Our proprietary, cloud-based CyberCapture technology, available in every tier of Avast Business Antivirus, detects morphed, yet unknown files, in real-time and protects you from zero-second attacks. CyberCapture provides a competitive advantage against threats and a front-line defense for zero-day attacks.

The competitive advantage

CyberCapture is unique due to the variety, type, and volume of new malware it can continually identify. It is constantly gathering intelligence on new viruses, analyzing over 10,000 new files each day to protect businesses and their end users against the latest threats.

This means it continues to organically improve as it is used and will continue to demonstrate increased performance.

Let’s take a closer look at CyberCapture.

What is CyberCapture?

CyberCapture is a cloud-based, smart, file scanner feature in Avast Business Antivirus products. It detects and analyzes rare, suspicious files. If you attempt to run a suspicious file, CyberCapture will lock the file from your PC and send it to our Avast Threat Lab where it will be analyzed in a safe, virtual environment.

What conditions trigger CyberCapture?

CyberCapture is triggered when you run or download suspicious files from the Internet that CyberCapture has not previously encountered.

How does CyberCapture work?

CyberCapture works by seizing, or ‘capturing,’ any low prevalent or low reputation files – files that have not been seen by users – for deeper analysis in a safe cloud environment.

If a user downloads a suspicious file from the Internet and, according to our Avast threat database, it has never been seen before by any of our users, it will be put into an isolated environment where it can be observed and behavioral data will be collected. Before the user can run the suspicious file, CyberCapture locks the file from the PC and sends it to our Avast Threat Lab for analysis.

How are suspicious files analyzed?

Rather than relying on the latest virus definition updates, CyberCapture immediately isolates suspicious files in a safe environment and automatically establishes a two-way communication channel between the user and our Avast Threat Lab for analysis. Files are uploaded via an encrypted connection for privacy and to ensure hackers cannot access the files.

To analyze and fully dissect the file, we clear away the malware creator’s false code and misdirection to observe the binary level commands inside the malware and understand the instructions hidden there.

What happens after the initial analysis?

The analysis process typically takes 5-10 minutes. In certain cases, it will not be possible for our detection engines to make a reliable decision about the files and our experienced Avast Threat Lab analysts will manually analyze the file. If manual testing is required, it may take up to two hours.

During that time, the file is still contained in the “capture” stage and cannot cause any harm. Once the analysis is complete, the user is notified about the result and the file is either quarantined or determined safe and released from the capture and allowed to run.