From eScan Wiki
Revision as of 10:28, 17 September 2010 WikiSysop (Talk | contribs) ← Previous diff |
Revision as of 10:45, 14 October 2010 WikiSysop (Talk | contribs) Next diff → |
||
Line 1: | Line 1: | ||
- | {| class="wikitable" border="0" | ||
- | {| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;" | ||
- | | style="width:56%; color:#000;" | | ||
- | {| style="width:280px; border:none; background:none;" | ||
- | | [[Image:Escan_wikipedia.jpg|left|<!--We add confidence to computing-->]] | ||
- | |} | ||
- | |width="1000pt" style="width:11%; font-size:95%;" white-space:nowrap;| | ||
- | <B><p> General</p></B> | ||
- | * [[Main Page|<font color="blue">Home</font>]] | ||
- | * [[Marketing|<font color="blue">Marketing</font>]] | ||
- | * [[Events|<font color="blue">Events</font>]] | ||
- | * [[Marketing/Advertisement|<font color="blue">Advertisement</font>]] | ||
- | * [[Escan/english/Security_Awareness|<font color="blue">Security Awareness</font>]] | ||
- | |width="1000pt" style="width:11%; font-size:95%; white-space:nowrap;" | | ||
- | <B><p> Knowledgebase</p></B> | ||
- | * [[Technical Info|<font color="blue">Technical Information</font>]] | ||
- | * [[Beta Testing|<font color="blue">Beta Testing</font>]] | ||
- | * [[Release Candidate|<font color="blue">Release Candidate</font>]] | ||
- | * [[User Guide|<font color="blue">User Guides</font>]] | ||
- | * [[Escan/english/Technologies|<font color="blue">Technologies</font>]] | ||
- | |width="1000pt" style="width:11%; font-size:95%;white-space:nowrap;" | | ||
- | <B><p> Support</p></B> | ||
- | * [[EMail|<font color="blue">eMail</font>]] | ||
- | * [[Online Chat|<font color="blue">Online Chat</font>]] | ||
- | * [[Telephonic Support|<font color="blue">Telephone</font>]] | ||
- | * [[Remote Support|<font color="blue">Remote Support</font>]] | ||
- | * [[Forums|<font color="blue">Forums</font>]] | ||
- | |} | ||
{| class="wikitable" border="0" | {| class="wikitable" border="0" | ||
|} | |} |
Revision as of 10:45, 14 October 2010
| · Articles · FAQ · Troubleshooting | · Technical Information - Main Page |
Host Intrusion Prevention System (HIPS) Technology |
|
OverviewUsually, Anti-Virus and malware detection programs detect malware only after the computers on which they are running are infected. A majority of these programs use a signature-based approach for detecting malware. This implies that such programs can detect only those malware for which they have the virus definitions and signatures. This may often create problems when a new malicious program is released in the wild. In such cases, eScan’s HIPS technology proves to be highly effective.
DescriptionHow HIPS Works? The HIPS technology comes with an array of intrusion detection and prevention capabilities. It monitors processes that are running on the user’s computer, installation of software, and installation or removal of software drivers for suspicious activities. An example of a suspicious activity is the injection of code into a running process by another process. In addition, HIPS inspects the network traffic for malware. HIPS monitors and verifies the behavior, state, and the stored information on a computer. It maintains a database of system objects, which contains information about the attributes of each object. It also creates a checksum database, which is a secure database that stores the checksum information for each object. In addition, it creates vtables to store information about the regions of memory that have not yet been used or modified. The HIPS technology can be used at the network level to procure information about the IP address of the attacking computer and details of the attack. This may include the type and contents of the data packet used for the attack. Whenever a system object changes, HIPS updates its databases. However, if the number of objects is large, HIPS monitors information such as, the file attributes, file size, and date to ensure that unusual events do not take place. When it detects a potential threat, HIPS alerts the user, blocks the suspicious activities based on user’s input, and stores the report of the activity in a log file.
Benefits of HIPSThe following are some of the benefits of the HIPS technology:
SummaryIn this article, you learnt more about the HIPS technology. You also learnt how eScan uses it to protect computers from potential and unknown security threats.
|