eScan BlogeScan Blog    eScan WebsiteeScan Website    eScan ForumeScan Forum    eScan FeedseScan Feeds     
    
Languages:     

From eScan Wiki

Revision as of 10:45, 14 October 2010; view current revision
←Older revision | Newer revision→
Jump to: navigation, search
Image:escan-g.jpg
· Articles  · FAQ  · Troubleshooting   · Technical Information - Main Page
Host Intrusion Prevention System (HIPS) Technology

Contents


Overview

Usually, Anti-Virus and malware detection programs detect malware only after the computers on which they are running are infected. A majority of these programs use a signature-based approach for detecting malware. This implies that such programs can detect only those malware for which they have the virus definitions and signatures. This may often create problems when a new malicious program is released in the wild. In such cases, eScan’s HIPS technology proves to be highly effective.


Description

How HIPS Works?

The HIPS technology comes with an array of intrusion detection and prevention capabilities. It monitors processes that are running on the user’s computer, installation of software, and installation or removal of software drivers for suspicious activities. An example of a suspicious activity is the injection of code into a running process by another process. In addition, HIPS inspects the network traffic for malware.

HIPS monitors and verifies the behavior, state, and the stored information on a computer. It maintains a database of system objects, which contains information about the attributes of each object. It also creates a checksum database, which is a secure database that stores the checksum information for each object. In addition, it creates vtables to store information about the regions of memory that have not yet been used or modified.

The HIPS technology can be used at the network level to procure information about the IP address of the attacking computer and details of the attack. This may include the type and contents of the data packet used for the attack.

Whenever a system object changes, HIPS updates its databases. However, if the number of objects is large, HIPS monitors information such as, the file attributes, file size, and date to ensure that unusual events do not take place. When it detects a potential threat, HIPS alerts the user, blocks the suspicious activities based on user’s input, and stores the report of the activity in a log file.


Benefits of HIPS

The following are some of the benefits of the HIPS technology:

  1. It helps you block behavior-based attacks by malware or hackers on a real-time basis.
  2. It helps to eliminate zero-day attacks.
  3. It provides protection against buffer-overflows.
  4. It provides protection from attacks that bypass the security provided by firewall and content security programs.
  5. It protects operating system files and registry keys from modification by malware.
  6. It prevents unauthorized code from executing on the computer.


Summary

In this article, you learnt more about the HIPS technology. You also learnt how eScan uses it to protect computers from potential and unknown security threats.


Return to Technologies

Retrieved from "https://wiki.escanav.com/wiki/index.php/Escan/english/HIPS"

eScan Copyright © 2015 MicroWorld Technologies Inc.- AntiVirus & Content Security.       Send your feedback to solutions@escanav.com eScan Wiki

    Privacy policy  About eScan Wiki  Disclaimers