Norman Exploit Detection is another of Norman's proactive technologies to protect against new and unknown malware.
One of the increasingly more common ways for malware to infect computers is to utilize vulnerabilites in popular applications and file formats. Such vulnerabilities are exploited by malicious program code.
There are several methods to detect such malware, f.ex.:
- Signature-based detection, which require that a particular piece of malware is analyzed and its signature added to an antivirus vendor's virus detection files (traditional technology).
- Emulation technology that lets the program run in a protected environment to see if the program performs "suspicious" operations. Norman SandBox technology is an example of this.
- Detection of program code that in some way utilizes the particular vulnerability.
- Detection of program code that performs actions, which is not what one should have expected by legitimate program code.
Norman Exploit Detection is an example of 4 t- o some extent combined with 1 - as the technology looks for special actions that are often associated with exploits.
It is a different technology than our SandBox technology, but may use the SandBox f.ex. to decompress certain obfusicated file formats.