4.4.1.1
Features
Improved analytical processing for parent-child relationships, when the parent process quickly dies before Cyber Crucible completes processing (milliseconds).
The extremely common scenario here is that attackers (and legitimate programs) will often open up multiple programs, sometimes in a muli-step “daisy-chain”. This may be on purpose, or due to Windows or other application behavior “under the hood”.
Cyber Crucible behavioral models leverage activity & state variables for all processes in a chain of executions to achieve maximum accuracy and context.
Fixes
Cyber Crucible had a loss in behavioral model decision making accuracy, due to the loss of telemetry when multiple programs each call each other, but one of the programs died in milliseconds.
In a chain where Program A executes Program B. Program B starts Program C, but Program B dies within milliseconds (usually a silent crash, but not always). Cyber Crucible behavioral analysis has Program A and Program C variables, but did not have time to completely analyze program B, since it expected it to be running.
This has been correcting, resulting in more accurate decision making by the Cyber Crucible hyper-automated decision making engine.
WHCP/WHQL Validation Status
Validated.
MD5 Hashes
service.exe = db76d0abc8f4bc4b2a093435bc314bde
assistant.exe = a5bac35d839d7a57fcccfceb011083c1
CCRRSecMon.sys (Windows10) = 935e43368fa95ae740a3f04defcc390d
CCRRSecMon.sys (Windows8) = ee555ad0f282f36dd11deada8d1ca9c7
CCRRSecMon.sys (Windows7) = a6a5073c6565361b443651ef29e49490