Syvir AntiPDoS

Vector Phases

A vector phase checks several key system operands.

One Minute Vector Phases.
When an attack vector or pseudo attack vector is created a process alert is created.
The process alerts scan for running processes that have been running for > 10 seconds. Clearly some normal Windows operations will exceed that time such as antivirus scans chrome edge etc.
It’s important to see in the process scan what unusual svhost or exe is running that you’re not familiar with and investigate further.
The LLA vector phase will automatically generate a process scan and possibly a hardware scan.
The cloud service will update when a hardware sensor is set to WARNING or DOWN.
These could be false positives where hardware has naturally broken down…

Five Minute Vector Phases.
After 5 minutes a variety of algorithms are processed to determine if an attack vector or pseudo attack vector is in process.
If either attack type is determined a hardware scan takes place of hardware components.
The cloud service will update when a hardware sensor is set to WARNING or DOWN.
These could be false positives where hardware has naturally broken down…

Phlashing
On start up the endpoint is checked for BIOS and Hard Drive details that may have changed.
If a firmware update has been installed the BIOS details will change.
If Hard Drive firmware has changed and a virus is installed malicious encryption of the main drive may occur.
The Vector Sensor Disk Time will become more active and trigger more alerts...

Next