BitDefender ACTIVE VIRUS CONTROL Technology - An Overview.

[MS.]

BITDEFENDER ACTIVE VIRUS CONTROL:
PROACTIVE PROTECTION AGAINST
NEW AND EMERGING THREATS

BitDefender Active Virus Control: heuristic detection advances to the next level

In order to provide maximum security, all BitDefender 2011 products use a four step scanning sequence:
-Step 1: Each time a file is accessed, copied or downloaded via the Web, email or instant messenger, the file is intercepted by either the BitDefender File System driver or the appropriate proxy and sent for scanning.
-Step 2: The file is checked against the BitDefender Signature Database (a database of malware “fingerprints”) that is continually updated on an hourly basis. If the file contents match one of the signatures, the product automatically tries to disinfect the virus. If this action fails, the file is moved to the quarantine folder. If no signature is matched, the file is passed to B-HAVE to be checked.
-Step 3: B-Have checks the file by running it in a virtual environment inside the BitDefender Engine. If the file exhibits suspicious, malware-like activity, B-Have reports the file as malicious. If not, the file is declared clean and the relevant process is allowed to run.
-Step 4: Active Virus Control monitors the actions of the processes (specific processes) as they are running on the computer. It looks for signs specific to viruses and gives a certain score for each of these actions. When the overall score for a process reaches a given threshold, the process is reported as harmful and, depending on the user profile, it is either terminated or the user is prompted to specify the action that is to be taken (depending on the mode in which BitDefender is being run).
Unlike B-HAVE and other heuristic scanners, Active Virus Control monitors everything applications do for as long as they are active and so cannot be defeated by the delaying tactics that some advanced malware deploys. Additionally, this constant monitoring also prevents malware from exploiting or hijacking already trusted applications.

How Active Virus Control works: a technology overview

Active Virus Control continuously monitors all running applications and processes, exc[/B]ept:
-Processes specifically excluded from monitoring by the user (white-listed processes).
-System processes such as crss.exe, lsass.ese or smss.exe that are known to be clean.
-All processes loaded before the Security Service (vsserv.exe).
-On Windows XP 64-bit and Windows 2003 64-bit system, Active Virus Control monitors only processes running in 64-bit mode (processes running in 32-bit mode are not monitored).

Applications and process are continuously monitored for as long as they are active for signs of suspicious, malware-like activity, including:
-Not waiting for or requesting any form of user interaction
-Not displaying any type of user interface when executing or terminating the execution
-Copying or moving files in C:\Windows\ or C:\Windows\System32\
-Having an unrelated type of icon - for example, a process that has a folder icon
-Executing code in another processes’ space in order to run with higher privileges
-Running files that have been created with information stored in the binary file
-Self-replicating
-Creating an auto-start entry in the registry
-Attempting to hide from process enumeration applications
-Dropping and registering drivers in C:\Windows\System32\
As legitimate applications will sometimes perform one or more of these actions (such as creating an auto-start entry), Active Virus Control does not determine a process to be malicious based on any single action; instead, it keeps a running score and only categorizes an application as mali- cious when a certain threshold is reached. This minimizes the incidence of misidentifications (false-positives) avoiding unnecessary intervention by the user.

Active Virus Control greatly increases the detection rate of
evasive stealth malware:
In internet testing, 63.5% of the malware samples which were not detected by either the standard BitDefender scanning engine or by B-HAVE were detected by Active Virus Control. Given that B-HAVE is one of the most advanced and effective heuristic scanning engines on the market, it is clear that Active Virus Control has the ability to provide substantially better protection than other solutions and to drastically reduce the risk of a system being compromised by a new or emerging threat.

More information is available at www.bitdefender.com.

Use BitDefender: Maximum Security Maximum Speed.

[Ande]

Thanks, MS. Sounds good, doesn't it? Now we have to figure out if it really delivers....

[leofelix]

Thank you for this summary which can be easily found here

Code:

http://download.bitdefender.com/resources/files/Main/file/active_virus_control_wp.pdf

and here


http://www.bitdefender.com/site/view/technology.html

and which has been introduced starting from BitDefender 2010.

Let's move this sort of advertisement to the proper section forum

Use BitDefender: Maximum Security Maximum Speed.

Thanks but no thanks

[ginzon]

Use BitDefender: Maximum Security Maximum Speed.

Also Use BitDefender for Maximum bugs you want to encounter ..

Abt detection its good but toooo BUUGGYYY!!

[sujay]

Abt detection its good but toooo BUUGGYYY!!

Very true....

[Boyfriend]

Thanks MS and leofelix for link and info. I had studied it thoroughly and have basic understanding. Technology is promising, but need further tuning and thorough testing. Results are not satisfactory in practical tests.

[Neo]

Very true....

add mine agreement to this also
hope the 2011 version would have fixed the bitdef auto shutdown restart problem

[ginzon]

Looks like many ppl agree... :P

[MS.]

All i can say is LOL.
Only people on this forum have problems with it. It never had auto shutdown problem, i don't see it buggy, it detection is great. Real-time protection is awesome.

No, I'm not a BitDefender fanboy but follower of a really good product.
When kaspersky,norton,gdata slowed down, emsisoft,avira gave false positive, McAfee,AVG gave wrong,late updates etc etc etc, then BD stood firm.

[Alboguy]

All i can say is LOL.
Only people on this forum have problems with it. It never had auto shutdown problem, i don't see it buggy, it detection is great. Real-time protection is awesome.

No, I'm not a BitDefender fanboy but follower of a really good product.
When kaspersky,norton,gdata slowed down, emsisoft,avira gave false positive, McAfee,AVG gave wrong,late updates etc etc etc, then BD stood firm.

I had issues with BDAV too. It's detected explorer.exe as a trojan. You might be right about the new version MS. I haven't tried it yet.