4.4.1.1

Features

  • Improved analytical processing for parent-child relationships, when the parent process quickly dies before Cyber Crucible completes processing (milliseconds).

    • The extremely common scenario here is that attackers (and legitimate programs) will often open up multiple programs, sometimes in a muli-step “daisy-chain”. This may be on purpose, or due to Windows or other application behavior “under the hood”.

    • Cyber Crucible behavioral models leverage activity & state variables for all processes in a chain of executions to achieve maximum accuracy and context.

Fixes

  • Cyber Crucible had a loss in behavioral model decision making accuracy, due to the loss of telemetry when multiple programs each call each other, but one of the programs died in milliseconds.

    • In a chain where Program A executes Program B. Program B starts Program C, but Program B dies within milliseconds (usually a silent crash, but not always). Cyber Crucible behavioral analysis has Program A and Program C variables, but did not have time to completely analyze program B, since it expected it to be running.

    • This has been correcting, resulting in more accurate decision making by the Cyber Crucible hyper-automated decision making engine.

WHCP/WHQL Validation Status

Validated.