Component |
Description |
---|---|
Behavior Monitoring Detection Pattern 32/64-bit |
This pattern contains the rules for detecting suspicious threat behavior. |
Behavior Monitoring Core Driver 32/64-bit |
This kernel mode driver monitors system events and passes them to the Behavior Monitoring Core Service for policy enforcement. |
Behavior Monitoring Core Service 32/64-bit |
This user mode service has the following functions:
|
Behavior Monitoring Configuration Pattern |
The Behavior Monitoring Driver uses this pattern to identify normal system events and exclude them from policy enforcement. |
Digital Signature Pattern |
This pattern contains a list of valid digital signatures that are used by the Behavior Monitoring Core Service to determine whether a program responsible for a system event is safe. |
Policy Enforcement Pattern |
The Behavior Monitoring Core Service checks system events against the policies in this pattern. |
Memory Scan Trigger Pattern (32/64-bit) |
Behavior Monitoring uses the Memory Scan Trigger Pattern to identify possible threats after detecting the following operations:
After identifying one of these operations, Behavior Monitoring calls Real-time Scan's Memory Inspection Pattern to check for security risks. For details about the Real-time Scan operations, see Memory Inspection Pattern. |
Damage Recovery Engine |
The Damage Recovery Engine receives system events and backup files before suspicious threats can modify files and perform other malicious behavior. This engine also restores the affected files after it receives a file recovery request. |
Damage Recovery Pattern |
The Damage Recovery Pattern contains policies that are used for monitoring suspicious threat behavior. |
Program Inspection Monitoring Pattern |
The Program Inspection Monitoring Pattern monitors and stores inspection points that are used for Behavior Monitoring. |
Views: