PeaceMaker Threat Detection is a kernel-mode utility designed to detect various methods commonly used by advanced forms of malware.
Compared to a simple antivirus, το PeaceMaker στοχεύει τις τεχνικές που συνήθως χρησιμοποιεί το κακόβουλο λογισμικό για να το”πιάσει” κατά τη λειτουργία του.
In addition, PeaceMaker is designed to provide incredible detail when detecting a malicious technique, allowing for more effective containment and response.
Specifications
- See which code started a process (stack trace).
- See which code loads an image in a process (stack trace)
- Detect uncharted (hidden) code through common Stack Walking features such as:
- Creation process
- Upload image
- Creating threads
- Detect remote thread creation.
- Detect parental process identity forgery.
- Detect threats in unmatched (hidden) code.
- Block basic breach functions in the GUI client.
- System lockout files/register, write, delete, or perform operations that violate a user-defined filter.
- Detect file / registry, write, delete, or perform functions that violate a user-defined filter.
- Records the source process and stack of operation.
- Filter for known false positives.
Remarkable properties
- Meticulous analysis of the code.
- All routines detections are in the kernel driver.
- Designed to detect user-mode malware.
- Tested using Driver Verifier standard configuration
- Tried putting it on my daily laptop and watching for problems (nothing happened).
Information about installation and use of the program, you will find here.