本帖最后由 jason_jiang 于 2010-6-3 22:48 编辑
http://acs.pandasoftware.com/cloud/CloudAntivirus.exe
不多说了,自己看这个
http://www.cloudantivirus.com/en/download/cloud-antivirus/free
也就是说Panda Cloud Antivirus将有免费版和收费版
这样一来,就有了CAVFree、CAVPro、PAV、PIS、PGP五大产品,PAV变鸡肋了
1.1新特性
* Behavioural blocking. Proactive, signature-less, protection against malicious actions typically used by malware. Generic blocking of malicious PDF/DOC/XLS/PPT/WMV/etc. droppers. Compatible with both 32 and 64bit Operating Systems.
* Behavioural analysis (PRO only). Runtime analysis and blocking of running processes. Compatible with 32bits Operating Systems as well as for 32bit processes under 64bit systems.
* Advanced configuration. Ability to turn on/off and tweak the behaviour of the different engines, cloud responses, advanced logging, recycle bin settings, exclusions, etc.
* Self-protection of the AV processes and configurations.
* Re-do detections that were previously un-done so that they are detected again.
* Automatic upgrades (PRO only) to new engine versions and new features automatically and transparently.
* Improved offline protection. Default deactivation of Windows Autorun.
* USB vaccination (PRO only) Automatic vaccination of USB memory keys and hard drives.
* Ability to run alongside other AVs and Anti-Spyware. Can now be run alongside other security tools and scanners.
* Full scan option. Added option to run a full PC scan easily.
* More languages. Added 9 new languages. PCAV is now available in a total of 20 languages: English, German, French, Spanish, Dutch, Italian, Portuguese, Swedish, Greek, Polish, Simplified Chinese, Traditional Chinese, Russian, Brazilian Portuguese, Turkish, Hungarian, Japanese, Slovak, Norwegian and Finnish.
* Quicker download & install experience thanks to new stub-installer which is 300kb in size.
* More options for restoring neutralized files. More flexibility when recovering neutralized files, allowing for automatic and manual recovery, exclusions, configuration of the Recycle Bin automatic emptying, path to recover, etc.
* Improved handling of known good files to reduce false positive rates by the new behavioural engine and automated classification from the Collective Intelligence servers.
* Optimized installation background scan by using adaptive low-priority scans.
* Improved scanning progress information by showing when a large compressed file is being scanned to avoid the perception that the stuck is stuck.
* Fixed certain situations when the PandaCloudTestFile.exe was not being detected even though the PC was correctly connected to the Internet.
TruPrevent内置规则详解
Panda Cloud Antivirus 1.1 (Free Edition and Pro) incorporates two types of behavioral protections; behavioral blocking and behavioral analysis. In this post we are going to concentrate on the behavioral blocking rules, which are included by default in both the Free Edition and Pro version of Panda Cloud Antivirus.
The behavioral blocking engine is composed of a collection of rules of typical malicious actions performed or exploited by or through a group of programs. The types of behavior blocking rules included in Panda Cloud Antivirus can be grouped into four main areas.
Malware family specific rules
* Rule 4001: Generic rules to block TDSS Rootkit installations.
* Rules 4002 & 4003: Block autorun type of malware by limiting autorun.inf file creation and modifications.
* Rules 4004 & 4005: Generically block certain rogue malware installers.
* Rules 4006 & 4007: Prevent installations of Lineage trojan family generically.
* Rules 4009 & 4010: All W32/Viking virus variants create files with a common name, so we don’t allow execution or creation of these files.
* Rule 4011: Typical files and processes from the W32/Beagle malware have been blocked from being created or executed.
Operating System Security Policies
* Rule 4008: Some application (email clients, MSN, IM, video/sound players) is trying to modify the host file. This is typical of malicious modifications to the Operating System to redirect websites to compromised hosts.
* Rules 4013 & 4014: Windows will always look if c:\explorer.exe exists and, if it does, Windows will execute it instead of the real Windows Explorer. If you receive an alert, some kind of malware is trying to create or execute the file c:\explorer.exe. This is a dangerous operation.
* Rule 5001: During normal behaviour DNS Server Application shouldn’t need to create or execute any executable. If you receive an alert, some kind of vulnerability is being exploited.
* Rule 5003: During normal behaviour, email clients, MSN, IM, video/sound players, text editors, Office app, compressors, shouldn’t need to execute administration, network or command shell tools. If you receive an alert, some kind of vulnerability is being exploited.
* Rule 5004: During normal behaviour, Network Server Applications shouldn’t need to execute administration, network or command shell tools. If you receive an alert, some kind of vulnerability is being exploited.
* Rule 5008: During normal behaviour some applications shouldn’t need to create executable files in the system. So if you receive an alert, some kind of vulnerability is being exploited.
* Rule 5023: During normal behaviour DNS Server Application (dns.exe) shouldn’t need to create or execute any executable programs. If you receive an alert, some kind of vulnerability is being exploited.
Browser vulnerability exploit prevention rules
* Rule 5002: During normal behaviour, Web browsers shouldn’t need to execute administration, network or command shell tools. If you receive an alert, some kind of vulnerability is being exploited.
* Rule 5005: During normal behaviour Web browsers shouldn’t need to execute files from downloaded programs directories. This rule prevents some IE vulnerabilities normally exploited by drive-by downloaders. If you receive an alert, some kind of vulnerability is being exploited.
* Rules 5020 & 5021: Prevents Internet Explorer vulnerabilities from exploiting Microsoft HTML Application Hosts to create and execute malicious code. If you receive an alert, some kind of IE vulnerability is being exploited.
Generic application vulnerability exploit prevention rules
* Rule 5006: During normal behaviour multimedia aplications shouldn’t need to execute files. So if you receive an alert, some kind of vulnerability is being exploited.
* Rule 5007: During normal behaviour Windows Media Player shouldn’t need to execute files. So if you receive an alert, some kind of vulnerability is being exploited.
* Rules 5009 & 5014: During normal behaviour Microsoft Word shouldn’t need to create executable files in the system. So if you receive an alert, some kind of vulnerability is being exploited.
* Rules 5010 & 5015: During normal behaviour Microsoft Excel shouldn’t need to create executable files in the system. So if you receive an alert, some kind of vulnerability is being exploited.
* Rules 5011 & 5016: During normal behaviour Microsoft PowerPoint shouldn’t need to create executable files in the system. So if you receive an alert, some kind of vulnerability is being exploited.
* Rules 5012 & 5017: During normal behaviour PDF readers shouldn’t need to create executable files in the system. So if you receive an alert, some kind of vulnerability is being exploited.
* Rules 5013 & 5018: During normal behaviour Open Office shouldn’t need to create executable files in the system. So if you receive an alert, some kind of vulnerability is being exploited.
* Rule 5019: During normal behaviour Exchange Server Applications shouldn’t need to execute administration, network or command shell tools. If you receive an alert, some kind of Exchange Server vulnerability is being exploited.
* Rule 5022: During normal behaviour IIS Web Server Applications shouldn’t need to execute administration, network or command shell tools. If you receive an alert, some kind of IIS vulnerability is being exploited.
* Rule 5024: Generic rule to block exploitation of certain Operating System and third-party applications that try to create and execute malicious code. If you receive an alert, some kind of vulnerability is being exploited.
Thanks to this behavioural blocking engine Panda Cloud Antivirus is able to proactively and genericaly protect against a large variety of malware and exploits which specializes in bypassing signature and heuristic detection. More importantly, it is able to do this without any impact on performance. |
[复制链接]
发表于 2010-6-3 21:13:46
楼主