Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Generation of AntiVirus Software for Workstation

Dear Members,


What will be your expected protection feature(s) in New Generation AntiVirus?


Please correct me if I am wrong... 


Scanning Object (known Virus Signature) and Sending Object (Potential Malicious) to Sandbox test did not provide a Comfortable Security level for End-Point-Protection.


I would like to have features as below (monitoring the Malware Behaviour and Objective via the Approach from Web Application Protection, Digital Forensic, Malware Analysis):-


Monitor the activities of browser - alert Malicious Traffic, Re-Direct, XSS, Keylogger...(Do not expect Web Application Developers to take all responsibilities to protect their Users); alert access to Malicious Web Site (Should verify the Web Site from blacklist in Cloud); Double check the Digital Signature of the Web Site (avoid MITM - request a product in Cloud to verify one more time)...


Monitor Parent and Child Process - alert any Background task and or Network connection and or storage...


Data Acquisition on potential attack target file and registry - alert on change...


Computer Activity Summary Report


Please share your view and comment (expected feature) on handling the UNKNOWN...


Thanks, Joseph

1 Reply
Viewer II

Hi Joseph,

Full disclosure - I work for Cylance ( as a system engineer. the AV/ NGAV space is probably the most congested of all technology solutions out there with at least 60+ vendors fighting for market share. Before I joined Cylance over 1 year ago I worked for security integrators in the UK and reviewed the majority of NGAV offerings and the reason I joined Cylance is because I found Cylance to be using a groundbreaking, revolutionary approach that I feel could change the way AV works going forward. 


As you say, you want to know how to protect against unknown... in short, malware has become a big data problem which is why Cylance uses machine learning techniques to predict whether a never seen before file is bad based upon previously learned analysis. In truth, everyone has upped their game in catching something quicker than they would have done with just a signature (known bad) but like sandboxing, almost all have the problem of patient-0. 


I'm not a sales guy but I can speak about my experience to help you make an informed choice/ shortlist. Let me know how else I can help.


Patrick Bayle CISSP