Files are the most common place in which malware occurs. Whether mass distribution or targeted attack, the malicious code must be transferred by the attacker and files are the easiest way to do so. To do so, attackers use a wide variety of creative methods. From a simple EXE or ZIP file, to prepared PDF’s, to office documents and scripts, almost every file type can be used. The distribution channels are in no less diverse. From direct shipping via email, via a download link, to the prepared USB stick, the attacker has all the doors open. However, files do not just play a role in the transport of malicious code, but also in its subsequent execution. A malware does not usually operate on a single file, but automatically generates additional ones, often randomly and sometimes even in encrypted form.
To protect against malware, it is therefore essential to monitor all file operations. The File Security of the United Endpoint Protector does this work for you. All attempts to read or write a file are checked in real time, even before such an attempt occurs. It is crucial that this check reliably determines whether it is a good or bad file. For this, the United Endpoint Protector offers you the possibility to use different anti-malware vendors, technologies and approaches with a single click. You do not have to rely on one single vendor, but can use several providers at the same time. This will give you a wide range of feedback, with multiple assessments from independent vendors and the benefit of different protection potentials at each check.
In addition to the safety aspect, the speed at which checks are carried out is crucial. If scanning a file access takes too much time, it has a negative impact on the user. For example, launching a program might take a few minutes longer than usual. To avoid such issues, it is important that you choose the right vendors and technologies for this purpose. Contrary to widespread misconceptions, good performance does not depend on CPU or memory consumption, but on data throughput. It describes how long it takes a technology to complete a check and how long the file access is delayed.
The United Endpoint Protector will help you with this decision, too. The File Security shows you the entire flow of data in the user interface so you can understand in detail what is happening. In addition, you can view the scan times for each individual access and technology, along with the average times per vendor. With this data, you can quickly make a decision on which vendor you want to use in this feature and perform performance optimization with a few mouse clicks. Of course, you can also exclude certain file accesses from the check. To avoid unwanted security gaps, process and file exclusions are available, but you also have the option to use a combination of both. This allows you to specify access exactly; for example, a file should not be checked when a particular program accesses a particular folder.
The File Security is an important tool for you to detect and prevent all file operations that malware might make. The agile use of vendors and technologies enables you to assess “good or evil” as reliably as possible while maintaining optimal performance for that process.