|
Component |
Description |
|---|---|
|
Behavior Monitoring Detection Pattern 32/64-bit |
This pattern contains the rules for detecting suspicious threat behavior. |
|
Behavior Monitoring Core Driver 32/64-bit |
This kernel mode driver monitors system events and passes them to the Behavior Monitoring Core Service for policy enforcement. |
|
Behavior Monitoring Core Service 32/64-bit |
This user mode service has the following functions:
|
|
Behavior Monitoring Configuration Pattern |
The Behavior Monitoring Driver uses this pattern to identify normal system events and exclude them from policy enforcement. |
|
Digital Signature Pattern |
This pattern contains a list of valid digital signatures that are used by the Behavior Monitoring Core Service to determine whether a program responsible for a system event is safe. |
|
Policy Enforcement Pattern |
The Behavior Monitoring Core Service checks system events against the policies in this pattern. |
|
Memory Scan Trigger Pattern (32/64-bit) |
Behavior Monitoring uses the Memory Scan Trigger Pattern to identify possible threats after detecting the following operations:
After identifying one of these operations, Behavior Monitoring calls Real-time Scan's Memory Inspection Pattern to check for security risks. For details about the Real-time Scan operations, see Memory Inspection Pattern. |
|
Damage Recovery Pattern |
The Damage Recovery Pattern contains policies that are used for monitoring suspicious threat behavior. |
|
Program Inspection Monitoring Pattern |
The Program Inspection Monitoring Pattern monitors and stores inspection points that are used for Behavior Monitoring. |
Views: