_Alert_Prompt.png\" width=\"459\" height=\"264\" \/><\/p>\n<p>Quick Heal&#8217;s Behavior Analysis Module is also fine-tuned for performance by excluding various system programs from monitoring.<\/p>\n<p><span style=\"font-size: 18px; color: #186118;\">Effective against Emerging Threats<\/span><br \/>\nQuick Heal\u2019s Advanced Behavior Based Detection System is effective against latest and emerging malware threats. For instance, the recently discovered CryptoLocker family uses various advance obfuscation techniques to evade detections. Quick Heal\u2019s Behavior Detection Module successfully detects and blocks around 90% of CryptoLocker samples.<\/p>\n<p>The system has also been successful in detecting malware which try to exploit vulnerabilities especially in Microsoft Office and Adobe PDF reader applications.<\/p>\n<p>In conclusion, the Behavior Detection Module greatly improves the proactive detection capability of the latest <a href=\"https:\/\/bit.ly\/1gBSSSe\" target=\"_blank\">Quick Heal 2014 Product Series<\/a> against modern malware such as ransomware, zero-day threats and advanced persistent threats.<\/p>\n<p><strong>Blog Acknowledgement<\/strong>: <span style=\"font-size: 15px; color: #006699;\">Quick Heal Scan Engine Team<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In an earlier post, we had shared some quick facts about the new and improved Quick Heal 2014 product series; particularly about its Advanced DNAScan technology. In this post, we will understand how this technology works. Gone are the days when malware were a mere recreation or whims of computer enthusiasts. At the present time, [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":77560,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[802,444,803,804,808],"class_list":["post-77557","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware","tag-advanced-dnascan-technology","tag-advanced-persistent-threat","tag-advanced-virus-scan","tag-behavior-based-detection","tag-quick-heal-2014"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/77557"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=77557"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/77557\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=77557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=77557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=77557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}