• Improved analytical processing for parent-child relationships, when the parent process quickly dies before Cyber Crucible completes processing (milliseconds).

    • The extremely common scenario here is that attackers (and legitimate programs) will often open up multiple programs, sometimes in a muli-step “daisy-chain”. This may be on purpose, or due to Windows or other application behavior “under the hood”.

    • Cyber Crucible behavioral models leverage activity & state variables for all processes in a chain of executions to achieve maximum accuracy and context.


  • Cyber Crucible had a loss in behavioral model decision making accuracy, due to the loss of telemetry when multiple programs each call each other, but one of the programs died in milliseconds.

    • In a chain where Program A executes Program B. Program B starts Program C, but Program B dies within milliseconds (usually a silent crash, but not always). Cyber Crucible behavioral analysis has Program A and Program C variables, but did not have time to completely analyze program B, since it expected it to be running.

    • This has been correcting, resulting in more accurate decision making by the Cyber Crucible hyper-automated decision making engine.

WHCP/WHQL Validation Status


MD5 Hashes

service.exe = db76d0abc8f4bc4b2a093435bc314bde assistant.exe = a5bac35d839d7a57fcccfceb011083c1 CCRRSecMon.sys (Windows10) = 935e43368fa95ae740a3f04defcc390d CCRRSecMon.sys (Windows8) = ee555ad0f282f36dd11deada8d1ca9c7 CCRRSecMon.sys (Windows7) = a6a5073c6565361b443651ef29e49490