Permanent denial of service
Menu

Syvir AntiPDoS

Vector Phase Sensors


A vector phase checks several key system operands.

Low Level Access (LLA)
Low Level Access (LLA) monitors Kernel usage in particular hardware I/O. A Permanent Denial of Service attack will invariably create a lot of LLA kernel use. The key metrics for this Vector Phase will see elevated values when either an Attack Vector or Pseudo Attack Vector.
In normal PC operation PAVs will be normal, a higher number of these will be generated during the operation of Windows PC.
However, AV scans will be generated when a PDoS attack on the underlying components of the endpoint is in process.
In practice when a PDoS attack is in progress the first confirmation of such an attack will be when degraded components start to create alarms.
At this point substantive examination of system processes is required.

High Level Access (HLA)
High Level Access (HLA) monitors software usage. If this reading is high, you may attribute other readings as false positives generated by normal system use.

Disk Time (DT)
Disk Time (DT) Monitors the % use of the main drive of the endpoint. If this Vector Phase detects higher than average use of the drive it will automatically generate a process scan and possibly a hardware scan. The cloud service will update when a hardware sensor is set to WARNING or DOWN.
These could be false positives where hardware has naturally broken down…
This may offer some degree of a notification when a virus is trying to encrypt a hard drive.
The LLA and DT vector phases act every minute and can trigger a Process scan.
Often hardware issues will manifest over a short period of time.
Typically, hardware scans are triggered by 5-minute vector phases, these are a combination of 1 minute vector phases.

Interrupts
High % Interrupt time can indicate a problem with a faulty driver or failing device.
The Interrupts vector phase will automatically generate a process scan and possibly a hardware scan. The cloud service will update when a hardware sensor is set to WARNING or DOWN.
False positives can be from too many processes running in the background, or keyboard and network card use.

Next

AntiPDoS