Features

• Improved analytical processing for parent-child relationships, when the parent process quickly dies before Cyber Crucible completes processing (milliseconds).

  • The extremely common scenario here is that attackers (and legitimate programs) will often open up multiple programs, sometimes in a muli-step “daisy-chain”. This may be on purpose, or due to Windows or other application behavior “under the hood”.

  • Cyber Crucible behavioral models leverage activity & state variables for all processes in a chain of executions to achieve maximum accuracy and context.

Fixes

• Cyber Crucible had a loss in behavioral model decision making accuracy, due to the loss of telemetry when multiple programs each call each other, but one of the programs died in milliseconds.

  • In a chain where Program A executes Program B. Program B starts Program C, but Program B dies within milliseconds (usually a silent crash, but not always). Cyber Crucible behavioral analysis has Program A and Program C variables, but did not have time to completely analyze program B, since it expected it to be running.

  • This has been correcting, resulting in more accurate decision making by the Cyber Crucible hyper-automated decision making engine.

WHCP/WHQL Validation Status

Validated.

MD5 Hashes