SafenSoft: proactive protection against malware and insider threats

Tel.: + 7 (495) 967-14-51   |   Contacts   |   Site map
 
 
Products
eStore
Downloads
Support
Partners
Company

How it works

 Index |   << PreviousNext >>

The main purpose of the SafenSoft SysWatch protection system is to preserve the integrity of the operating system and all its components as installed at the original build, as well as applications installed at a later date.

 

Immediately after installation, SafenSoft SysWatch activates in Simple Mode, which provides control over the launch of unknown applications. Simple Mode is based on the detection of new executable modules in the system. The decision as to whether to allow the new application to launch is made based on the degree of confidence in the unknown application and on internal SafenSoft SysWatch logic regarding executable modules.

 

To reduce the number of alerts on unknown application launches, and for more effective protection, SafenSoft SysWatch carries out an automatic adjustment the first time it is run, creating the basic System Profile. After the automatic adjustment is successfully completed, SafenSoft SysWatch activates the Extended Mode.

 

Unknown applications (applications that are not included in the System Profile) may be launched and activated only in a secure environment (sandbox), during the current operating system session, and only if the application is launched by the authorized user of the system. Only the authorized user may determine whether to add a new application to the System Profile as a trusted application, launching it in Install Mode.

 

Trusted applications that are potentially dangerous (web browsers, instant messengers, and P2P clients, for example), can be launched in a sandbox. To launch potentially dangerous applications with restrictions, the Execution Conditions can be changed in the Application Properties window.

When the user attempts to launch a new application, SafenSoft SysWatch issues a notification that the application is unknown and offers the following options:

 

Execute Application. The application is launched in a secure environment (sanbox) and allowed to load additional executable modules not present in the system profile.  If the application is malicious, it will still be allowed to execute, even to install additional components into the operating system. But when the system is restarted, the malware will be unable to execute as it is not present in the System Profile, thus preventing any damage or the transmission of infective code.

 

Run in Install Mode. In this case, SafenSoft SysWatch registers all the new components installed by the application in the System Profile. The application and its components are granted rights to start in future.

 

Block Application.

 

 

By default, only those modules that reside on a local hard drive are included in the System Profile. Those executable modules distributed as application resources, archives, and the like will not be registered initially. In order for such applications to work properly, they should be launched them in Install Mode - applications and all their components are considered safe and added to the System Profile.

© SafenSoft, 2004-2011. All rights are reserved. License Agreement | Press Center | Awards | Contacts | Search | Site map | RSS

Host-based Intrusion Prevention System (HIPS) | The best virus protection | Application whitelisting | Application Integrity Control | Comprehensive Malware Protection | Application protection | Windows Startup / Registry Protection