ENTIRE REMOVAL OF MALWARE
As well as detection, the clean-up of malware can be performed with the use of joint forces. You can thus ensure that the threat is fully removed. To avoid false alarms in this process, you can set the actions to be executed according to the number of vendors that have recognized a threat.
The challenge of cyber threats like malware is in both discovery and removal. Current malware variants are not just simple files, but can contain a variety of files, Registry keys, Windows services, and processes. This makes a clean-up process as complex as the detection itself.
Whether the cleansing of a threat is successful depends first and foremost on the level of knowledge about the threat. Is the full extent of the malware, with all its components, known or just the individual symptoms? For example, if a single file on the hard disk is detected as malicious and deleted, it could appear again repeatedly if the associated malicious Windows service, responsible for rebuilding the file, is overlooked. Also, deletion of a malicious file may be denied if a related malicious process keeps the file in access.This is known as a “partial removal”.
Since the successful clean-up of malware is highly dependent on the knowledge of a threat, the United Endpoint Protector relies on unified forces. Independent security vendors can have different levels of knowledge on the same threat. While the first vendor only recognizes the single file on the hard disk, the second vendor gets his chance when the file reappears, and this one may know about the malicious Windows service or the malicious process. Combining multiple independent scores to clean up a threat dramatically increases the likelihood of a complete cleanup.
Cleaning up a threat, however, is not all about entire removal. False alarms (false-positives) are an unwelcome side effect. In these cases, the mistake occurs in detecting the threat. If a legitimate file is mistakenly considered as a threat and a cleanup is consequently processed, this can have devastating effects. These range from data loss to a complete system crash. No provider is immune from such incidents, which can, unfortunately, happen repeatedly.
The United Endpoint Protector offers you the chance to eliminate the threat posed by false positives in malware detection. The United Endpoint Protector allows you to define the actions to be taken on a malware finding dependent on the number of vendors reporting the threat. For example, if only one vendor reports a threat, with two others not seeing a danger, what should happen? Since this could be a possible false positive, it might be advisable to simply alert or block access. On the other hand, what action should be taken if two vendors report something dangerous? The likelihood that two independent vendors will produce a false alarm at the same time on the same file is low. Nevertheless, you may prefer to be on the safe side and just have the potential threat moved to quarantine. If a threat is reported by three independent providers, then the case is likely to be clear and automatic disinfection or deletion may take place. The configuration options are completely in your hands and can be freely defined according to your wishes and areas of application.
The United Endpoint Protector offers you many benefits in the removal of malware. Use multiple independent vendors with different levels of knowledge to ensure entire threat removal. And whilst you can rest assured that threat removal is sufficiently taken care of, you can – at the same time – protect yourself from the devastating consequences that can result from false alarms by individual vendors.