Most malware runs as standalone processes. When a detection happens, these threats are easy to detect and to remediate: active processes are terminated and the related executable files are quarantined.
However, it is increasingly common for malware to avoid using executable files and instead leverage legitimate software processes to run malicious payloads. The idea behind these script-based approaches is that if there is no file on the disk, there is nothing security solutions can detect and remove. Additionally, the attackers hope that by using built-in Windows applications or the processes of trusted third party programs, they will be able to avoid security solutions creating alerts or, at least, be missed among the numerous other running processes.
This why we believe it’s critical to visually separate script interpreters and potential host processes from the actual malicious payload. With this month’s release, we’re doing exactly that, and the Incidents panel is now grouped by unique threats rather just by unique processes/programs.
In addition to making threats easier to identify, this will also help ensure that important applications are not quarantined simply because they were misused by threat actors.
Additionally, our development team has enhanced the Incidents details panel with a new drill-down feature for timeline events, making it easier and less time-consuming to perform deep investigation alerts. The execution history will also highlight any process instances that were alerted by any of the Emsisoft real-time protection layers and indicate their severity through different coloring.
Device protection (desktop)
- Improved detection of script-based malware.
- Improved error handling and software stability.
- Several other minor tweaks and fixes.
Management console (web app)
- Improved Incidents list with clear separation of script interpreter/host processes and malicious payload.
- Improved Incidents details panel with new drill-down functionality for the threat timeline and highlighting of severity in execution trees.
- Several minor tweaks and fixes.
How to obtain the new version
So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.
Emsisoft Endpoint Protection: Award-Winning Security Made SimpleExperience effortless next-gen technology. Start Free Trial
Note to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.