官方对Viruscope的解释(E文)

mxf147

Viruscope monitors the activities of processes running on your computer and alerts you if they attempt to take suspicious actions. Apart from forming yet another layer of malware detection and prevention, the sub-system represents a valuable addition to the core process-monitoring functionality of the Behavior Blocker by introducing the ability to reverse potentially undesirable actions of software without necessarily blocking the software entirely. This provides more granular control over otherwise legitimate software which requires certain actions to be taken in order to run correctly.

Viruscope alerts give you the opportunity to quarantine the process & reverse its changes or to let the process go ahead. Be especially wary if a Viruscope alert pops up 'out-of-the-blue' when you have not made any recent changes to your computer.

The Behavior Blocker settings panel allows you to configure the following:  
Auto-sandbox unknown applications
Detect installers and show privilege alerts
Define exceptions for behavior blocking
Viruscope Settings
Detect shellcode injections
Do heuristic command-line analysis
Auto-sandbox unknown applications as - Allows you to enable or disable the Behavior Blocker. If enabled, the Behavior Blocker runs unrecognized applications inside the auto-sandbox with the access restriction as selected in the drop down menu. (Default = 'Enabled' with 'Partially Limited')

Note: The Behavior Blocker configuration setting can also be set in the 'Advanced View' of the 'Home' screen beside the Auto-Sandbox status link in the 'Defense+ and Sandbox' pane.

Note: The 'auto-sandbox' referred to here is distinct from the Virtual Kiosk discussed in Sandbox Tasks. For the most part, the 'auto-sandbox' is a non-virtual environment under which unrecognized applications are allowed to run under a set of strict access restrictions (default='Partially Limited'). These restrictions prevent the application from taking actions that are damaging to your system. Users can, however, enable 'Full Virtualization' of auto-sandboxed files in the Behavior Blocker settings.

sxingbai

这算智能启发吧

cylxg999

提供以下谷歌翻译


Viruscope监控您的计算机，并提醒用户在运行的进程的活动，如果他们试图采取可疑的行动。除了成型的恶意软件检测和预防的另一个层，子系统代表一个有价值的除了行为拦截器的引入扭转的软件潜在的不良行为，而不必阻止该软件完全是能力的核心流程监控功能。这提供了更细粒度的控制，需要采取以正确执行某些操作，否则正版软件。

Viruscope警报给你机会来隔离的过程及逆转其更改或让进程继续下去。要特别小心，如果一个Viruscope警报弹出'外的的蓝色“当你还没有所作的最新修改到您的计算机。
该行为阻止程序设置面板使您可以进行以下配置：
自动沙箱未知应用程序
检测安装程序，并显示警示特权
定义行为阻断异常
Viruscope设置
检测的shellcode注射
做启发式命令行分析
自动沙箱未知应用程序的 - 允许您启用或禁用行为拦截。如果启用，行为拦截器运行自动沙箱中无法识别的应用程序访问限制，在下拉菜单中选择。 （默认为“已启用”与“部分有限”）


注：该行为拦截的配置设置也可以在“高级视图”中的“防御+和沙箱”窗格中的自动沙箱状态链接旁边的“主页”屏幕上的设置。

注意：“自动沙盒”这里所指的是在沙箱任务所讨论的虚拟亭截然不同。在大多数情况下，将“自动沙盒”是一种非虚拟环境下无法识别的应用程序被允许在一组严格的访问限制（默认值='部分有限“）执行。这些限制阻止应用程序采取任何会损害到你的系统的行为。用户可以，但是，能够在行为阻止程序设置自动沙箱的文件“完全虚拟化”。

tg123321

多步行为分析？毛豆也在做主防么？

ccddeee

sxingbai 发表于 2014-2-3 08:59
这算智能启发吧

是不是有点像微点？

落漠

好专业的样子，看不懂

Yukari190

其实就是回滚吧

Candygu

已添加到置顶帖。

f520510

如果不做好排除可能不是那么好用