MSE对Rootkit的防御怎么样

显示全部楼层 · 发表于 2014-5-10 19:10:23

驭龙发表于 2014-5-10 19:03
不是吧，那不就是高级威胁保护吗，这东西是Norton 2014的最重要变化呀

恕我无知，你有帖子介绍这个吗？

显示全部楼层 · 发表于 2014-5-10 19:12:13

尘梦幽然发表于 2014-5-10 19:10
恕我无知，你有帖子介绍这个吗？

我忘记是2013还是2014的版本改进的这个功能了，不过，我不怎么关注，实际上还是SONAR的一部分吧

显示全部楼层 · 发表于 2014-5-10 19:17:18

驭龙发表于 2014-5-10 19:12
我忘记是2013还是2014的版本改进的这个功能了，不过，我不怎么关注，实际上还是SONAR的一部分吧

我在STAR介绍里面找到的关于rookits的内容，前两个是基于文件，最后一个基于行为：

ERASER Engine
Symantec’s ERASER engine provides repair and removal capability for threats found on a customer’s system by our various detection technologies. ERASER is also responsible for checking that drivers and applications that run at startup are not malicious. To ensure that our product is not being tricked by rootkits or other malware, ERASER uses a number of techniques that bypass regular system registry and disk lookups. These technologies allow ERASER to perform direct registry and direct disk access.

Anti-Rootkit Technology
Symantec has 3 different anti-rootkit technologies designed to find and remove even the most stubborn rootkits like Tidserv and ZeroAccess, working around stealthing techniques commonly used by rootkits. The techniques include:
Directly access the hard drive volumes Direct Registry Hive scanning.
Kernel memory scanning.

Top Threat Vectors Symantec’s Behavior-Based technology protects against:
Targeted Attacks including Advanced Persistent Threats (APTs), Trojans, Spyware, Keyloggers and general Malware
Social Engineering Attacks – FakeAV, Rogue Key Generators and Fake Codecs
Bots and Botnets
Non-Process and Injected Threats (NPTs)
Zero-day threats
Malware as the result of drive-by downloads that bypassed other layers of protection
Malware using rootkit techniques to hide

显示全部楼层 · 发表于 2014-5-10 19:20:44

尘梦幽然发表于 2014-5-10 19:17
我在STAR介绍里面找到的关于rookits的内容，前两个是基于文件，最后一个基于行为：

第二个不就已经说是直接扫描内存和硬盘吗，那应该是监控的了。我们下次在Symantec区聊吧

[新手上路] MSE对Rootkit的防御怎么样