Avast Web Shield
Processes all traffic coming over HTTP and encrypted HTTPS connections, using URL detection algorithms to protect against phishing as well as full content filtering to stop malware.
Analyzes code and binary objects prior to execution, using machine learning and various detection methods, including PE structure analysis, linker analysis, unpacking/de-obfuscation, and similarity, fuzzy, and algorithmic matching. Based on the analysis, our fast and efficient static scanner then characterizes the file as benign or malicious.
Two emulators (one for scripts and one for binary files) protect against zero-day malware and vulnerabilities as well as increasing resilience to malware sample modifications. These provide full emulation of the native computing environment, including a virtual CPU, virtual RAM, and virtual OS together with its subsystems. Features are collected during emulation and malware is then blocked according to our unique rule engine.
Utilizing a full virtual machine, on which a cloned version of the user’s OS tests the suspicious files, DeepScreen uses machine learning algorithms to identify similarities with known malware families. The hypervisor-assisted virtual machine connects to the Avast cloud engine to utilize threat intelligence gathered from our entire user base.
We combine virtualization of suspicious applications and deep instrumentation to see at the high level, as well as at an instruction level, what the examined program is trying to do. Based on an observed behavior model using machine learning algorithms, we are able to identify similarities with known malware families. By peeling off layer by layer with deep dynamic introspection, the generic unpacker component is able to unveil known malware samples that could be hidden in heavily obfuscated and encrypted ones. During this process, our cloud engine utilizes threat intelligence gathered from our entire user base to assess all software samples.
Activates automatically, when needed, to prevent the rarest and most sophisticated malware from infiltrating a user’s system. CyberCapture locks down and submits potentially malicious files, including all the associated metadata, to the clean-room environment of our Avast Threat Labs, while informing the user and keeping him engaged throughout the process. Advanced algorithms and Avast’s experts inspect the suspicious files in this most advanced layer of security. CyberCapture analyzes over 20,000 unique files every day.
Monitors the system for suspicious activities while programs are running. Behavior Shield captures unusual behavior on the device (works on both PCs and Android smartphones) such as attempts to terminate the Windows Update or Firewall services, inject system-level processes, or use the camera without user-initiated activity. Once evaluated as malicious, it is able to automatically stop the activity, undo the operation, and quarantine the objects in question.