Hello,

I would like to know if there is any document or technical documentation about Ewido ? I wasn't able to find any on the official website.
I am particurarely interested by the guard, especially it's feature "Generic crypter detection through emulation" and it's new heuristic (v4.0).

Usually, security products have some PDF papers of detailed documentation/help, did I miss anything ?

Thanks you in advance :)

Regards,
gkweb.

Hi gkweb,
Some documentation, the help file, will be available for Ewido 4 the final version is released.

http://www.wilderssecurity.com/showpost.php?p=736476&postcount=74

I will release a small article on pre-decompression delays and very basic anti-emulation techniques (like waiting loops). Such article is almost finished and maybe I can release a preview today.

The idea is to figure out whether a pre-decryption delay will confuse on-access memory scanners and/or generic unpacking engines.

What I can already say is (i) it can be extremely easy to outfox an emulation and/or an on-access memory scanner, (ii) certain scanners but (apparently) not Ewido compensate this with the help of clever heuristics, (iii) Ewido's on-access memory scanner has been significantly improved so that it cannot be easily outfoxed by decompression delays anymore.

Thank you for the information, I'm waiting your paper on this subject, seems highly interesting :)

About the help file available at the final v4.0 release, I thought it would have already some documentation about the current 3.5 (not installed on my system, so no help file to check).

Regards,
gkweb.