combm
This pattern contains the rules for detecting suspicious threat behavior.
This kernel mode driver monitors system events and passes them to the Behavior Monitoring Core Service for policy enforcement.
This user mode service has the following functions:
Provides rootkit detection
Regulates access to external devices
Protects files, registry keys, and services
The Behavior Monitoring Driver uses this pattern to identify normal system events and exclude them from policy enforcement.
This pattern contains a list of valid digital signatures that are used by the Behavior Monitoring Core Service to determine whether a program responsible for a system event is safe.
The Behavior Monitoring Core Service checks system events against the policies in this pattern.
See also: