What is “Behavioral Analysis?
” Behavioral analysis or behavior blocking is not a new idea, and in fact, some security companies adopted the approach in the early 1990s in response to the sharp rise in number of viruses that threatened to overwhelm anti-virus researchers. It works from a set of established rules that define a program as either legitimate, or malicious – a virus, worm or Trojan. If the analyzed code breaks one of the legitimate rules or fits into a pre-defined profile established as “malicious,” the code or application is flagged as a threat. As traditional signature-based anti-virus scanning technology examines applications and code for a particular “signature” or pre-existing strain that has been discovered by anti-virus researchers, behavioral analysis technology monitors what an application or piece of code does and attempts to restrict its action. Examples of this might include applications trying to write to certain parts of a system registry, or writing to pre-defined folders. These and other
