Modern antivirus solutions go beyond simple pattern matching and apply generic and heuristic techniques when looking for threats. In fact, the best antivirus engines provide multiple methods for identifying known and unknown threats. Symantec’s file-based protection is one such technology.
Although it is the most mature of our protection technologies, STAR continues to invest in and drive innovation to our file-based security to keep current with the latest developments on the threat landscape.
These three components form the core of our file-based protection technology:
Symantec's unique scanning engine is broadly deployed on over 350 million machines. It is a stable, high-performance security technology providing advanced detection against the latest threats. The engine is frequently updated in the field via LiveUpdate to seamlessly respond to new threats.
Symantec’s real-time file scanner detects threats being written to or from a file system. Written at the kernel level, Auto Protect is a high-performance and low-footprint scanning engine that protects against the latest threats while staying out of the user's way.
Malheur & Bloodhound
Heuristics-based protection in file-scanning technology, Malheur & Bloodhound signatures can detect unknown malware based on file attributes and attempts to exploit vulnerabilities.
A Deeper Dive into Features
Each of the following sections describes a file-based technology feature that is intrinsic to the three core components explained above.
Broad File Support
Compressed files and files embedded inside other files are among the broad set of file types that can be examined for hidden malware. Supported file types include:
DOC, .DOT, .PPT, .PPS, .XLA, .XLS, .XLT, .WIZ, .SDW, .VOR, .VSS, .VST, .AC_, .ADP, .APR, .DB, .MSC, .MSI, .MTW, .OPT, .PUB, .SOU, .SPO, .VSD, .WPS, .MSG ZIP, .DOCX, .DOCM, .DOTX, .DOTM, .PPTX, .PPTM, .PPSX, .PPSM, .XLSX, .XLSB, .XLSM, .XLTX, .XLTM, .XLAM, .XPS, .POTX, .POTM, .ODT, .OTT, .STW, .SXW, .eml, .MME, .B64, .MPA, ,AMG, .ARJ, .CAB, .XSN, .GZ, .LHA, .SHS, .RAR, .RFT, .TAR, .DAT, .ACE, .PDF, .TXT, .HQX. .MBOZ, .UUE, .MB3, .AS, .BZ2, .ZIP, .ZIPX
Identifies malware obfuscated with packer technology. The Unpacker Engine can:
- Decompresses effected executable files.
- Unpack hundreds of distinct packer families.