关于Sophos的 HIPS

firefox3

找到一些官方说明，有兴趣的童靴可以阅读一下 大概好像是 什么行为基因啊 可疑行为检测啊 缓冲区溢出检测啊 可疑文件检测 bla bla bla……一堆术语




http://www.sophos.com/en-us/why- ... echnology/hips.aspx

http://www.sophos.com/en-us/why- ... s-of-detection.aspx

http://www.sophos.com/en-us/thre ... vior-and-files.aspx




HIPS detection in four layers
Our threat detection engine analyzes the behavior of code before it executes and prevents it from running if it is considered to be suspicious or malicious. It also uses runtime detection to intercept threats.

Pre-execution detection
1. Behavioral Genotype® Protection: Tuned to detect variants, families (like the Storm worm) and large categories of malware (like encrypted malware), Genotype Protection guards against unknown malware by analyzing behavior before code executes. It uses pre-execution scanning to determine the functionality of the code, and the behavior it is likely to exhibit, all without allowing the code to run. Our threat detection engine detects zero-day threats without the need for signature updates or separate HIPS software.

View malicious behavior descriptions   
2. Suspicious file detection: Where Behavioral Genotype Protection is tuned to detect only malicious files, suspicious file detection will identify files that are highly likely to be malicious, again doing this by determining what the behavior of a file would be if the file were to be run. This detection provides the benefits of a traditional runtime behavior-based system without impacting system performance, or the inherent security issue of allowing a file to run before detection takes place.

View suspicious file definitions  
Runtime detection
3. Suspicious behavior detection: This layer of detection watches all system processes for signs of active malware, such as suspicous writes to the registry, or file copy actions. It can be set to warn the administrator and/or block the process. Unlike other behavior-based detection systems, there is no need for the administrator to train or fine tune analysis, as SophosLabs experts do the fine tuning.

View suspicious behavior definitions
4. Buffer overflow detection: A buffer overflow attack is reported when an attempt is made to exploit a running process using buffer overflow techniques. This detection system will catch attacks targeting security vulnerabilities in both operating system software and applications.

Read more about buffer overflow detection  








Sophos双击党大召唤术~~~~~~

liangxy

sophos啊，楼主在用么？不是comodo？

C0007

liangxy 发表于 2012-12-8 15:30
sophos啊，楼主在用么？不是comodo？

楼主用的是双引擎

firefox3

C0007 发表于 2012-12-8 15:33
楼主用的是双引擎

用的comodo（D+和墙） + GD

firefox3

liangxy 发表于 2012-12-8 15:30
sophos啊，楼主在用么？不是comodo？

之前一直在用，换成win8之后用的GD，sophos的墙win8下用不了

liangxy

firefox3 发表于 2012-12-8 15:39
之前一直在用，换成win8之后用的GD，sophos的墙win8下用不了

GD在我这里卡游戏，每次别人都进去打一会了我才能进去

firefox3

liangxy 发表于 2012-12-8 15:40
GD在我这里卡游戏，每次别人都进去打一会了我才能进去

联网游戏的话，就关闭web防护看看

liangxy

firefox3 发表于 2012-12-8 15:40
联网游戏的话，就关闭web防护看看

你说反钓鱼？我关闭了的

firefox3

liangxy 发表于 2012-12-8 15:55
你说反钓鱼？我关闭了的

如果一样设置，游戏又是官方下载的，排除一下
还是不行……恕我无能为力

liangxy

firefox3 发表于 2012-12-8 16:04
如果一样设置，游戏又是官方下载的，排除一下
还是不行……恕我无能为力

已经卸载