Prevention Policy Settings Flashcards
- Application Exploitation Activity
- Chopper Webshell
- Drive-by Download
- Code Injection
- Javascript Execution via Rundll
Behavior-Based Prevention-Exploitation Behavior
Cloud Anti-Malware (for online hosts)
- Cautious
- Moderate
- Aggressive
- Extra Aggressive
NGAV - Cloud Machine Learning
- Windows Logon Bypass
2. Credential Dumping
Behavior-Based Lateral Movement and Credential Access
- Notify End Users
- Unknown exe
- Unknown Detection related exe
Mac Only Sensor Capabilities
- Notify End Users
- Unknown exe
- Unknown Detection related exe
- Sensor Tampering Protection
Windows Only Sensor Capabilities
Script-Based execution monitoring
Mac Only - Sensor Visibility - Enhanced Visibility
- Sensor Anti-Malware (Cautious, Mod, Agg, XAgg)
2. Adware & PUP
NGAV - Sensor Machine Learning
- Custom Blocking
- Suspicious Porcesses
- Intel Sourced Threats
Mac- Malware Protection - Execution Blocking
- kcpassword
2. hash collector
Mac - Behavior-Based Prevention - Credential Dumping Tools
- XPCOM Shell
- Chopper webshell
- Empyre backdoor
Mac - Behavior-Based Prevention - Unauthorized Remote Access IOAs
- AUMD - Additional User Mode Data
- Interpreter Only
- Engine (Full Visibility) - Req. #2
- Script-Base exe monitoring
- HTTP Detections
- Redact HTTP Detection Details
Sensor Visibility - Enhanced Visibility
- Custom Blocking (IOC Mgmt)
- Suspicious Processes
- Suspicious Scripts & Commands
- Intel Sources Threats
- Suspicious Kernel Drivers
Malware Protection - Execution Blocking
- Force ASLR
- Force DEP
- Heap Spray Preallocation
- NULL Page Allocation
- SEH Overwrite Protection
Behavior-Based Prevention - Exploit Mitigation
- Backup Deletion
- Cryptowall
- File Encryption
- Locky
- File System Access
Behavior-Based Prevention - Ransomware
- Custom Blocking
2. Suspicious Processes
Malware Protection - Execution Blocking
