Personal computers protection

Corporate networks protection

Technologies

Technology sale

User manual

Comments

Independent tests

Proactive protection technology

Safe’n’Sec technology is based on intercepting and intellectual analysis of system calls at the operation system level.

System Interceptor is among the first processes to load and builds into the chain of system calls working at the operation system level.

System Interceptor intercepts all system calls of applications and transfers all the information about the system call and application to iTrust Engine - application identification module.

iTrust Engine identifies application according to its unique characteristics disregarding of the application or the operation system version and transfers all information to Rules Engine, the rules control module.

Rules Engine examines the potential maliciousness of the application’s action and transfers the inquiry to Intelligent Decision Maker, the decision making module.

Intelligent Decision Maker analyses requests for the action execution regarding the sequence of actions, their number, periodicity, and reiteration, and then gives the command to System Interceptor.

System Interceptor either blocks denied calls or allows execution of safe calls at the system level.

Safe’n’Sec technology is based on system calls intercepting at the operation system level. At the operation system startup System Interceptor is among the first processes to load as a kernel extension module and builds in the chain of system calls. This allows Safe’n’Sec to intercept system calls of all applications and, if necessary, to block (deny) access to system resources. If System Interceptor gets the command to allow access, the call is transferred into the operation system kernel for further execution.

To analyze information and make a decision System Interceptor transfers full information about the system call and the application that generated this call to iTrust Engine, applications identification module. Correct identification is required to differ the activities of malicious software from the actions of normal user applications.

Applications are identified by their unique characteristics, such as current location on the hard disk, current digital certificate, set of modules, etc., disregarding of the application or the operation system version. Application List contains a list of trusted applications, for example MS Office, system utilities and Windows services, graphic packages etc., which were reliably identified. iTrust technology allows significantly reducing the number of false alarms while Saqfe’n’Sec running. For example, Windows Update downloads a regular update into a temporary folder, starts update installation, rewrites some system files, and makes changes in the system registry. Indeed, the order of these actions seems like those of a virus. However, Safe’n’Sec allows these actions as it has identification properties of this application. But another application pretending to be Windows Update (that uses, for example, the same application name or is located in the same place on the hard drive) will be blocked.

Then the call is processed by Rules Engine, rules management module. The Rules & Policies database contains all possibly dangerous activities of applications, such as deleting system files, unauthorized access to user data, changing the operation system settings, etc. A set of such rules and actions (block/allow/ ask user, etc.) constitutes the activity control policy. There are several activity control policies depending on the user needs. If the call corresponds to one of the rules, Rules Engine makes a decision about the action which should be implemented according to the set policy and then the call is transferred to the next module for the final decision.

The data arriving to Intelligent Decision Maker are analyzed regarding the Activity History of the application. The Activity History records the actions of all earlier analyzed applications which were not enough to make the decision about the activity maliciousness.

The Intelligent Decision Maker makes appropriate decisions based on the sequence of activities, their number, periodicity, and reiteration. Let us consider the actions that occur in the system, for example, during the spread of network worm. If we analyze each worm’s action separately, seems there is no reason to block its activity: a file is downloaded from the Internet, is executed, the process opens the Outlook address book and sends emails. However if we analyze the entire order of these actions, the application looks malicious. Having collected and analyzed these data, Intelligent Decision Maker can make a decision to block the activity of a network worm without annoying the user with multiple requests to confirm blocking.

Other systems notify system administrators that “Application А opened the address book” or “The application was downloaded from the Internet and being executed”, and each of these messages must be analyzed to make a decision whether it’s an attack or a normal behavior.
Intelligent Decision Maker collects data on application actions from other Safe’n’Sec modules such as the application identification data from iTrust Engine, conclusion about the action performed from Rules Engine, and the application activity history from Activity History. This information is used to make a final decision whether to allow or deny the call. Then System Interceptor either blocks denied calls or allows execution of safe calls at the system level.

How Safe’n’Sec Intrusion prevention system can secure your computer?

Safe’n’Sec family of products is based on the technology of applications behavior analysis and control and is highly efficient in solving the following tasks:

Confidentiality – significant part of information stored in you PC, such as passwords, your private files or personal data etc., can be used by internet-swindlers. Managers and company owners who keep commercial and state secrets face the problem of efficient protection of access to secret internal data which becomes more and more relevant in competitive struggle. The consequences of information drain become more and more dangerous for the whole business.

This data (information) is under threat when special keylogging programs are secretly started up or when hackers get remote access to your PC. Safe’n’Sec protects your computer from such malware intrusion – your confidential info is protected!

Integrity – while working on your PC you save important documents and often do not even think about constant threat to integrity of this data. But system data integrity is the main factor of efficient computer functioning, and your personal data integrity is the main requirement to computer security systems. Threat to data integrity appears when PC is infected by viruses and other malware which activity may cause software, documents and files damage and loss. Using Safe’n’Sec you can be absolutely sure in integrity of any data on your PC!

Reliability of protection is provided by combating all types of threats, known and NEW/UNKNOWN. Besides, protecting computer environment Safe’n’Sec integrated security system protects itself from unloading. As soon as Safe’n’Sec detects some application trying to unload the program from OS it immediately blocks the dangerous application.

Efficiency of your computer running is provided by efficient usage of system resources and preventing dangerous imprudent actions of novice users through activity control rules. Safe’n’Sec solutions occupy minimum HDD and use no more than 3% computer resources as they do not depend on antivirus updates.

Mobility – while traveling with your laptop you need reliable protection in absence of regular antivirus updates. Threat to data security and integrity is caused by alien webs usage and absence of guaranteed antivirus updates. In such cases there is extremely difficult to fix the faults. Safe’n’Sec simply excludes such situation.