![Execution Prevention Execution Prevention](https://privacy.blackfog.com/wp-content/uploads/2019/12/ExecutionPrevention.png)
BlackFog 4.2 offers a new feature called “execution prevention” within the settings. This option provides a new technique for preventing malware execution.
Typically, organizations and previous editions of BlackFog utilized a whitelisting approach, whereby execution of rogue malware was prevented by blocking execution in specific directories such as temporary folders or application data directories. Whilst very effective at preventing malware, the downside was that many legitimate applications often used these locations as well. Even though this is against guidelines, companies such as Google and Microsoft’s own applications sometimes used this method, meaning that when you installed a new application that used these directories you had to whitelist the files. Users found this to be invasive so we decided to develop a new approach.
We have eliminated whitelisting in favor of process monitoring and application validation. This is a behavioral technique for detecting malicious activity. The principle behind this technique is that malware often masquerades as other applications, spawns from system processes and executes in certain ways. In these scenarios we introspect all of the processes to see if they are being hijacked, replicated or simply spoofed. As with the data exfiltration rules, this is done in real-time.
Ultimately this will lead to less false positives and ensure more accurate protection than whitelisting can ever provide. In addition, this will protect execution across the entire device rather than specific directories.
Related Posts
The 5 Biggest Ransomware Attacks of 2024
Cybersecurity was still very much dominated by ransomware attacks in 2024. In this article we look back at five of the most notable incidents of the year.
BlackFog and Carahsoft Partner to Enhance Ransomware Protection in the Public Sector
BlackFog partners with Carahsoft to bring AI-powered ransomware protection to government agencies, enhancing Public Sector cybersecurity.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
Data Leakage Protection: Don’t Let Your Data Slip Away
Data is the most valuable asset today's businesses possess - and volumes are growing all the time. In this article we look at what data loss prevention means heading into 2025 and what should firms be doing to improve their capabilities?
Compliance as a Service (CaaS) Explained in Simple Terms
Find out how compliance as a service (CaaS) makes tackling regulatory challenges like HIPAA, GDPR, and PCI easy.
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.