|
Component
|
Description
|
|
Behavior Monitoring Detection Pattern 32/64-bit
|
This pattern contains the rules for detecting suspicious threat behavior.
|
|
Behavior Monitoring Core Driver 32/64-bit
|
This kernel mode driver monitors system events and passes them to the Behavior Monitoring
Core Service for policy enforcement.
|
|
Behavior Monitoring Core Service 32/64-bit
|
This user mode service has the following functions:
|
|
Behavior Monitoring Configuration Pattern
|
The Behavior Monitoring Driver uses this pattern to identify normal system events
and exclude them from policy enforcement.
|
|
Digital Signature Pattern
|
This pattern contains a list of valid digital signatures that are used by the Behavior
Monitoring Core Service to determine whether a program responsible for a system event
is safe.
|
|
Policy Enforcement Pattern
|
The Behavior Monitoring Core Service checks system events against the policies in
this pattern.
|
|
Memory Scan Trigger Pattern (32/64-bit)
|
Behavior Monitoring uses the Memory Scan Trigger
Pattern to identify possible threats after detecting the following operations:
After identifying one of these
operations, Behavior Monitoring calls Real-time
Scan's Memory Inspection Pattern to check for
security risks.
For details about the Real-time
Scan operations, see Memory Inspection Pattern.
|
|
Damage Recovery Engine
|
The Damage Recovery Engine receives system events and backup
files before suspicious threats can modify files and perform other malicious behavior.
This
engine also restores the affected files after it receives a file recovery request.
|
|
Damage Recovery Pattern
|
The Damage Recovery Pattern contains policies that are used for monitoring suspicious
threat behavior.
|
|
Program Inspection Monitoring Pattern
|
The Program Inspection Monitoring Pattern monitors and stores inspection points that
are used for Behavior Monitoring.
|
Views:
Keywords: Memory Scan Trigger Pattern