Avc And Sandbox ------ Hybrid Proactive Defense Matrix

I would like to suggest if you are interested in introducing Sandbox for files and processes in the next iteration of Bitdefender Products, then it should be in-connection with AVC. I think AVC is the first step to Sandbox for monitoring the application's suspicious behavior, so why don't you take one more step to Sandbox.

Find more posts tagged with

Comments

Charyb

Isn't this similar to B-Have?

rootkit

Hello

Let me clarify some things.

Active Virus Control is monitoring the behavior of all running processes. Before execution, every process is executed in a small virtual environment. This will help the module to detect the malware behavior of that software/executable.

This is considered a small sandbox and the process is automatic(as long as ht Active Virus Control is turned on).

You are asking to run files in Sandbox on demand and all the marks made by that file to be redirected to a temporary location without affecting the system. We are aware of this request and it was sent to our developers a few months ago.

Right now, I can't confirm/deny this module in the next iteration of Bitdefender Consumer products. All the data will be made public when the product hits the public beta stage.

Take care.

coolcool1227

Actually I want to suggest that whenever a malicious application or processes are detected by AVC and it display or prompt for what to do, there should be an option to prompt for running the file/process in the Sandbox Mode in that pop-up window.

rootkit

Hello

In that case, the product terminates the process and all further actions are stopped.

What happens if a user is choosing not to run that file in a sandbox?

Take care.

coolcool1227

"Monitoring of application by behavior" should be common in AVC and sandbox. If the application is considered malicious it should prompt for "Allow", "Block" or "Execute in SafeBox".

And would you like to elaborate "the product terminates the process and all further actions are stopped."?

rootkit

Hello

Welcome back!

With that phrase I was referring to the fact that AVC kills all active processes created by the original executable, not only the original one.

In this way, no leftovers will be found in the system.

Take care.