New in 2023.7: Improved detection of script-based malware

  • July 3, 2023
  • 2 min read

Most malware runs as standalone processes. When a detection happens, these threats are easy to detect and to remediate: active processes are terminated and the related executable files are quarantined.

However, it is increasingly common for malware to avoid using executable files and instead leverage legitimate software processes to run malicious payloads. The idea behind these script-based approaches is that if there is no file on the disk, there is nothing security solutions can detect and remove. Additionally, the attackers hope that by using built-in Windows applications or the processes of trusted third party programs, they will be able to avoid security solutions creating alerts or, at least, be missed among the numerous other running processes.

This why we believe it’s critical to visually separate script interpreters and potential host processes from the actual malicious payload. With this month’s release, we’re doing exactly that, and the Incidents panel is now grouped by unique threats rather just by unique processes/programs.

Incidents list with script malware

In addition to making threats easier to identify, this will also help ensure that important applications are not quarantined simply because they were misused by threat actors.

Additionally, our development team has enhanced the Incidents details panel with a new drill-down feature for timeline events, making it easier and less time-consuming to perform deep investigation alerts. The execution history will also highlight any process instances that were alerted by any of the Emsisoft real-time protection layers and indicate their severity through different coloring.

Process list at execution tree

 

Device protection (desktop)

Management console (web app)

How to obtain the new version

So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Note to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next