In order to perform these functions and protect the workstation, antivirus software requires the highest level of system privileges, particularly to combat any malicious software that might try to remove the antivirus or interrupt kernel-level system calls as part of its attack kill-chain. Monitoring changes in the sandbox allows the antivirus software to make a determination of whether the suspicious process is safe to execute on the host system or if the process is deemed unsafe and should be deleted or quarantined. Emulators use sandboxed virtual machines to test run suspicious or encrypted executables. Heuristic scanning monitors all processes and establishes baselines for a workstation’s patterns of behavior in order to detect deviations from those baselines. File scanning leverages full content inspection in order to detect malicious code in files downloaded, emailed, or transferred to the computer. Antivirus solutions have become a default part of cyber hygiene at the workstation level, though security experts recommend antivirus software be deployed alongside a full security stack to more robustly protect the network, a practice referred to as layered security or “defense-indepth.”Īntivirus solutions usually employ one or more of three signature detection methods: file scanning, heuristics, and emulation. Many organizations deploy antivirus software solutions to user workstations as a base layer of security to detect and remove the most common threats, including Trojans, malware, worms, and adware. It also addresses specific risks presented by Kaspersky-branded products, solutions, and services (collectively, “Kaspersky-branded products”). This assessment presents the inherent information security concerns and security ramifications associated with the use of any commercial-off-the-shelf (COTS) antivirus solution in devices with access to a federal network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |