DeepGuard, the most proactive security approach

The Security Cloud also allows Response Labs analysts to provide critical human intelligence and judgment to complement the automated systems and on-host scanning technology

- File reputation queries
- Behavioral Analysis (with emulation)
- Process monitoring (without emulation)

The process monitoring also creates detailed binary executions snapshots
These snapshots are used for updating file Reputation around the world

More info here

http://campaigns.f-secure.com/software-updater/deepguard_whitepaper_final.pdf

 

Nice read. I'm running F-Secure now and have been very impressed with its performance and effectiveness so far. But what I like about it most is that they can make good, stable products with significant contributions of their own apart from the things they license, and that they cleverly tinker even with the latter, the best example being DeepGuard. Besides, maybe I'm reading too much into it, but they refrained from looking for quick fixes like buy the next hottest engine to get out of their slump in test results a few years ago, focusing on improving their own tech again using their own brains and research instead. In short, they're aware of being a security company just as much as a software vendor. I'm confident that even when Bitdefender starts to suck, F-Secure (and Emsi too) will stand firm whether they'll stick with it or not.

 

Donno, avast!'s approach is also very interesting (DeepScreen) and i know that AVG's IDP is very effective and same goes for BitDefender AVC, Kaspersky PDM (donno how it's called now). Not sure why only DeepGuard would be so special.

 

Kaspersky PDM is n0w the System Watcher+PDM, and this is the 0nly behavi0ral techn0l0gy similar t0 DeepGuard I kn0w t0 date; b0th d0 use 0f special signatures during runtime while pr0cesses are c0ntinu0sy m0nit0red

Avast uses Dynamic translati0n which is 0nly a highly efficient emulati0n

 

There is also Panda Cloud, more exactly the Collective Intelligence where all suspicious samples get processed.

"All activities take place in the cloud (sample gathering, checking and verdict generation). The result: immediate file classification and response to Panda Cloud Antivirus. All these processes are fully automated and instantaneous.

"Panda Cloud Antivirus queries Collective Intelligence about the files it scans instead of a signature file on your PC. Suspicious files are instantly checked against a set of technologies (correlation, emulation, sandboxing, behavioral analysis, graph systems, remote heuristics, file infector, multi-scanner, packers, etc.), to determine if they are viruses or not."

More...here
http://www.cloudantivirus.com/help/01/h_en/13.htm

 

Replacing letters with zeros doesn't make you l33t... And DeepScreen is behavior analysis in virtual environment and it's not "just" highly efficient emulation.

 

Exactly like y0u said, is behavi0ral analysis, n0t behavi0ral m0nit0ring

 

I somehow doubt it's intentional. Then again, (s)he could have copypasted it from Character Map every time, but it's not always convenient I guess.

/OT

 

It's the same thing. Except in avast!'s case, it's done in virtualized environment on a host system where most of others do it on a live host. That's why avast!'s concept is interesting. They actually have more control than on love system, because it's entirely under their control. Where on live, it's just what they intercept.

 

An0ther difference is the ability t0 r0llback malware changes in the Real Live H0st System, s0mething which is usually difficult in m0st pr0duct but relevant f0r the user
Also, the ability to analyze Windóws services
And the analyzed data is calculated for multiple user logons/sessions

 

Seriously, drop the zero thing in words, it's very annoying...

 

The keyboard is surely broken...

 

I agree; the person has over 1100 posts. I'm sure something happened to the recently...

 

This approach is somehow a mystery, added to the fact there are no deep insight on how that technolgy works

 

There isn't one but it seems effective, seeing how well Panda Cloud has always scored in pretty much all tests.