Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Does IS360 have a HIPS?

captainron

By captainron
in IObit Security 360

Recommended Posts

solbjerg Newbie

solbjerg

Posted
Posted

Hi captainron

I suppose you mean Host Intrusion Prevention/Protection System

And yes - if you take a look in the settings/options you will discover that you have the opportunity to activate the "DOG" protection

http://forums.iobit.com/attachment.php?attachmentid=5856&stc=1&d=1282551714

If you follow the threads about IS360 you will see that it often finds some false positives - this is an indication (especially in the high detection setting) that it uses a heuristic approach also - if this is chosen.

Welcome to the forum!

Cheers

solbjerg

 

Is it a pure signature engine or can it analyze behavior and/or executable characteristics?
Link to comment
Share on other sites
captainron Newbie

captainron

Posted
  • Author
Posted

I'd be interested in how it does with binaries that have custom obfuscation that hides code and IAT and no signature match. Also detects AV and sandbox DLLs and Drivers. Even ones under that same scenerio that come in through a dropper that uses remote code execution on a SYSTEM level process.

 

It'd be cool to keep a encrypted database of new binaries through file system monitoring and doing behavioral analysis on them till they've executed a couple times then purge them. Just don't reveal the AV presence like sanboxie and other AVs do with DLLs.

Link to comment
Share on other sites
solbjerg Newbie

solbjerg

Posted
Posted

Hi ron

I too doubt that IObit will divulge the inner workings of their programs :-)

Cheers

solbjerg

 

I'd be interested in how it does with binaries that have custom obfuscation that hides code and IAT and no signature match. Also detects AV and sandbox DLLs and Drivers. Even ones under that same scenerio that come in through a dropper that uses remote code execution on a SYSTEM level process.

 

It'd be cool to keep a encrypted database of new binaries through file system monitoring and doing behavioral analysis on them till they've executed a couple times then purge them. Just don't reveal the AV presence like sanboxie and other AVs do with DLLs.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...