Memory Scanning is a live process image dump feature that implements a function to trigger scanning when malwares have cross-line behaviors after they have been unpacked.
Some malwares use customized packers that can trick file-based scan engines (VSAPI) into bypassing them. Conventional detection is based on virus signature. Thus, virus patterns are constructed into the virus binary machine code. Hackers can reconstruct the virus machine code using packing tools, and as a result, conventional detection rate deteriorates. Triggering a Memory Scan helps avoid this issue.
This option is disabled by default in WFBS 9.0.
To enable Memory Scanning:
- Log in to the WFBS Security Server console.
- Go to Security Settings.
- Choose either Server (defaults) or Desktop (defaults).
- Click Configure Settings.
- On the left pane, select Antivirus/Anti-spyware.
- Under Advanced Settings, tick the Quarantine malware variants detected in memory checkbox.
Click image to enlarge.
- Click Save.
For the Memory Scanning function to work properly, Real-time Scan and Behavior Monitoring must both be enabled.