Jump to content

yongsua

Members
  • Content Count

    122
  • Joined

  • Last visited

  • Days Won

    2

yongsua last won the day on March 13 2015

yongsua had the most liked content!

Profile Information

  • Location
    Malaysia
  1. Maybe ESS can be implemented with some sort of PID mapping or positioning system? Is it possible? Or at least the current PID is displayed on the interactive mode alert. Although PIDs vary each time a process starts but at least knowing the current PID can be helpful to identify which svchost and the thread that is attempting to connect to the Internet, which gives a chance to the user to initially jot down the threads or handles or DLLs involved by using basic dynamic analysis tool such as Process Explorer so that the user can just refer to the services or handles or DLLs involved from what t
  2. I would like to suggest that if the upcoming ESS could include PID for each process in the Rule and Zone editor as it would be much helpful for me to determine which svchost and the thread inside it is attempting to connect to Internet. Thank You. As you can see from the above pic, I really have no idea which svchost is attempting to connect to the Internet.
  3. Well, I would prefer Active heuristic and I believe ESET has implemented it. "Active heuristics are referred to by a variety of names by different vendors. Some call the technique “sandboxing”, others call it “virtualization” or “emulation.” In all cases the idea is to create a safe virtual environment, run the code to be inspected and watch the behaviors in order to assess risk." (Source:hxxp://static2.esetstatic.com/us/resources/white-papers/Understanding_Heuristics.pdf) If any unknown infection is found, ESET will move or have a copy of that infected files after deletion into the q
  4. More features, more memory consumption. IMO, HIPS is enough to replace the behavior detection. So, I will stick to HIPS.
×
×
  • Create New...