FinalAV Security Reviews — Discover what people think of this product.

How existing anti‐virus software works and how is FinalAV Security different?

New malware is usually detected as a result of successful infection of some devices. This problem makes the effort of creating a new piece of malware worth the efforts to hackers, as they will still manage to infect a large enough number of systems and therefore achieve their malicious goals. This is particularly problematic with ransomware. Further, with virus polymorphism hackers took this to another level and signature-based defences are effectively worthless.

Most current endpoint security solutions address this limitation using behaviour analytics, including AI, but these suffer from both false positives and negatives. False positives require exceptions and false negatives are a major weakness, especially as hackers can test their malware before releasing.

FAV differs by taking a novel approach:

(1) It enforces authentication for software with functionality that is “necessary” for malware to be effective (e.g., replication/persistency, host attachment, data extraction, encryption, polymorphism), which is a much easier requirement than attempting to identify malicious behaviour;

(2) Otherwise, non‐authenticated software runs under a very fine‐grained, real‐time sandbox (at kernel API level) allowing software to run unmodified;

(3) It thus shifts the burden of getting non‐malicious software cleared by the security system to the software developers instead of the user and/or the security companies; and

(4) It ensures the chain of execution, including dynamically loaded modules, are all authorised before giving full rights (i.e. no weak link policy).

Please see more details in our 'Technical blog: the FinalAV Security framework' at https://finalavsecurity.com/technical-blog-finalav-security-framework/.