The PeaceMaker Threat detection είναι ένα βοηθητικό πρόγραμμα (kernel-mode utility) που έχει σχεδιαστεί για να ανιχνεύει διάφορους μεθόδους που χρησιμοποιούνται συνήθως από προηγμένες μορφές maliciousυ software.
Compared to a simple antivirus, PeaceMaker targets the techniques commonly used by malware to "catch" it during operation.
In addition, PeaceMaker is designed to provide incredible detail when detecting a malicious technique, allowing for more effective containment and response.
Specifications
- See who codes a process started (stack trace).
- See which code loads an image in a process (stack trace)
- Detect uncharted (hidden) code through common Stack Walking features such as:
- Creation process
- Upload image
- Creating threads
- Detect remote thread creation.
- Detect parental process identity forgery.
- Detect threats in unmatched (hidden) code.
- Block basic breach functions in the GUI client.
- Block file / registry system, record, delete, or perform operations that violate a user-defined filter.
- Detect file / registry, write, delete, or perform functions that violate a user-defined filter.
- Records the source process and stack of operation.
- Filter for known false positives.
Remarkable properties
- Meticulous analysis of the code.
- All crawling routines are in the kernel driver.
- Designed to detect user-mode malware.
- Tested using Driver Verifier standard configuration
- Tested by putting it on my everyday laptop computer and watching for problems (none happened).
Information on installing and using the program, you will find here.
