How do we detect malware ?
Malware detections in our products are based on many different technologies and approaches. They also depend on whether the item is being analysed in memory or on disk.
We use both rules-driven technologies (our research lab writing rules for malware), heuristics-driven engines (engine code will define if a file is malicious based on its artifacts and metadatas) and cloud signatures.
Despite all our efforts, we can not catch 100% malware (no one can, if they claim it they’re lying) but last year’s MalPE-AI (artificial intelligence) deployment significantly changed the game our way. This is our latest and most advanced engine for catching malware with very good accuracy and few false positives.
How do we determine if a program is a PUP (Potentially Unwanted Program) ?
Let’s say it now: PUPs are SAFE. They don’t execute malicious actions, they do not intend to harm the user or its data. In our software, you may see some detections labeled as “PUP.SomeProgramName”. If you see this, the program has been targeted as PUP.
So why are we detecting them ? Because they are annoying, and may have a bad performance impact on your machine. Very often, those programs were installed by affiliation/partnership with other software.
How do we determine if a program is a PUP ? Here’s a list of example (non-exhaustive):
- Agressive marketing with misleading captions (registry cleaners, etc…)
- Affiliation, bundling (installed as “optional offer” from another program’s installer)
- Deep modification of the system having performance impact (toolbars in the browser)
- Hard to uninstall, or making it difficult for the user
- Various behaviors degrading user experience (showing ads, cryptocurrency mining, …)
If you think your program is targeted by error, please contact our support.