Signatures Detection Engine YARA Rules

A signature-based detection engine based on YARA rules to identify malware as soon as it is deposited on disk or loaded in memory, even if obfuscated.

The YARA rules-based Signatures Engine identifies malicious files: scripts, programs, or other binaries.

Processes can be detected at startup and while running.

The Signatures Engine evaluates:

  • File content
  • Injected threads
  • Process memory